Six Security Vulnerabilities Disclosed By Mozilla
According to the news in Secure computing on June 1, 2007, Mozilla has come up with six security-advising bodies on Wednesday (May 30, 2007), which has detected flaws in its Sea monkey, Thunderbirds, and Fire fox programs.
The most important part of this flaw in Firefox, SeaMonkey, and Thunderbirds is that, if exploited, it can result in to crashes.
Some mistakes have been detected in Mozilla Firefox, and they can be used by hackers to surpass security norms, hold spoofing task, and exploit a system. According to an advisory, the investigators of Mozilla have supposed the flaw to allow an arbitrary code.
Since the flaws affect the previous versions, the programs have released new versions like Firefox 220.127.116.11 and 18.104.22.168 and SeaMonkey 1.1.2 and 1.0.9, and Thunderbird 22.214.171.124 and 126.96.36.199. The users of Mozilla should update these versions frequently as the hackers can easily insert deadly codes in previous versions.
Mozilla also cautioned against a highly effective cross-site scripting bug in Fire fox, which can be used for infecting sites with harmful codes. Further, it was suggested to the users not to use Java Script till a fresh version is downloaded.
A Calif-based organization, The Mountain View, fixes low effective vulnerabilities in XUL popup spoofing, cookie handling and form auto complete with moderate security vulnerability in SeaMonkey, and Thunderbird APOP Authentication.
Director of Qualys' vulnerability research lab, Amol Sarwate, said to SCmagazine that Mozilla has done a great job in categorizing the flaws' risk.
According to the news published in Secure computing on June 1, 2007, Sarwate acknowledges the great job of Mozilla in ranking the vulnerabilities. The first flaw (a memory corruption flaw) is important due to which many websites gets deadly codes on it.
In an advisory released on Wednesday, FrSIRT categorized the first six mistakes as the most important. On the other hand, Secunia cites four mistakes and ranked them as "most important", in an advisory released today (May 31, 2007).
Third parties, such as Yahoo, Google, Face book provides an extension have been informed about the bug but still have not been provide with a patch.
Related article: SEC Imposes Trading Ban on 35 Companies
» SPAMfighter News - 12-06-2007