iPhone X review
Security group warns of weaknesses in Mozilla
The CERT Coordination Centre is warning of multiple vulnerabilities in Mozilla-related programs. Affected software includes the Firefox browser and Thunderbird email client, as well as the Mozilla browser, email and newsgroup client.
According to the computer security incident response team, the vulnerabilities - which range from VCard handling to the dragging of links - could allow a remote attacker to execute arbitrary code on affected machines. The list is as follows.
VU#414240 A stack overflow vulnerability means that an email message with a specially crafted VCard can give remote attackers access to a machine. Apparently, this can be exploited in preview mode as well.
VU#847200 A vulnerability in the way Mozilla handles certain bitmap images (integer overflows in its bitmap image decoder).
VU#808216 A vulnerability in the way Mozilla handles certain malformed URLs (a heap overflow in the UTF8 conversion of the hostname portion of URLs).
VU#125776 - A malicious POP3 server could execute arbitrary due to multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler.
VU#327560 The Mozilla 'send page' feature also contains a buffer overflow vulnerability.
VU#651928 Involving the dragging of links, a browser vulnerability may allow the violation of cross-domain scripting policies. Again, as with all the others, this could lead to the execute of code originating from a remote source.
Note that Mozilla.org has released patches for the affected software. Specifically: Mozilla 1.7.3, the Firefox Preview Release and Thunderbird 0.8. Users are strongly encouraged to upgrade.
This thread is now locked and can not be replied to.