CERT mailing list archives
Current Activity - Firefox 3.5 and 3.6 Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Thu, 28 Oct 2010 09:17:23 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Firefox 3.5 and 3.6 Vulnerability Original release date: October 27, 2010 at 9:06 am Last revised: October 28, 2010 at 8:24 am Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected. Update: The Mozilla Foundation has released Firefox 3.6.12 and 3.5.15 to address this vulnerability. Additionally, this vulnerability has been addressed in Thunderbird 3.1.6 and 3.0.10. US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. Users should consider disabling JavaScript and using the NoScript Add-on as described in the Securing Your Web Browser (PDF) document as best-practice security measures to help protect against future vulnerabilities. Relevant Url(s): <http://www.us-cert.gov/reading_room/securing_browser/browser_security.pdf> <http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/> <http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/> <http://www.mozilla.com/en-US/firefox/3.5.15/releasenotes/> <http://support.mozilla.com/en-US/kb/JavaScript#Enabling_and_disabling_JavaScript> ==== This entry is available at http://www.us-cert.gov/current/index.html#firefox_3_5_and_3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTMl31T6pPKYJORa3AQLR+wf/dqFASBChRv8ZWTHMm8yafjtc4ttK2Kd/ hO6zPswjDmFCoPe9Z8ngnq1+HJQKDszO/DgB+oMXjEB23rWXC8A2KRXxfAJcNFHB KbkMkvIkL1oKBi6tbImB49lajdjqDlq9xVUYhGlDeiqjrAL7LXCCG3gxnoBhS+Om fsTslr889tuuT2OD9ugGHh4Bs1esuJVnYZciKstYjVwcUmf7LcnC3ddH4goRTobw 8hv+uGWgHc0l5ZvpLeIiZpu4PMndpMA0+86MBRUSmrnIvSI14QEIRqGPL4SRfjnn 4rdbNXPoXvGDgOBMHs2osHQOhQUhcQpuV9WNdijnFzNr0ApGK2RCFw== =+33t -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Firefox 3.5 and 3.6 Vulnerability Current Activity (Oct 27)
- <Possible follow-ups>
- Current Activity - Firefox 3.5 and 3.6 Vulnerability Current Activity (Oct 28)