The W
Views: 101457083
Main | FAQ | Search: Y! / G | Calendar | Color chart | Log in for more!
19.12.14 2231
The W - Internet & Computers - Mozilla Thunderbird vulnerabilities
This thread has 2 referrals leading to it
Register and log in to post!
Thread rated: 7.75
Pages: 1
(266 newer) Next thread | Previous thread
User
Post (5 total)
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 8 hours
Last activity: 7 hours
AIM:  
ICQ:  
Y!:
#1 Posted on | Instant Rating: 8.52

TITLE:
Mozilla Thunderbird Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA33205

VERIFY ADVISORY:
http://secunia.com/advisories/33205/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access

WHERE:
From remote

SOFTWARE:
Mozilla Thunderbird 2.x
http://secunia.com/advisories/product/14070/

DESCRIPTION:
Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.

For more information:
SA33184

The vulnerabilities are reported in version 2.0.0.18 and prior.

SOLUTION:
Fixed in an upcoming 2.0.0.19 version.

The vendor recommends disabling JavaScript until a fixed version is available.

ORIGINAL ADVISORY:
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
http://www.mozilla.org/security/announce/2008/mfsa2008-61.html
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html

OTHER REFERENCES:
SA33184:
http://secunia.com/advisories/33184/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use those supplied by the vendor.






Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Promote this thread!
thecubsfan
Scrapple
Moderator








Since: 10.12.01
From: Aurora, IL

Since last post: 22 hours
Last activity: 1 hour
#2 Posted on | Instant Rating: 10.00
I want you to know, I read every word of this post, plus the two others ones, and meditated on the meaning of each word. I will try to take the lessons I've learned into my daily life.



thecubsfan.com - luchablog
Guru Zim
SQL Dejection
Administrator








Since: 9.12.01
From: Bay City, OR

Since last post: 8 hours
Last activity: 7 hours
AIM:  
ICQ:  
Y!:
#3 Posted on | Instant Rating: 8.52
So you are saying I should summarize?


If you run Mozilla Firefox 2 or 3, or Thunderbird, you need to update your software to the newest version due to current exploits that are "in the wild".




Sign up for Folding@Home and join our team. PM me for details.

Ignorance is bliss for you, hell for me.
Oliver
Scrapple








Since: 20.6.02
From: Kolob

Since last post: 9 days
Last activity: 14 hours
#4 Posted on | Instant Rating: 3.34
Thanks for the updates, Guru - my FF is set to update automatically, but it's good to know the severity of the threats out there.



Unicow, unicow...he's a unicorn cow!
thecubsfan
Scrapple
Moderator








Since: 10.12.01
From: Aurora, IL

Since last post: 22 hours
Last activity: 1 hour
#5 Posted on | Instant Rating: 10.00
    Originally posted by Guru Zim
    So you are saying I should summarize?

    If you run Mozilla Firefox 2 or 3, or Thunderbird, you need to update your software to the newest version due to current exploits that are "in the wild".


No, not even summarize. Just knowing who you're talking to. If the people who are reading this thread are the type of people who normally read Secuina Advisories, they're surely aware of the problem. Everyone else probably hit mark all posts read and moved on with their lives, unless they just had to make a sarcastic remark. You didn't help out as much as you wanted to with that one.

What might have worked better...


    There are new vulnerabilities to Firefox version 2 & Firefox version 3, as well as Thunderbird. If you're using this software, you should [choose: make sure you install the next update/turn of feature X until the next update arrives/stop using this software entirely until the next update, the danger is that high]. You can find more information on the issue here here and here.


Firefox/Mozilla vulnerabilities don't seem to me as big of a deal, because you really have to work hard for the programs NOT to update automatically. If you don't tell to update right away, it'll do it the next time you start the program. It's way too easy to turn off Automatic Updates, especially after the first time they want you to drop what you're doing and reboot your computer immediately.

(o m g I'm backseat posting now, I need off the internet)



thecubsfan.com - luchablog
Thread rated: 7.75
Pages: 1
Thread ahead: Internet problems
Next thread: Blue Screen of Death 2.0
Previous thread: Firefox 2 vulnerabilities
(266 newer) Next thread | Previous thread
The simple explanation is that CHAPLOW is a Time Lord.
The W - Internet & Computers - Mozilla Thunderbird vulnerabilitiesRegister and log in to post!

The W™ message board

ZimBoard
©2001-2014 Brothers Zim

This old hunk of junk rendered your page in 0.068 seconds.