Mozilla Foundation Security Advisories (Dec. 19, 2006)

MFSA 2006-76 XSS using outer window’s Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
Details on the above advisories at:
http://www.mozilla.org/security/announce/


Security Alerts & Announcements:
http://www.mozilla.org/security/


Security Update (December 19, 2006): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these udpates as soon as possible.
Firefox 2.0.0.1
Firefox 1.5.0.9
Thunderbird 1.5.0.9
Users should get an automatic update notification; users who have turned off update notification can use the “Check for Updates…” item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site’s computer support staff for help, or help is available through Community Support.

Leave a Reply