Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Firefox, Thunderbird, SeaMonkey Get a Security Overhaul
PC Magazine ^ | June 1, 2007 | Lisa Vaas

Posted on 06/01/2007 3:08:01 PM PDT by Zakeet

The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite.

The bugs, deemed critical, are detailed in Mozilla's Security Advisory 2007-12. They include multiple vulnerabilities in Mozilla's Layout Engine and in its JavaScript engine that can result in memory corruption and lead to system takeover or DoS (denial of service). The function of a layout engine is to handle content such as HTML, XML, image files and applets as well as formatting information including CSS (Cascading Style Sheets) and presentational HTML tags. The layout engine displays the formatted content on-screen, filling in the browser's content area.

Firefox users who don't install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low-privilege mode.

According to Mozilla's advisory, the impacts of the vulnerabilities vary. "Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory says.

Mozilla fixed the Layout Engine bugs in these updates: Firefox Versions 2.0.0.4 and 1.5.0.12.

(Excerpt) Read more at news.yahoo.com ...


TOPICS: Computers/Internet
KEYWORDS: antivirus; computersecurity; firefox; malware; mozilla; spyware; virus
Heads-up
1 posted on 06/01/2007 3:08:03 PM PDT by Zakeet
[ Post Reply | Private Reply | View Replies]

To: Zakeet

I downloaded the latest version the other day. I ain’t got no Sea-Monkey. What am I missing?


2 posted on 06/01/2007 3:29:16 PM PDT by BipolarBob (Yes I backed over the vampire, but I swear I didn't see it in my rear view mirror.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

Thanks!


3 posted on 06/01/2007 3:30:50 PM PDT by doc1019 (Fred Thompson '08)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BipolarBob
They aren't really Sea Monkeys; they're just brine shrimp. :)
4 posted on 06/01/2007 3:34:51 PM PDT by KingSnorky
[ Post Reply | Private Reply | To 2 | View Replies]

To: Zakeet
Gee, and all this time folks (CS-type geeks - both my colleagues and those to whom I teach CS courses) have been telling me how wonderful Mozilla is! How free of the foibles and glitches of IE! How dependable and easy to use! Mind you, I'm not a great fan of Internet Explorer, but at least Microshaft does keep up with security issues and problems on a timely basis.

I couldn't help but snicker a bit when I read this.

5 posted on 06/01/2007 3:37:53 PM PDT by BillaryBeGone
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

ping


6 posted on 06/01/2007 3:48:34 PM PDT by Ocracoke Island
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

Use Firefox almost exclusively now. Up dated it yesterday. The Cooliris add on is really cool.


7 posted on 06/01/2007 3:49:57 PM PDT by barker ( A smile is a curved line that sets things straight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BipolarBob

Yeah...what b seamonkey?


8 posted on 06/01/2007 3:51:05 PM PDT by Wheee The People (Go FRed)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Zakeet

I just updated Firefox to the latest, and LOVE the new spell check. Just like a good WP program, a misspelled word in the window for typing a post here is underlined in red, and you correct it by selecting options with a right click, including adding to dictionary.

No more using the awful FR spell checker with its moronic failure to understand words with apostrophes and hyphens.


9 posted on 06/01/2007 4:03:48 PM PDT by Atlas Sneezed (Your FRiendly FReeper Patent Attorney (...and another "Constitution-bot"))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

This has to be making the Firefox folks very happy, they are now big enough to be worth hacking...


10 posted on 06/01/2007 4:27:58 PM PDT by wastoute
[ Post Reply | Private Reply | To 1 | View Replies]

To: KingSnorky
Image hosted by Photobucket.com tooo funny...
11 posted on 06/01/2007 4:57:13 PM PDT by Chode (American Hedonist)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Zakeet

Thanks a lot for the heads-up. Just updated my Firefox for Linux Mint.


12 posted on 06/01/2007 4:58:57 PM PDT by Severa (I can't take this stress anymore...quick, get me a marker to sniff....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; PenguinWry; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; ..

13 posted on 06/02/2007 9:12:30 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BillaryBeGone
"Microshaft does keep up with security issues and problems on a timely basis."

I have to strongly disagree with you there. I've seen MS go months without fixing vulnerabilities that have been reported to them. Only when the folks who reported it to them threaten to go public would they release patches. I've heard of this happening quite a lot in the earlier days of XP.

14 posted on 06/02/2007 9:23:03 AM PDT by KoRn (Just Say NO ....To Liberal Republicans - FRED THOMPSON FOR PRESIDENT!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Zakeet
I downloaded the latest Firefox, but I didn't see an upgrade for Thunderbird, which still shows up on the site as being version 2.0.0.0.

Is there a secret handshake for upgrading thunderbird? 

15 posted on 06/02/2007 12:18:03 PM PDT by zeugma (MS Vista has detected your mouse has moved, Cancel or Allow?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KingSnorky
You let me go 54 years believing that Sea Monkeys are real, and NOW you burst my bubble...in public?

You ain't right, man, you just ain't right. I'm tellin' the tooth fairy on you. LOL

:O)

P
16 posted on 06/02/2007 12:27:03 PM PDT by papasmurf (<<<<< Click there to see my dogs! Oh, and I have FRed one liners, too.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: KoRn; BillaryBeGone
Only when the folks who reported it to them threaten to go public would they release patches.

In some cases security people get so fed up waiting even after it goes public that they produce their own unofficial patch, which embarrasses Microsoft into finally fixing it. IIRC, that was the case with the WMF vulnerability.

17 posted on 06/02/2007 2:02:34 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 14 | View Replies]

To: BipolarBob
I downloaded the latest version the other day. I ain?t got no Sea-Monkey. What am I missing?

Not much, it blows. It appears to be the latest incarnation of Netscape, with Netscape's vastly inferior interface to Firefox, but it does have a built-in email client and news viewer.

18 posted on 06/02/2007 2:53:50 PM PDT by Still Thinking (Quis custodiet ipsos custodes?)
[ Post Reply | Private Reply | To 2 | View Replies]

Comment #19 Removed by Moderator

To: papasmurf

The truth is often times a hard thing. So brace yourself: remember those x-ray glasses they sold in comic books? THEY DON’T WORK!

:)


20 posted on 06/03/2007 7:16:25 AM PDT by KingSnorky
[ Post Reply | Private Reply | To 16 | View Replies]

To: zeugma
I downloaded the latest Firefox, but I didn't see an upgrade for Thunderbird, which still shows up on the site as being version 2.0.0.0. Is there a secret handshake for upgrading thunderbird?

Interesting... I use Thunderbird 1.5.0.12 which updated for security issues on May 30:
http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.12.html

However I also see a reference to Thunderbird 2.0.0.0 which appears to be a newer release but could be just a beta. It does not show any updates:
http://www.mozilla.com/en-US/thunderbird/

Think I'll stick with version 1.5 for a while.

21 posted on 06/11/2007 11:18:21 AM PDT by CedarDave
[ Post Reply | Private Reply | To 15 | View Replies]

To: zeugma; ShadowAce
Found another reference to Thunderbird:

Thunderbird 1.5: This version of Thunderbird will be supported until October 18, 2007 with security and stability updates. We strongly encourage all users to upgrade to Thunderbird 2.

Unsupported versions of Thunderbird for other platforms are also available.

22 posted on 06/11/2007 11:23:05 AM PDT by CedarDave
[ Post Reply | Private Reply | To 15 | View Replies]

To: Zakeet
Just checked. I'm running the updated version of Fartface Firefox.
23 posted on 06/11/2007 11:30:26 AM PDT by CholeraJoe ("You just killed a helicopter with a car!" "I know. I was out of bullets.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

One more note. As of last month (May) Thunderbird 2.0 had some bugs. Check out this Thunderbird Forum thread, especially the May 18th post:

http://forums.mozillazine.org/viewtopic.php?t=550079


24 posted on 06/11/2007 11:37:24 AM PDT by CedarDave
[ Post Reply | Private Reply | To 15 | View Replies]

To: CedarDave

Thanks. I’ve been on 2.0 pretty much since it was released. Seems to work o.k. for me. Then again, I have 95% of my spam filtering happening at my email provider.


25 posted on 06/11/2007 1:12:08 PM PDT by zeugma (o o)
[ Post Reply | Private Reply | To 24 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson