Thunderbird fixes seven vulnerabilities
Friday, January 2, 2009
A new version of Mozilla's email application Thunderbird was released last Wednesday to fix seven flaws rated, five of which were rated as moderate.
Thunderbid 2.0.0.19 addressed a vulnerability titled XSS and JavaScript privilege escalation, which involves XBL binding and can be used to "violate the same-origin policy and execute arbitrary JavaScript within the context of a different website, according to a Mozilla press release.
Another flaw, XMLHttpRequest 302 response disclosure, could have allowed sensitive data on a machine to be revealed.
However, the "cross-domain data theft via script redirect error message" may be the flaw that could have potentially caused the most damage. Had it been left unfixed, it could have been used by a malicious website to steal private data from users on a redirected website.
The five moderate flaws were the same fixed in the latest Firefox browser update last month, which appeared to be a response to the security issues IE was experience with its Zero Day flaw.
Many security officials have warned of cybercriminals creating more innovative attacks in 2009 that may include botnets carrying out specific attacks, as well as infiltrating social networking sites.
Related News:
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
Phishing email takes numerous forms - 11.17.2009
The practice of impersonating authoritative websites and sources in order to convince victims to divulge personal information - known as phishing - has come a long way from the Nigerian "419" scams that popularized the technique in the public mind. Modern phishing is becoming increasingly dangerous in part because attacks can come from a variety of sources.
Email filtering technology working overtime, but spam won't go quietly - 11.16.2009
While modern email filtering systems can block 95 to 99 percent of spam messages, according to Tech Target, mountains of unsolicited email are still delivered every day, accounting for the vast majority of all emails sent.
Phishing scam targets investors, spoofs finance agency - 10.9.2009
The Financial Industry Regulatory Agency (FINRA), an independent regulator of brokerages, is warning investors that they may be targeted by a phishing scam through emails claiming to come from the agency.
Phishing scammers leak Windows Live Hotmail passwords to web - 10.6.2009
Hackers posted thousands of passwords from Windows Live Hotmail email accounts to a website over the weekend, in what Microsoft said was the result of a phishing campaign targeting the free webmail service.
|
