What Is It?

There are several vulnerabilities in the Mozilla Firefox Web browser and related products, including the Thunderbird email program and the Seamonkey Internet suite.

• The most serious of these is a remote code execution vulnerability, which could allow a malicious user to take over your machine.
• Other vulnerabilities allow spoofing (forgery) of digital signatures or can cause a denial of service, in the form of a program crash.

These vulnerabilities also affect products derived from the Mozilla code, including the Gecko rendering engine in the Netscape Web browser.

What Should You Do?

If you use Firefox, Thunderbird, or Seamonkey, please visit the Mozilla products page at http://www.mozilla.org/products/ and get the required updates.

According to the Mozilla Foundation, Firefox version 2.0, the latest version, is unaffected by these vulnerabilities.

Netscape version 8.1 for Windows is, for all practical purposes, the same as Firefox 1.0.7, and should be upgraded to version 8.1.2, which you can download at http://browser.netscape.com/ns8/.

If you use older versions of AOL or CompuServe software, you should consider contacting America Online about an update.

If you use Linux or other specialized products that interact with the Internet or contain a Web browser other than Internet Explorer, you should review the Mozilla Hall of Fame to see whether your product is listed. If so, it may be affected by one or more of the vulnerabilities.

References

• http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html contains information about version 1.5.0.8 of the Firefox Web browser.
  • Note that version 1.5.0.8 is not the newest version.
  • That would be 2.0, which is available at http://www.mozilla.com/en-US/firefox/.
  • Mozilla will quit supporting Firefox version 1.5 early next year.
• http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.8.html contains information about the latest version of the Thunderbird mail client.
• http://www.mozilla.org/projects/seamonkey/ is the home page of the Seamonkey project.
• http://browser.netscape.com/ns8/ is the download page for Netscape 8.1.2.
• http://www.mozilla.org/university/HOF.html is the Mozilla Hall of Fame, a list of products that are derived from the Mozilla Web browser or that use its Gecko rendering engine or other components. AOL, CompuServe, and Linux users should check here for additional information, and contact their soppier if appropriate.

David Gray, MBA, Chief Wizard WizardWrx, formerly P6 Consulting
	V: +1 (817) 812-3041 TZ: USA Central, GMT -6 E: dagray@wizardwrx.com W: www.wizardwrx.com	5006 Cloyce Court North Richland Hills, TX 76180-6944 USA
Tell me what you need, and I’ll conjure it.