Status Tracking Note TRTA08-319A

Mozilla Updates for Multiple Vulnerabilities

Overview

New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
Event Information


Date (UTC)Description
2008-11-19 Mozilla
Mozilla Thunderbird 2.0.0.18 Release
2008-11-18 www.scary.beasts.org
CESA-2008-010: Firefox XML injection into parse of remote XML
Parsing error in E4X default namespace (CVE-2008-5024)
The public disclosure of the vulnerability by the reporter.
2008-11-17 www.scary.beasts.org
CESA-2008-009: Firefox 2 and WebKit nightly cross-domain image theft
Cross-domain Vulnerability (CVE-2008-5012)
The public disclosure of the vulnerability by the reporter.
2008-11-14 20:01 US-CERT
TA08-319A: Mozilla Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
2008-11-13 12:34 US-CERT
Mozilla Releases Updates to Address Vulnerabilities in Multiple Products
US-CERT Current Activity
Mozilla has released Firefox 2.0.0.18, Firefox 3.0.4, and SeaMonkey 1.1.13 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, security bypass, cross-site scripting, denial of service, and information disclosure. As described in the Mozilla Foundation security advisories, some of these vulnerabilities may also affect Thunderbird.
2008-11-13 03:32 SANS Internet Storm Center
New Firefoxen and Seamonkey out (Version: 2)
New versions of FIrefox 2 & 3 were released this evening. Firefox 2.0.0.18 fixes 11 security vulnerabilities 6 of them critical including 2 remote code executions. Firefox 3.0.4 fixes 9 security vulnerabilities, 4 of them critical including remote code execution.
2008-11-13 IBM Internet Security Systems
Mozilla Unchecked Allocation Remote Code Execution
http-index-format parser Vulnerability (CVE-2008-0017)
Mozilla Firefox and Mozilla SeaMonkey are vulnerable to remote code execution by enticing a user to click on a malicious URL.
2008-11-12 Mozilla
Mozilla Firefox 3.0.4 Release
2008-11-12 Mozilla
SeaMonkey 1.1.13 Release
2008-11-12 Mozilla
Mozilla Firefox 2.0.0.18 Release

Reference

Date first published (UTC): 2008-11-16T23:42+00:00
Date last updated (UTC): 2008-11-23T04:23+00:00
Valid HTML 4.01!