ITS Homepage Click here for text version of ITS homepage
Contact UAlbany Directories Calendars & Schedules Visitors Site Index Search
Admissions Academics Research IT Services Libraries Athletics
alerts_tag
Update available for Firefox - also affects Thunderbird and SeaMonkey


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number: 030509-01
Alert Date: 3/5/09
Alert Title: Update available for Firefox - also affects Thunderbird and SeaMonkey
Update-to: N/A

OS/Platform/Application:

Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey

Category: ALERT
Severity: HIGH
Attention: Mozilla products users, System Administrators, Desktop Support Personnel.

Summary: The Mozilla foundation has released version 3.0.7 of its popular Firefox web browser.  Firefox 3.0.7 addresses five security vulnerabilities, including three listed as "Critical" by the vendor.

NOTE FOR THUNDERBIRD AND SEAMONKEY USERS: According to a Mozilla security advisory (MFSA2009-01) "Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images."  and describes the only workaround as "Disable JavaScript until a version containing these fixes can be installed." 

Updated versions of Thunderbird (2.0.0.21) and SeaMonkey (1.1.15) are listed on the advisory but at the time of this writing (7:50 AM 3/5/09) the updates are not available for download from the vendor.  Based on the wording of the advisory it appears as though updating Firefox to 3.0.7 would address the Javascript-related memory crash issue for described in the passage above for Thunderbird and SeaMonkey installations.

Recommended Actions:  Firefox/Thunderbird/SeaMonkey users are encouraged to read the advisory/release notes and apply the Firefox update at their earliest convenience.

NOTE: Firefox users can check for and install updates by clicking Help > Check for Updates in their Firefox toolbar.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Mozilla Security Advisory MFSA 2009-01:
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html

Firefox 3.0.7 Security Content page:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7

Firefox Download page:
http://getfirefox.com
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies