Date: 25 September 2008
References: AL-2008.0099 ESB-2009.0343
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Update AU-2008.0019 - [Win][UNIX/Linux]
Additional Mozilla advisories and Thunderbird release information
25 September 2008
AusCERT Update Summary
----------------------
Product: Firefox 3.0.1
Firefox 2.0.0.16
Thunderbird 2.0.0.16
SeaMonkey 1.1.11
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Cross-site Scripting
Provide Misleading Information
Access Privileged Data
Access: Remote/Unauthenticated
CVE Names: CVE-2008-0016 CVE-2008-3835 CVE-2008-3836
CVE-2008-3837 CVE-2008-4058 CVE-2008-4059
CVE-2008-4060 CVE-2008-4061 CVE-2008-4062
CVE-2008-4063 CVE-2008-4064 CVE-2008-4065
CVE-2008-4066 CVE-2008-4067 CVE-2008-4068
CVE-2008-4069
Member content until: Thursday, September 25 2008
Ref: AL-2008.0099
The AusCERT Alert AL-2008.0099 relating to Firefox, Thunderbird and
SeaMonkey vulnerabilities contained some omissions and errors.
Mozilla released a total of 9 advisories relating to Firefox, Thunderbird
and SeaMonkey which describe a total of 16 vulnerabilities. Mozilla has
rated 4 of these advisories as "Critical", 1 as "High" 2 as "Moderate" and
2 as "Low" Impact.
There is not yet an updated release of Thunderbird 2.0.0.17. Mozilla has
recommended ensuring that JavaScript is not rendered by Thunderbird. By
default, JavaScript is not enabled in Thunderbird.
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSNsJzyh9+71yA2DNAQIjngP/Zsx4IyBP+LcvvuxStnryChNsPIQDaVCo
iUNbScI3qZ3xWvlitkhQrK7KlIYCN+4R+a6Xx3VHiMU4KeEYtX4qoL0zwrf82Yis
CyC8Q8ztgK8xuMLOjFYQ9C1urqHBeJBioFMTS3+qn8lxlgFAZF+bAJDZprYTHUEb
igbtcEe4gZI=
=6XfM
-----END PGP SIGNATURE-----
|