Mozilla, Firefox, Netscape Browsers Multiple Vulnerabilities

pudgmo

______________
May 2, 2005
477
1
0
#1
Wasn't sure about the appropriate place for this but I got an email from a reliable source last night...

(1) HIGH: Mozilla, Firefox, Netscape Browsers Multiple Vulnerabilities
Affected:
Firefox versions 1.0.6 and prior
Mozilla versions 1.7.11 and prior
Netscape version 8.x

Description: Mozilla, Firefox and Netscape browsers contain the
following vulnerabilities that can be exploited by a malicious webpage
to compromise a user's system. (a) The function that processes XBM
(X-Bitmap) images contains a heap-based overflow that can be triggered
by an XBM image ending with a "space" character rather than the end tag.
According to the discoverer, the flaw can be exploited to execute
arbitrary code. (b) Unicode processing of certain sequences leads to a
stack-based overflow that can be exploited to execute arbitrary code.
(c) The JavaScript Engine contains an integer overflow that can be
exploited to execute arbitrary code. (d) The unprivileged "about:" page
can load a privileged "chrome:" page under certain conditions. This flaw
combined with another cross-zone flaw could result in the execution of
arbitrary code. The Mozilla bugzilla contains technical details required
to leverage these flaws.

Status: Mozilla Foundation has released version 1.0.7 for Firefox and
1.7.12 for Mozilla browsers. In addition to the above mentioned high
severity bugs, the newer versions also fix certain spoofing bugs. No
updates are available for Netscape.

Read More

Update FireFox
 
K

Kommercial

#3
Why would I care? I'm sure Mozilla already has knowledge of this, and they would probably know before any geek.