Summary:  Multiple vulnerabilities have been reported in the Mozilla Web, Newsgroup and email suite of services. Several of these vulnerabilities allow a remote attacker the ability to execute arbitrary code on and/or crash unpatched systems. The vulnerabilities include: Buffer overflow in Vcard (email), Integer Overflows in bitmap image decoding, malformed URL conversion, buffer overflows in POP3 and "Send Page" services, and potential arbitrary code execution in the link dragging feature.

Recommended Actions:  The latest versions of the affected Mozilla products address these vulnerabilities. Please read the information presented in the URLs (below) for more detail and if appropriate upgrade to the latest versions.

ITS Actions:  ITS is taking no specific additional actions to counter the vulnerabilities detailed in this message. An update will be issued if this situation changes.

Resources:
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
http://www.mozilla.org/products/mozilla1.x/
http://www.mozilla.org/products/firefox/
http://www.mozilla.org/products/thunderbird/

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home