Current Activity - Firefox 3.5 and 3.6 Vulnerability

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Firefox 3.5 and 3.6 Vulnerability

Original release date: October 27, 2010 at 9:06 am
Last revised: October 27, 2010 at 9:06 am


Mozilla has released a blog entry indicating that it is aware of a
critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This
vulnerability may allow an attacker to execute arbitrary code. The
blog entry indicates that active exploitation of this vulnerability
has been detected.

US-CERT encourages users and administrators to review the Mozilla blog
entry. Users should consider disabling JavaScript and using the
NoScript Add-on as workarounds until a fix is released by the vendor.
Additional information regarding disabling JavaScript and using
NoScript can be found in the Securing Your Web Browser (PDF) document.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.us-cert.gov/reading_room/securing_browser/browser_security.pdf>

<http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/>

<http://support.mozilla.com/en-US/kb/JavaScript#Enabling_and_disabling_JavaScript>

====
This entry is available at
http://www.us-cert.gov/current/index.html#firefox_3_5_and_3

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTMgpOT6pPKYJORa3AQLX3Af/YFB/vQegzju1eygcRKlg4hR+JNMjYT93
9UH/m/xexkImw98NUm7xLs/xPEsZkHO0aZB5WARUPE0c7bi1D8NzwELc4dYYLI8y
rHL5zpj9WsNGIZ7Hhgu7JknyHw6FRXnn77uCF7r6h6v4VLfwEKp1D0PTIkumjbvk
9zQoHaZKeYmVvv3Jz14UU3Yg1sqP9ruoRaRbkeoeN4h+f/6qEKtrbApqBGQKUqRX
DJZEmIkifrpxWeg/WAr0uEELSCdY4irt27zIQcsfUnkpGF9PqMMdRJogaXKDm2Rz
HXK4Fs1aLg7ryjgFxl2Wd9cWMC4a3Ok1LL+HIsuxjZeP0mVWFgXRWQ==
=7VLA
-----END PGP SIGNATURE-----