FYI...from the Internet Storm Center:
Updated July 9th 2004 00:30 UTC
"Mozilla and Firefox Update Fixes Vulnerability
It's time to update your browser, though this time the problem is not with Internet Explorer, but with Mozilla and Firefox running on Windows...a flaw in the way Mozilla and Firefox handled links containing the shell: suffix could allow a malicious web site to run arbitrary code on the visitor's system. We advise you to upgrade to Mozilla 1.7.1 or Firefox 0.9.2 to patch this vulnerability. Alternatively, you may install the patch from http://ftp.mozilla.o.../shellblock.xpi
For more information about this vulnerability and ways of addressing it, please see http://mozilla.org/security/shell.html . This URL also points out that Thunderbird, an email client that's part of the Mozilla suite, is vulnerable, and explains how you can address the Thunderbird vulnerability as well.
Ethereal Update Fixes Vulnerabilities
A recent upgrade to Ethereal, a popular network sniffer, resolves several published vulnerabilities. Since we haven't seen this mentioned on the usual forums, we thought we'd let you know about the update in this note. If you're running Ethereal versions 0.8.15 up to and including 0.10.4, you will probably want to upgrade to version 0.10.5. See http://www.ethereal....a-sa-00015.html for more details..."
Time to update Mozilla/Firefox/TB and Ethereal
No replies to this topic