[Stoat]

Uber-Geeks please see the "technical" version of this alert at:

http://www.us-cert.gov/cas/techalerts/TA04-261A.html

[Centurion2000]

Quite a few actually

Several vulnerabilities have been reported in the Mozilla web browser and derived products. More detailed information is available in the individual vulnerability notes:

VU#414240 - Mozilla Mail vulnerable to buffer overflow via writeGroup() function in nsVCardObj.cpp

Mozilla Mail contains a stack overflow vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. This can be exploited in the preview mode as well.

VU#847200 - Mozilla contains integer overflows in bitmap image decoder

A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system.

VU#808216 - Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs

A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system.

VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler

There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a malicious POP3 server to execute arbitrary code on the affected system.

VU#327560 - Mozilla "send page" feature contains a buffer overflow vulnerability

There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code.

VU#651928 - Mozilla allows arbitrary code execution via link dragging

A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source.

[steveo]

And the beast shall be made legion. Its numbers shall be increased a thousand thousand fold. The din of a million keyboards like unto a great storm shall cover the earth, and the followers of Mammon shall tremble.

from The Book of Mozilla, 3:31

(Red Letter Edition)

[Buford T. Justice]

And I thought it was regarded as a more secure alternative to Explorer.

[Arkinsaw]

Thanks for the post. Updated.

[FreedomFarmer]

Ah, now we know what the geeks in Redmond write in their spare time, now that their stock options are tanking.

[Solamente]

My FireFox and Thunderbird are up to date! I'm saved!!!

[Fiddlstix]

BTTT

[fritzz]

I am using Firebird 0.7. Which do I download. Mozilla, Firefox, or Thunderbird? I don't use the mail utility.

[asgardshill]

But, but, but ... I thought this was impossible! They said that only Microsoft products have vulnerabilities and that I would become 50 pounds lighter, a foot taller, and my winkie would lengthen by 2 inches if I stopped using them!

[DB]

Thanks for posting this.

[WestCoastGal]

bookmark

[Titan Magroyne]

Updated, and thankee kindly for the headsup!

[Egon]

Ping.

[AmericanVictory]

thanks for the tip.

[eyespysomething]

bump for later