DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
For more information: SA33184
The vulnerabilities are reported in version 2.0.0.18 and prior.
SOLUTION: Fixed in an upcoming 2.0.0.19 version.
The vendor recommends disabling JavaScript until a fixed version is available.
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
I want you to know, I read every word of this post, plus the two others ones, and meditated on the meaning of each word. I will try to take the lessons I've learned into my daily life.
If you run Mozilla Firefox 2 or 3, or Thunderbird, you need to update your software to the newest version due to current exploits that are "in the wild".
Originally posted by Guru ZimSo you are saying I should summarize?
If you run Mozilla Firefox 2 or 3, or Thunderbird, you need to update your software to the newest version due to current exploits that are "in the wild".
No, not even summarize. Just knowing who you're talking to. If the people who are reading this thread are the type of people who normally read Secuina Advisories, they're surely aware of the problem. Everyone else probably hit mark all posts read and moved on with their lives, unless they just had to make a sarcastic remark. You didn't help out as much as you wanted to with that one.
What might have worked better...
There are new vulnerabilities to Firefox version 2 & Firefox version 3, as well as Thunderbird. If you're using this software, you should [choose: make sure you install the next update/turn of feature X until the next update arrives/stop using this software entirely until the next update, the danger is that high]. You can find more information on the issue here here and here.
Firefox/Mozilla vulnerabilities don't seem to me as big of a deal, because you really have to work hard for the programs NOT to update automatically. If you don't tell to update right away, it'll do it the next time you start the program. It's way too easy to turn off Automatic Updates, especially after the first time they want you to drop what you're doing and reboot your computer immediately.
(o m g I'm backseat posting now, I need off the internet)
Yup, I got one of those today, and a paypal one yesterday, and both an Omega Bank one and some other bank. Of course, thousands of people get them a day, so there's gotta be one or two people that actually believe them. EDIT: