Firefox users told to upgrade

By Steve Malone

Posted on 21 Apr 2006 at 12:03

Firefox and Mozilla users have been told to upgrade to the latest version or risk be susceptible to hacker attack. Official sources in the US say that both the Firefox browser and the Thunderbird email client may allow an attacker to take control of their machine.

Also affected are Mozilla Seamonkey, the Mozilla suite and any other products that are based around the Gecko engine.

The warning has been issued by the US Computer Emergency Readiness Team (US-CERT). The organisation details a number of vulnerabilities in the Mozilla web browser and its derived applications. The security issues include a JavaScript security bypass vulnerability, CSS integer overflow, vulnerability to memory corruption via a particular sequence of HTML tags and memory corruption via large regular expressions in JavaScript

According to US CERT, in the worst case these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include a denial of service or the disclosure of locally held information.

On its web site, Mozilla 'strongly recommends' that all users to upgrade to new versions of Firefox and Thunderbird 'to take advantage of significant security and stability enhancements'. The organisation has already been delivering new versions of its software through its automatic upgrade programme.

The warning echoes a similar one given by security specialist Secunia which has issued a 'highly critical' level security advisory warning of cross-site scripting, phishing attacks and the bypass of some security restrictions.

New versions of both Firefox and Thunderbird are available at 'Mozilla.com.