Critical Mozilla, Thunderbird Vulnerabilities

An antivirus and computer security company Secunia has issued an advisory about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system.

Software affected

Mozilla 0.x Mozilla 1.0 Mozilla 1.1 Mozilla 1.2 Mozilla 1.3 Mozilla 1.4 Mozilla 1.5 Mozilla 1.6 Mozilla 1.7.x Mozilla Firefox 0.x Mozilla Thunderbird 0.x

Impact

Cross Site Scripting Manipulation of data Exposure of sensitive information System access

Secunia reports that vulnerabilities found in Mozilla products (excluding the most recent Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8) are "highly critical" and a remote attack, if successful, can lead to a complete take-over of a targeted computer.

The company listed seven security holes that range from various boundary errors that can be exploited to cause heap-based buffer overflows when a specially crafted e-mail is forwarded or opened to exploitation of insufficient restrictions on script generated effects on text field so that an attacker can read and write content from and to the clipboard.

You can find the complete list of vulnerabilities at Secunia's web site

See also:

Bropia.A to Target IM Networks

AMD Unleashes Athlon 64 FX-55 Processor

Network Appliance Issues Internet Security Advisory for Customers Facing Spyware Threats

Permalink: Critical Mozilla, Thunderbird Vulnerabilities