[Fixed]iceweasel 3 < 3.0.5, multiple vulnerabilities

infwonder · **Posted:** Wed Dec 17, 2008 4:29 am

SANS internet storm center wrote:

FireFox 3.0.5 has been released with several security fixes.

Fixed in Firefox 3.0.5
MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

Thanks to John and Roseman for bringing this to our attention.

For more info please check:
http://www.mozilla.org/security/known-v ... refox3.0.5

!8!

bipbip · **Posted:** Wed Dec 17, 2008 9:33 am

The package is not yet in the repo l!!!

So it is maybe better to stay in 3.0.4

Bip

infwonder · **Posted:** Wed Dec 17, 2008 10:23 am

As always, all mozilla replated products need to be updated ...

Thunderbird (icedove): 2.0.0.19
SeaMonkey: 1.1.4

bipbip:
I am not sure what you meant to tell. $:-\$

bipbip · **Posted:** Wed Dec 17, 2008 10:39 am

oups sorry forget my answer :-[

gapan · Seamonkey 1.1.14 is in FIFO.

Seamonkey 1.1.14 is in FIFO.

infwonder · **Posted:** Sat Dec 20, 2008 7:59 am

Oh! I forgot to mention that these vulnerabilities also affect xulrunner, which should be updated to 1.9.0.5.

infwonder · **Posted:** Wed Dec 31, 2008 5:12 am

infwonder wrote:

As always, all mozilla replated products need to be updated ...

Thunderbird (icedove): 2.0.0.19
...

It's (finally) released today!

[Fixed]iceweasel 3 < 3.0.5, multiple vulnerabilities

Who is online