FYI...
- http://isc.sans.org/diary.php?storyid=1834
Last Updated: 2006-11-08 04:58:08 UTC
"The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and Thunderbird email clients today. These versions address some security issues* covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67. If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to Firefox 1.5.0.8. You can download the new versions off their web site at:
http://www.mozilla.com/firefox/releases/1.5.0.8.html -and-
http://www.mozilla.com/thunderbird/ ..."
* http://www.mozilla.org/projects/secu...firefox1.5.0.8
> http://secunia.com/advisories/22722/
=====================================
- http://secunia.com/advisories/22722/
Last Update: 2006-11-09
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, DoS, System access ...
> Solution: Update to Mozilla Firefox 1.5.0.8*...
Changelog: 2006-11-09: Added links to US-CERT vulnerability notes.
Original Advisory:
MFSA-2006-65: http://www.mozilla.org/security/anno...sa2006-65.html
MFSA-2006-66: http://www.mozilla.org/security/anno...sa2006-66.html
MFSA-2006-67: http://www.mozilla.org/security/anno...sa2006-67.html
Other References:
US-CERT VU#815432: http://www.kb.cert.org/vuls/id/815432
US-CERT VU#495288: http://www.kb.cert.org/vuls/id/495288
US-CERT VU#390480: http://www.kb.cert.org/vuls/id/390480
US-CERT VU#335392: http://www.kb.cert.org/vuls/id/335392
US-CERT VU#714496: http://www.kb.cert.org/vuls/id/714496 ..."
* http://www.mozilla.com/firefox/releases/1.5.0.8.html
~or~
...with Firefox open in an admin account, >Help >Check for Updates .
.