Dr. Strangelove
11-10-2006, 05:45 PM
From today's SANS NewsBites Vol. 8 Num. 89
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Mozilla Updates Fix Holes in Firefox, Thunderbird and SeaMonkey
(9 & 7 November 2006)
Mozilla has released updates to address security flaws in Firefox,
Thunderbird and SeaMonkey. The flaws could be exploited to circumvent
security restrictions, launch cross-site scripting attacks and
compromise unpatched systems. Mozilla says it will support Firefox 1.5
through April 2007. The updated versions are Firefox 1.5.0.8,
Thunderbird 1.5.0.8 and SeaMonkey 1.0.6. The flaws do not affect
Mozilla's newly released Firefox 2.0.
http://news.com.com/2102-1002_3-6133821.html?tag=st.util.print
http://www.theregister.co.uk/2006/11/09/firefox_seamonkey_update/print.html
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://www.mozilla.org/security/announce/2006/mfsa2006-67.html
[Editor's Note (Pescatore): Extending vulnerability management out to
open source software products is a weak spot for many enterprises.
Knowing where you have these products in use is the first step, making
sure they are configured correctly and are patched can only happen after
you know that. I've seen a lot of enterprises using open source
discovery tools to deal with potential licensing issues - the vendors
need to extend those products to provide configuration compliance and
vulnerability assessment.
Doc
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Mozilla Updates Fix Holes in Firefox, Thunderbird and SeaMonkey
(9 & 7 November 2006)
Mozilla has released updates to address security flaws in Firefox,
Thunderbird and SeaMonkey. The flaws could be exploited to circumvent
security restrictions, launch cross-site scripting attacks and
compromise unpatched systems. Mozilla says it will support Firefox 1.5
through April 2007. The updated versions are Firefox 1.5.0.8,
Thunderbird 1.5.0.8 and SeaMonkey 1.0.6. The flaws do not affect
Mozilla's newly released Firefox 2.0.
http://news.com.com/2102-1002_3-6133821.html?tag=st.util.print
http://www.theregister.co.uk/2006/11/09/firefox_seamonkey_update/print.html
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://www.mozilla.org/security/announce/2006/mfsa2006-67.html
[Editor's Note (Pescatore): Extending vulnerability management out to
open source software products is a weak spot for many enterprises.
Knowing where you have these products in use is the first step, making
sure they are configured correctly and are patched can only happen after
you know that. I've seen a lot of enterprises using open source
discovery tools to deal with potential licensing issues - the vendors
need to extend those products to provide configuration compliance and
vulnerability assessment.
Doc