Seeking to correct a number of regression bugs, Mozilla has pushed out an update for its Firefox web browser just three weeks after releasing a prior update.

Read More…
Source: SC Magazine

Mozilla on March 20 released new security and stability updates for both versions of its Firefox browser and for its Internet application suite, SeaMonkey. The new updates eradicate a minor FTP PASV port-scanning vulnerability.

Read More…
Source: OSNews

From the Brilliant Next Step dept.:
“A discussion at the mozilla.dev.planning list has given the birth to the idea of a Mozilla Desktop Environment. This sure sounds like a possibility for Mozilla as it already has many of the applications needed; and the company is thoroughly familiar with XUL, which is a more-than-potent language upon which to build a desktop environment.

Read More…
Source: Open Source Directory :: OSDir.com

Mozilla Corp. yesterday took the unusual step of patching a single vulnerability in its Firefox browser, but it will resume regular multiple-fix security updates with the next release, which is slated to debut before April 24.
Firefox 2.0.0.3 and Firefox 1.5.0.11 — Mozilla currently supports two branches of the open-source application — both fix a single flaw, according to the release notes posted on the company’s Web site.
Mozilla said that the patched bug, though rated as a low threat, could be used by attackers to run a rudimentary port scan of systems within the same perimeter as the victimized machine. The attacker, however, would have to craft a malicious Web site and host it on an FTP server and then con users into visiting the page.

Read More…
Source: White Dust

Potential security vulnerabilities have been identified with Mozilla running on HP-UX. The risk is MEDIUM. These vulnerabilities could be exploited remotely to allow execution of arbitrary code of Denial of Service (DoS).

Read More…
Source: CIAC

There are multiple security vulnerabilties with Mozilla:
1) A buffer overflow in the crypto.signText() method;
2) A privilege excalation vulnerability exists in the Mozilla addSelectionListener method;
3) Mozilla allows content-defined setters on object prototypes;
4) Mozilla can allow persisted XUL attributes to associate with the wrong URL; and
5) Mozilla contains several memory corruption vulnerabilities.
The risk is Low. May allow a remote attacker to execute arbitrary code.

Read More…
Source: CIAC

There are several security vulnerabilities in Mozilla (now SeaMonkey):
1) JavaScript new Function race condition;
2) Memory corruption with simultaneous events; and
3) Code execution through deleted frame reference. The risk is MEDIUM. The attacker could execute arbitrary code.

Read More…
Source: CIAC

There are crashed that showed evidence of memory corruption and some of these could be exploited to run arbitrary code
with enough effort. The risk is MEDIUM. There are crashed that showed evidence of memory corruption and some of these could be
exploited to run arbitrary code with enough effort.

Read More…
Source: CIAC

Mozilla FireFox FTP PASV Port-Scanning Vulnerability

Read More…
Source: Security Focus

Mozilla on March 20 released new security and stability updates for both versions of its Firefox browser and for its Internet application suite, SeaMonkey. The new updates eradicate a minor FTP PASV port-scanning vulnerability.

Read More…
Source: OSNews