|
| Just the facts | ||
| Title | CASEScontact.org advisory - Mozilla Firefox, Thunderbird and Sea Monkey - JavaScript vulnerability | |
| Description | The JavaScript vulnerability affects:
|
|
| CyTRAP Labs ID | CT110068 | |
| Last update | 2006-10-03 | |
| Original release date | 2006-10-03 | |
| Systems affected |
If you use Mozilla Firefox, Thunderbird or Mozilla SeaMonkey this is a so-called zero-day exploit affecting users with the following operating systems:
Read on and protect yourself right now, it is fast and easy. PS. If your system is set up right regarding security preferences, you would not have to worry about this alert... Below we explain how you can safe time and headaches while improving your security posture at the same time. |
|
| Select language |
 
|
|
| Version number | 1.0 | |
| ISSN | 1603-9858 | |
| Verify threat | http://casescontact.org/alerts/110068 | |
| Risk assessment | High | |
| Impact/Severity | High | |
Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient: |
||
| What is the problem? | ||
| Admin | Please help us do a better job for you? If you have additional information or corrections for this advisory please submit them via our contact form or by email to: > updates at CASEScontact.org |
|
| How does it affect me? | Should I Worry?
Yes ==> If your PC runs the Firefox, SeaMonkey or the Thunderbird e-mail program, this affects you. Follow the steps below to minimize your risks(see below for link) A) The Threat may result in an attacker to bypass certain security restrictions and taking control of the affected system. B) Vulnerabilities At this time CyTRAP Labs has not confirmed these vulnerabilities that were disclosed by hackers attending a conference. Find out more details here: - CyTRAP Labs advisory - Mozilla Firefox JavaScript vulnerability These vulnerabilities can be mitigated by disabling JavaScript and Java in all affected products, see our solution section for help C) Impact . Successful exploitation can result in a user having his or her system compromised. The vulnerabilities can be exploited by malicious people to execute arbitrary code on a vulnerable system. |
|
| Systems affected | Vulnerabilities have been reported with:
|
|
| Minimize your exposure to this threat - follow the steps outlined below | ||
| Much Gain - Little Pain - Do this | One way to get rid of this problem fast is to allow JavaScript, Java and other executable content only for trusted domains of your choice, such as your home-banking web site. You can get a free tool here: | |
| Other Actions | CyTRAP Labs will continue to monitor the situation and release additional updates
when more information becomes available.
If you want, there is also the possibility to disable JavaScript and Java execution by changing the options in these affected programs. A step-by-step instruction can be found here: CyTRAP Labs guide - Firefox zero-day vulnerabilities - what can a user do NOW? |
|
| Additional risk minimization | To avoid these problems in the future, why not set your program's options or preferences in such a way that it goes and automatically checks for updates. You can find an easy step-by-step explanation (takes 2 Min max) here for:
> CyTRAP Labs’ guide - Firefox browser - updates - setting your options to get them automatically
|
|
| If you need more information, please read on. Otherwise follow the steps outlined above. | ||
| Source | CyTRAP Labs EU-IST blog - advisory - Mozilla Firefox JavaScript vulnerability | |
| Source URL | http://cytrap.eu/blog/?p=56 | |
| Source date | 2006-10-03 | |
| Other source | CyTRAP Labs WinCurity blog | |
| Other source URL | http://blog.casescontact.org/?p=151 | |
| Other source date | 2006-10-03 | |
| CyTRAP labs ID | CT110068 | |
| Administrative | ||
| Author | Urs E. Gattiker - CyTRAP Labs | |
| Revisions | ||
| Contact details | Web: http://CASEScontact.org E-mail: support01 at CASEScontact.org Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036 Fax: +44(0)70-9237-6036, dial 3 send fax |
|
|
--END of ADVISORY - Important Info Below-- | |
 | |
| We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert. |
|
| |
NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. |
|
| |
Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail
| |
| |
NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. |
|
| |
CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php |
|
| |
UNSUBSCRIBE If you no longer wish to receive this THREAT ALERT, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Alerts-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - |
|
| |
-- END of THREAT ALERT -- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved. | |