Six Security Vulnerabilities Disclosed By Mozilla

According to the news in Secure computing on June 1, 2007, Mozilla has come up with six security-advising bodies on Wednesday (May 30, 2007), which has detected flaws in its Sea monkey, Thunderbirds, and Fire fox programs.

The most important part of this flaw in Firefox, SeaMonkey, and Thunderbirds is that, if exploited, it can result in to crashes.

Some mistakes have been detected in Mozilla Firefox, and they can be used by hackers to surpass security norms, hold spoofing task, and exploit a system. According to an advisory, the investigators of Mozilla have supposed the flaw to allow an arbitrary code.

According to the news published by Itweek on May 31, 2007, Mozilla said that since Thunderbird is sharing the browser engine with Firefox, it can be more dangerous if JavaScript will work through mail.

Since the flaws affect the previous versions, the programs have released new versions like Firefox 2.0.0.4 and 1.5.0.12 and SeaMonkey 1.1.2 and 1.0.9, and Thunderbird 2.0.0.4 and 1.5.0.12. The users of Mozilla should update these versions frequently as the hackers can easily insert deadly codes in previous versions.

Mozilla also cautioned against a highly effective cross-site scripting bug in Fire fox, which can be used for infecting sites with harmful codes. Further, it was suggested to the users not to use Java Script till a fresh version is downloaded.

A Calif-based organization, The Mountain View, fixes low effective vulnerabilities in XUL popup spoofing, cookie handling and form auto complete with moderate security vulnerability in SeaMonkey, and Thunderbird APOP Authentication.

Director of Qualys' vulnerability research lab, Amol Sarwate, said to SCmagazine that Mozilla has done a great job in categorizing the flaws' risk.

According to the news published in Secure computing on June 1, 2007, Sarwate acknowledges the great job of Mozilla in ranking the vulnerabilities. The first flaw (a memory corruption flaw) is important due to which many websites gets deadly codes on it.

In an advisory released on Wednesday, FrSIRT categorized the first six mistakes as the most important. On the other hand, Secunia cites four mistakes and ranked them as "most important", in an advisory released today (May 31, 2007).

Third parties, such as Yahoo, Google, Face book provides an extension have been informed about the bug but still have not been provide with a patch.

Related article: SEC Imposes Trading Ban on 35 Companies

» SPAMfighter News - 6/12/2007