copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AU-2009.0001 -- AusCERT Update - [Win] - Update to F...
 

AU-2009.0001 -- AusCERT Update - [Win] - Update to Firefox 2.x vulnerability on Windows
Date: 06 January 2009
References: AL-2008.0129  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2009.0001 - [Win]
Update to Firefox 2.x vulnerability on Windows
6 January 2009        

        AusCERT Update Summary
        ----------------------

Product:              Firefox 2.0.0.19
Operating System:     Windows
Impact:               Access Confidential Data
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-5507
Member content until: Tuesday, January 06 2009

Ref:                  AL-2008.0129

Mozilla have updated MFSA2008-65 for Firefox 2.x for Windows as the original 
fixed version (2.0.0.19) shipped without the fix for the specified 
vulnerability.

Version 2.0.0.20 was released to correct this. [1]

Please note the vendor has stated, "Firefox 2.0.0.x will be maintained with 
security and stability updates until mid-December, 2008. All users are 
strongly encouraged to upgrade to Firefox 3." [2]

[1] Mozilla Foundation Security Advisory 2008-65
    http://www.mozilla.org/security/announce/2008/mfsa2008-65.html

[2] Download Firefox 2
    http://www.mozilla.com/en-US/firefox/all-older.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSWK4jih9+71yA2DNAQIhswP/W48unMAKpjuVu/i3chtZqzVhanBMy9HP
EWHsuKhhL7k4RG8UHKN9wnLanOUEN4CEm3F5BSgEIg/FY6cSctZu5CPHqqDBdtqw
TzZGDVAaJ0SfDqQ2nfekD83BDQDi2/J0t/oZ2ms0imi+ztQhftaZNhCfHfcpoDaW
RxkyPedYuA8=
=FQwO
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=21&it=10295