Risk: Medium
New vulnerabilities are haunting Mozilla Firefox, and Netscape browsers, while different threats have surfaced in Outlook and Internet Explorer. Meanwhile, IM and P2P threats surge.
Secunia has reported, and Mozilla has confirmed, an information disclosure vulnerability in the Firefox browser - including the latest update (version 1.0.2), which was released March 2 2005. In fact, troubles for the increasingly popular browser are coming so fast and furious that mozillaZine has reported that a new Firefox release candidate has already replaced the Firefox release candidate 1.0.3, which became available on April 5 2005.
Mozilla issued the new release candidate (also designated 1.0.3) the very next day. Be forewarned that this release candidate 1.0.3, and probably the eventual release version as well, is likely to cause problems with a number of extensions.
The information disclosure vulnerability exposes random memory areas to malicious web sites, and users would never be aware of it. As you would expect, it's mostly ASCII garbage, but there are definitely real information disclosures too, so this is a very real threat.
Secunia offers a Mozilla Products Arbitrary Memory Exposure Test to help determine if a system is vulnerable to the new vulnerability. IE6 passed tests, but Firefox was definitely exposing arbitrary chunks of memory. So if you're using Mozilla Firefox or even Netscape, running a quick test from Secunia's web site is highly recommended.