CERT mailing list archives
Current Activity - Firefox 3.5 and 3.6 Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Wed, 27 Oct 2010 09:29:46 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Firefox 3.5 and 3.6 Vulnerability Original release date: October 27, 2010 at 9:06 am Last revised: October 27, 2010 at 9:06 am Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected. US-CERT encourages users and administrators to review the Mozilla blog entry. Users should consider disabling JavaScript and using the NoScript Add-on as workarounds until a fix is released by the vendor. Additional information regarding disabling JavaScript and using NoScript can be found in the Securing Your Web Browser (PDF) document. US-CERT will provide additional information as it becomes available. Relevant Url(s): <http://www.us-cert.gov/reading_room/securing_browser/browser_security.pdf> <http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/> <http://support.mozilla.com/en-US/kb/JavaScript#Enabling_and_disabling_JavaScript> ==== This entry is available at http://www.us-cert.gov/current/index.html#firefox_3_5_and_3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTMgpOT6pPKYJORa3AQLX3Af/YFB/vQegzju1eygcRKlg4hR+JNMjYT93 9UH/m/xexkImw98NUm7xLs/xPEsZkHO0aZB5WARUPE0c7bi1D8NzwELc4dYYLI8y rHL5zpj9WsNGIZ7Hhgu7JknyHw6FRXnn77uCF7r6h6v4VLfwEKp1D0PTIkumjbvk 9zQoHaZKeYmVvv3Jz14UU3Yg1sqP9ruoRaRbkeoeN4h+f/6qEKtrbApqBGQKUqRX DJZEmIkifrpxWeg/WAr0uEELSCdY4irt27zIQcsfUnkpGF9PqMMdRJogaXKDm2Rz HXK4Fs1aLg7ryjgFxl2Wd9cWMC4a3Ok1LL+HIsuxjZeP0mVWFgXRWQ== =7VLA -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Firefox 3.5 and 3.6 Vulnerability Current Activity (Oct 27)
- <Possible follow-ups>
- Current Activity - Firefox 3.5 and 3.6 Vulnerability Current Activity (Oct 28)