Status Tracking Note TRTA08-087A

Mozilla Updates for Multiple Vulnerabilities

New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary

Event Information

Date (UTC)	Description
2008-05-09 13:11	US-CERT Mozilla Releases Thunderbird 2.0.0.14 US-CERT Current Activity Mozilla has released Thunderbird 2.0.0.14 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to escalate privileges or execute arbitrary code.
2008-05-01	Mozilla Mozilla Thunderbird 2.0.0.14 Release
2008-03-27 20:34	US-CERT TA08-087A: Mozilla Updates for Multiple Vulnerabilities Via US-CERT Mailing List New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
2008-03-26 12:23	US-CERT Mozilla Releases Firefox 2.0.0.13 US-CERT Current Activity Mozilla has released Firefox 2.0.0.13. This version addresses multiple vulnerabilities that may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct cross-site scripting or phishing attacks. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird and SeaMonkey.
2008-03-26 10:24	SANS Internet Storm Center Firefox 2.0.0.13 is out A new version of Firefox, 2.0.0.13, has been released today.
2008-03-25	Mozilla mfsa2008-16: HTTP Referrer spoofing with malformed URLs
2008-03-25	Mozilla mfsa2008-15: Crashes with evidence of memory corruption (rv:1.8.1.13)
2008-03-25	Mozilla mfsa2008-14: JavaScript privilege escalation and arbitrary code execution
2008-03-25	Mozilla SeaMonkey 1.1.9 Release
2008-03-25	Mozilla Mozilla Firefox 2.0.0.13 Release
2008-03-25	Mozilla mfsa2008-19: XUL popup spoofing variant (cross-tab popups)
2008-03-25	Mozilla mfsa2008-18: Java socket connection to any local port via LiveConnect
2008-03-25	Mozilla mfsa2008-17: Privacy issue with SSL Client Authentication


Date first published (UTC):	2008-04-06T20:02+00:00
Date last updated (UTC):	2008-05-07T08:07+00:00