Firefox Security Vulnerabilities

Site Search:

05/12/2005: Firefox Security Vulnerabilities UPDATE

Bruin OnLine has posted the most recent releases of Firefox (1.0.4) and Mozilla (1.7.8) on our website for download. These releases repair the recently discovered security vulnerabilities as well as fix some other minor bugs. The applications can be downloaded here.

Two vulnerabilities have been discovered in Firefox which can be exploited to compromise a user's system. The exploits allow arbitrary HTML and JavaScript code to be executed in a user's browser session. Successful exploitation requires that the site be allowed to install software (the default sites are update.mozilla.org and addons.mozilla.org). A combination of the two vulnerabilities can be exploited to execute malicious code. However, users that have not changed the default whitelist of sites allowed to install software are not affected.

Firefox users can protect themselves by:

Disabling JavaScript
uncheck box at Tools...Options...Web Features..."Enable JavaScript"
Disabling software installation
uncheck box at Tools...Options...Web Features..."Allow web sites to install software"

More information is available here.

If you have any questions please contact the BOL Help Desk at (310)267-4357, option 1, or at consult@ucla.edu.

	09/01/2008: Fake Account Verification Message from "WEBMAIL SUPPORT"
	08/28/2008: BOL Help Desk Closed for Labor Day
	08/25/2008: Bluesocket Device Maintenance on 8/27/08
	08/21/2008: Bluesocket Device Maintenance on 8/25/08
	08/07/2008: UCLA Logon Holders Targeted
	News archive

BOL News

BOL Webmail

05/12/2005: Firefox Security Vulnerabilities UPDATE