CERT mailing list archives

Current Activity - Firefox 3.5 and 3.6 Vulnerability

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 28 Oct 2010 09:17:23 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Firefox 3.5 and 3.6 Vulnerability

Original release date: October 27, 2010 at 9:06 am
Last revised: October 28, 2010 at 8:24 am


Mozilla has released a blog entry indicating that it is aware of a
critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This
vulnerability may allow an attacker to execute arbitrary code. The
blog entry indicates that active exploitation of this vulnerability
has been detected.

Update: The Mozilla Foundation has released Firefox 3.6.12 and 3.5.15
to address this vulnerability. Additionally, this vulnerability has
been addressed in Thunderbird 3.1.6 and 3.0.10.

US-CERT encourages users and administrators to apply any necessary
updates to help mitigate the risks. Users should consider disabling
JavaScript and using the NoScript Add-on as described in the Securing
Your Web Browser (PDF) document as best-practice security measures to
help protect against future vulnerabilities.

Relevant Url(s):
<http://www.us-cert.gov/reading_room/securing_browser/browser_security.pdf>

<http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/>

<http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/>

<http://www.mozilla.com/en-US/firefox/3.5.15/releasenotes/>

<http://support.mozilla.com/en-US/kb/JavaScript#Enabling_and_disabling_JavaScript>

====
This entry is available at
http://www.us-cert.gov/current/index.html#firefox_3_5_and_3

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTMl31T6pPKYJORa3AQLR+wf/dqFASBChRv8ZWTHMm8yafjtc4ttK2Kd/
hO6zPswjDmFCoPe9Z8ngnq1+HJQKDszO/DgB+oMXjEB23rWXC8A2KRXxfAJcNFHB
KbkMkvIkL1oKBi6tbImB49lajdjqDlq9xVUYhGlDeiqjrAL7LXCCG3gxnoBhS+Om
fsTslr889tuuT2OD9ugGHh4Bs1esuJVnYZciKstYjVwcUmf7LcnC3ddH4goRTobw
8hv+uGWgHc0l5ZvpLeIiZpu4PMndpMA0+86MBRUSmrnIvSI14QEIRqGPL4SRfjnn
4rdbNXPoXvGDgOBMHs2osHQOhQUhcQpuV9WNdijnFzNr0ApGK2RCFw==
=+33t
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Firefox 3.5 and 3.6 Vulnerability Current Activity (Oct 27)
- <Possible follow-ups>
- Current Activity - Firefox 3.5 and 3.6 Vulnerability Current Activity (Oct 28)