Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Firefox and Thunderbird Critical Updates

Friday, June 9th, 2006 by | Filed Under: Security Help
 
Loading...


Firefox and Thunderbird Critical Updates

On June 1st, Mozilla, the creators of the highly popular Open Source applications, such as Firefox and Thunderbird (alternate Internet browser and e-mail client), released an update. The update addresses several vulnerabilities in both applications with more than five of them getting a “highly critical” rating from two very reputable security companies (Secuna, ZDNet), and the Mozilla corporation itself.

For most Firefox 1.5 users, this update initiated automatically after you ran the program again, once the patches were released. Older Firefox users of 1.0, which had the last update of 1.0.8, have no patch to mend the browser’s vulnerabilities. This of course, makes it a huge security risk to keep using this version. If you do still use the older version of Firefox, you are advised to update immediately.

Verifying the Firefox Version:

Mozilla does post a list of all the vulnerabilities of their products complete with a list of what patches fixed what vulnerabilities. I have posted a summary of the list from Mozilla’s site and you can click on the link at the end of the list for more complete details.

Firefox’s 12 Vulnerabilities Patched by the Recent Update:

1. Privilege escalation using AddSelectionListener.
2. Web site XSS using BOM on UTF.
3. File stealing by changing input type (variant).
4. “View Image” local resource linking (Windows).
5. Buffer overflow in crypto.signText.
6. Remote compromise via content defined setter on object prototypes.
7. PLUGINSPAGE privileged JavaScript execution 2.
8. Privilege escalation through XUL persist.
9. XSS viewing javascript: frames or images from context menu.
10. HTTP response smuggling.
11. Fixes for crashes with potential memory corruption.
12. EvalInSandbox escape (Proxy Autoconfig, Greasemonkey).

For more information regarding details of the vulnerabilities, visit Mozilla’s Known Vulnerabilities page.

If you need to update your Firefox 1.5 or you just want to make sure you have the latest update, simply open up Firefox and from the main interface, go to Help, Check for Updates.

Now, if you have Firefox 1.0 and need to jump on board with the 1.5 version, you don’t need to uninstall the current version. Simply go to Mozilla’s Firefox download page and follow the procedure for downloading and installing the most current version of Firefox 1.5. After this is done, you may want to make sure you have the latest updates by following any of the procedures above (you should be updated if this is a new install). With that out of the way, you can enjoy browsing the Internet using your red-tailed browser free of worries. Until the next vulnerability, that is.

Thunderbird Vulnerability

In addition to the Firefox patch, there is also a fix for the popular Outlook Express alternative from Mozilla, called Thunderbird. The vulnerabilities are a subset of the holes Mozilla patched in Firefox the same day, with only one of the “highly critical” rated vulnerabilities affecting it, however.

If you prefer to use Thunderbird as your e-mail client and are unsure whether or not you are up to date, the screenshots below should help get you all set.

If you open up Thunderbird and go to Help, About Mozilla Thunderbird, a small window will pop up displaying what build or version you are running (you should be using 1.5.0.4).

If your install of Thunderbird didn’t update for whatever reason, you can manually perform the update from the Help, Check for Updates option from the main interface.

And again, with Thunderbird updated, you shouldn’t have to worry about too much until the next vulnerability.

So until next week, stay safe out there.

~ Chad Stelnicki

Leave a Reply


Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.


Enter Email Address:

Subscribe

Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup



Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Subscribe


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive


Categories:
Archives: