Mozilla Fixes 12 Security Vulnerabilities In Firefox 2.0.0.15

July 2nd, 2008

Mozilla Fixes 12 Security Vulnerabilities In Firefox 2.0.0.15

Mozilla have released Firefox 2.0.0.15 which according to the release notes fixes 12 security vulnerabilities.

Here is a list of fixes in Firefox 2.0.0.15 from their website, some of them are critical so if you are running Firefox 2, you should update as soon as possible.

MFSA 2008-33 Crash and remote code execution in block reflow

MFSA 2008-32 Remote site run as local file via Windows URL shortcut

MFSA 2008-31 Peer-trusted certs can use alt names to spoof

MFSA 2008-30 File location URL in directory listings not escaped properly

MFSA 2008-29 Faulty .properties file results in uninitialized memory being used

MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X

MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range

MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()

MFSA 2008-24 Chrome script loading from fastload file

MFSA 2008-23 Signed JAR tampering

MFSA 2008-22 XSS through JavaScript same-origin violation

MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

You can get the latest version of Firefox 2 here. If you are already Firefox 2 user, you can also click “Check for updates…” under “Help” menu.

Seamonkey was also updated to version 1.1.10 and included fixes for the same issues plus one additional critical vulnerability, so if you use it, it should also be updated.

Email, Bookmark or Share:

Latest News Updates

There have been a high number of Cold Fusion web sites being compromised in last 24 hours.

FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. A number of compromises have been reported as a result of the exploit being used prior to now.

The Twitter account belonging to venture capitalist and Mac evangelist Guy Kawasaki was hijacked yesterday and used to push malware to some 140,000 Twitter users. The attack included a link to what purported to be a sex tape video free download linked to Gossip Girls star Leighton Meester but, after a series of clicks, the end result was a malicious Trojan. View >>

After a blackhat SEO attack, cybercriminals are again using the terrifying catastrophe of Air France Flight 447 or about China-made C919 Jumbo Jets competing with Airbus and Boeing for malicious intent. This time, spam messages are sent with an attached PowerPoint presentation, which is specially crafted to exploit a vulnerability in Microsoft Powerpoint. View >>

A recent set of spam emails were seen abusing yet another Google search feature. Spam emails use search feature q=site: in order to direct the user clicking on the link to a Google results page returning a spam site. View >>

Latest Virus Descriptions

Trojan-Dropper.Win32.Agent.albv 15 Apr 2009 12:17:00 +040
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 23552 bytes in size. Installation The Trojan copies its executable file as follows: %WinDir%\system\svhost.exe In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan adds a link…
Backdoor.Win32.Agent.abgg 15 Apr 2009 12:15:00 +040
This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 22528 bytes in size. Installation Once launched, the Trojan copies its body to the Windows system directory as “digeste.dll”: %System%\digeste.dll In order to ensure that the Trojan…
Trojan-Dropper.Win32.Kido.a 15 Apr 2009 12:09:00 +040
This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 78848 bytes in size. It is written in C++.
Trojan-Downloader.Win32.Kido.a 18 Mar 2009 16:36:00 +040
This malicious program is a Windows DLL file. Installation The malware copies its executable file with random names to the following directories: %Program Files%\Internet Explorer\<rnd>.dll %Program Files%\Windows Media Player\<rnd>.dll %Program Files%\WindowsNT\<rnd>.dll %Program…
Email-Worm.Win32.Merond.a 12 Mar 2009 19:36:00 +040
This worm spreads as an attachment to infected emails and also via file-sharing networks and removable media. The worm itself is a Windows PE EXE file. The worm’s executable file can vary between 150KB to 400KB in size. Installation The worm copies its executable file to the Windows system…
Trojan.Win32.Agent.azsy 12 Mar 2009 19:29:00 +040
This malicious program is a Trojan. It is a Windows PE EXE file. It is 417792 bytes in size. It is packed using UPX. The unpacked file is approximately 439KB in size. It is written in C++. Installation Once launched, the Trojan copies its body to the current user’s Windows startup…
Trojan.Win32.Agent2.dtb 12 Mar 2009 19:23:00 +040
This Trojan calls premium rate numbers without the knowledge or consent of the user. It is a Windows PE EXE file. It is 25131 bytes in size. It is written in Delphi.
Trojan-Downloader.Win32.Small.ydh 24 Feb 2009 11:45:00 +040
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 34816 bytes in size. It is not packed in any way. It is written in C++. Installation Once launched, the Trojan…
Trojan-Downloader.Win32.Agent.ahoe 24 Feb 2009 11:32:00 +040
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 9216 bytes in size. It is packed using UPX. The unpacked file is approximately 38KB in size. It is written in…
Trojan-Downloader.JS.Agent.crh 20 Feb 2009 12:06:00 +040
This Trojan downloads other files via the Internet and launches them for execution on the victim machine. The program is an HTML page which contains Java Script scenarios. It is 1070 bytes in size.

CyberInsecure.com