Trojan targeting FF

[Duh_OZ]

snip:
========
An identity-stealing keylogger that disguises itself as a Firefox
extension and installs silently in the background was discovered
Tuesday by security vendor McAfee.
===========

Full article:
http://news.yahoo.com/s/cmp/20060726/tc_cmp/191101268

 

[rosed1]

According to mozillaZine Firefox 1.5.0.5 Final is scheduled to be
released today (and Thunderbird 1.5.0.5 the day after tomorrow). This
will be most likely the last update that version 1.5 will see before
the release of version 2.0.

Quote -
According to the Firefox 1.5.0.5 schedule, the planned release dates
for Firefox 1.5.0.5 and Thunderbird 1.5.0.5 are Tuesday 25th July and
Thursday 27th July respectively. All users will be encouraged to update
to these maintenance releases, which will include security and
stability updates but no new features.


And it seems that this is correct. Everything looks ready for the
release.

The Release Notes page is ready. (link)
The release folder is on the FTP and it already has the update versions
(link) (Freeware)

View: Firefox 1.5.0.5 Release Notes
News source: mozillaZine
{http://www.neowin.net/index.php?act=view&id=34264}

 

[David H. Lipman]

From: "rosed1" <[email protected]>

| According to mozillaZine Firefox 1.5.0.5 Final is scheduled to be
| released today (and Thunderbird 1.5.0.5 the day after tomorrow). This
| will be most likely the last update that version 1.5 will see before
| the release of version 2.0.
|
| Quote -
| According to the Firefox 1.5.0.5 schedule, the planned release dates
| for Firefox 1.5.0.5 and Thunderbird 1.5.0.5 are Tuesday 25th July and
| Thursday 27th July respectively. All users will be encouraged to update
| to these maintenance releases, which will include security and
| stability updates but no new features.
|
| And it seems that this is correct. Everything looks ready for the
| release.
|
| The Release Notes page is ready. (link)
| The release folder is on the FTP and it already has the update versions
| (link) (Freeware)
|
| View: Firefox 1.5.0.5 Release Notes
| News source: mozillaZine
| {http://www.neowin.net/index.php?act=view&id=34264}

http://www.ciac.org/ciac/bulletins/q-258.shtml

Q-258: Mozilla (now SeaMonkey), Firefox, Thunderbird Security Vulnerabilities
[Mozilla Foundation Security Advisory 2006-48]
July 27, 2006 17:00 GMT
--------------------------------------------------------------------------------

PROBLEM: There are several security vulnerabilities in Mozilla (now SeaMonkey):
1) JavaScript new Function race condition;
2) Memory corruption with simultaneous events; and
3) Code execution through deleted frame reference.

PLATFORM: Firefox 1.5.0.5
SeaMonkey 1.0.3
Thunderbird 1.5.0.5

DAMAGE:
1) JavaScript garbage collection deleted a temporary variable still being used in the
creation of a new Function object. The resulting use of a deleted object may be potentially
exploitable to run native code provided by the attacker;
2) A memory corruption error within the handling of simultaneously happenind XPCOM events,
which leads to use of a deleted timer object. This generally results in a crash but
potentially could be exploited to execute arbitrary code on a user's system when a malicious
website is visited; and
3) A JavaScript reference to a frame or window was not properly cleared when the referenced
content went away, and a deleted object could be used to execute native code supplied by the
attacker.

SOLUTION: Upgrade to the appropriate version.

--------------------------------------------------------------------------------

VULNERABILITY
ASSESSMENT: The risk is MEDIUM. The attacker could execute arbitrary code.

--------------------------------------------------------------------------------

LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-258.shtml
ORIGINAL BULLETIN: Mozilla Foundation Security Advisory 2006-48
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
ADDITIONAL LINKS: Mozilla Foundation Security Advisories 2006-46 & 2006-44
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
CVE: CVE-2006-3803 CVE-2006-3113 CVE-2006-3801

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

http://www.ciac.org/ciac/bulletins/q-258.shtml

Q-258: Mozilla (now SeaMonkey), Firefox, Thunderbird Security
Vulnerabilities [Mozilla Foundation Security Advisory 2006-48]
July 27, 2006 17:00 GMT
-------------------------------------------------------------------

PROBLEM: There are several security vulnerabilities in Mozilla
(now SeaMonkey): 1) JavaScript new Function race condition;
2) Memory corruption with simultaneous events; and
3) Code execution through deleted frame reference.

PLATFORM: Firefox 1.5.0.5
SeaMonkey 1.0.3
Thunderbird 1.5.0.5

It'd be nice if they'd reword that. Should say

Fixed in: Firefox 1.5.0.5
Thunderbird 1.5.0.5
SeaMonkey 1.0.3

<http://www.mozilla.org/security/announce/2006/mfsa2006-44.html>
<http://www.mozilla.org/security/announce/2006/mfsa2006-46.html>
<http://www.mozilla.org/security/announce/2006/mfsa2006-48.html>

 

[David H. Lipman]

From: "»Q«" <[email protected]>

http://www.ciac.org/ciac/bulletins/q-258.shtml

Q-258: Mozilla (now SeaMonkey), Firefox, Thunderbird Security
Vulnerabilities [Mozilla Foundation Security Advisory 2006-48]
July 27, 2006 17:00 GMT
-------------------------------------------------------------------

PROBLEM: There are several security vulnerabilities in Mozilla
(now SeaMonkey): 1) JavaScript new Function race condition;
2) Memory corruption with simultaneous events; and
3) Code execution through deleted frame reference.

PLATFORM: Firefox 1.5.0.5
SeaMonkey 1.0.3
Thunderbird 1.5.0.5

|
| It'd be nice if they'd reword that. Should say
|
| Fixed in: Firefox 1.5.0.5
| Thunderbird 1.5.0.5
| SeaMonkey 1.0.3
|
| <http://www.mozilla.org/security/announce/2006/mfsa2006-44.html>
| <http://www.mozilla.org/security/announce/2006/mfsa2006-46.html>
| <http://www.mozilla.org/security/announce/2006/mfsa2006-48.html>
|

That DID confuse me :-(