ANN: Update your Mozilla, Firebird, Thunderbird software!

[Garrett]

A critical hole was found in the Moz engine and was patched. Either
download a new complete install or a patch for any of the software
programs you use that are based on the moz engine.

Mozilla updated to: 1.7.1
Firefox updated to: 0.9.2
Thunderbird updated to: 0.7.2

For more information, visit: http://update.mozilla.org/


Best regards,
-Garrett

 

[Eloy Perez]

A critical hole was found in the Moz engine and was patched. Either
download a new complete install or a patch for any of the software
programs you use that are based on the moz engine.

Mozilla updated to: 1.7.1
Firefox updated to: 0.9.2
Thunderbird updated to: 0.7.2

For more information, visit: http://update.mozilla.org/


Best regards,
-Garrett

For a moment there, I thought they had found _another_ hole, but this is
the same one found earlier (added July 08, 2004).

Anyways, thanks for the heads up, you can never be too secure these days.

 

[Tarapia Tapioco]

A critical hole was found in the Moz engine and was patched. Either
download a new complete install or a patch for any of the software
programs you use that are based on the moz engine.

Mozilla updated to: 1.7.1
Firefox updated to: 0.9.2
Thunderbird updated to: 0.7.2

For more information, visit: http://update.mozilla.org/


Best regards,
-Garrett

N.B. This update is for users of Mozilla 1.x (up to Mozilla 1.7), Mozilla Firefox (up to 0.9.1),
and Mozilla Thunderbird (up to 0.7.1) on Microsoft Windows 2000 and XP only.

The 1KB patch for users with 1.7 currently installed can be found at
http://update.mozilla.org/extensions/moreinfo.php?id=154 .

 

[Dan Goodman]

A critical hole was found in the Moz engine and was patched. Either
download a new complete install or a patch for any of the software
programs you use that are based on the moz engine.

Mozilla updated to: 1.7.1
Firefox updated to: 0.9.2
Thunderbird updated to: 0.7.2

For more information, visit: http://update.mozilla.org/

Thanks!

 

[Garrett]

Eloy Perez wrote:

[snip]

For a moment there, I thought they had found another hole, but this
is the same one found earlier (added July 08, 2004).

Anyways, thanks for the heads up, you can never be too secure these
days.

If this info is outdated, my bad... I just noticed it today and wasn't
sure if it was already posted here.

-Garrett

 

[Bernd Schmitt]

A critical hole was found in the Moz engine and was patched.

AFAIK this is a special feature for windows/IE? Linux and Mac users
don't need the update.

Description of bug 250180:
This notice covers BOTH a security concern and a DOS. 1)Using the
"shell:" prefix in addresses on a windows PC allows access to the local
file system. AFAIK all shell shortcuts in IE will also work in mozilla.
Addresses such as "shell:cookies" passes the call to explorer and it
shows the desired location. Address to individual files or cookies are
handled by Mozilla and treated as a "file:" protocol. While I have not
looked into the exploitability of this behavior, it would seem to be a
security risk as IE has supposedly dropped this functionality in SP1 for
IE 6. 2) By making a request for a file that does not exist on the
user's system using the "shell:" prefix, Mozilla will continue to open
windows until the user's system crashes.

So even if 1) is not percieved as a true bug, 2) definately is a bug.

Ciao,
Bernd