Vulnerabilidades en Mozilla.

Comparte en redes sociales

El US-CERT (Centro nacional de emergencias informáticas de EEUU) ha informado, ayer 17 de abril, de 11 vulnerabilidades del navegador Mozilla y sus componentes, de esas vulnerabilidades, 10 permiten ejecutar código arbitrario en el sistema y una de ellas permite un ataque de denegación de servicios.
Esta claro que cuanto mas aumenta el uso de este navegador, mas aumentan sus vulnerabilidades, entre otras cosas porque cuanto mas se extiende un navegador mas apetecible se hace a los atacantes, por eso es una tontería decir que se usa Mozilla porque es mas seguro que Internet Explorer.
La solución de estas vulnerabilidades es actualizarse a Firefox 1.5.0.2, Mozilla Thundebird 1.5.0.2 y SeaMonkey 1.0.1. Personalmente les recomiendo un texto muy interesante del US-CERT sobre segurización de navegadores, con la única pega de que está en ingles.

Detalles vulnerabilidades Mozilla:
http://www.us-cert.gov/cas/techalerts/TA06-107A.html

Haz tu navegador seguro (Ingles):
http://www.us-cert.gov/reading_room/securing_browser/

Mozilla vs Internet Explorer.
http://vtroger.blogspot.com/2005/09/mozilla-vs-internet-explorer.html

5 pensamientos sobre “Vulnerabilidades en Mozilla.

  1. Estimado lector yo no tengo nada en contra de Mozilla. Y las pruebas de comcepto de vulnerabilidades estan muy vistas, quiero datos. Como las vulnerabilidades del 2006

    Mozilla

    1. Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
    2006-04-19
    http://www.securityfocus.com/bid/17516

    2. Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
    2006-04-19
    http://www.securityfocus.com/bid/16476

    3. Mozilla Firefox Large History File Buffer Overflow Vulnerability
    2006-04-19
    http://www.securityfocus.com/bid/15773

    4. Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17499

    5. Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities
    2006-03-20
    http://www.securityfocus.com/bid/12461

    6. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
    2006-03-09
    http://www.securityfocus.com/bid/14784

    7. Mozilla Browser/Firefox XBM Image Processing Heap Overflow Vulnerability
    2006-03-09
    http://www.securityfocus.com/bid/14916

    8. Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability
    2006-03-09
    http://www.securityfocus.com/bid/14917

    9. Mozilla Browser/Firefox Chrome Window Spoofing Vulnerability
    2006-03-09
    http://www.securityfocus.com/bid/14919

    10. Mozilla Browser/Firefox Chrome Page Loading Restriction Bypass Privilege Escalation Weakness
    2006-03-09
    http://www.securityfocus.com/bid/14920

    11. Mozilla Browser/Firefox Arbitrary HTTP Request Injection Vulnerability
    2006-03-09
    http://www.securityfocus.com/bid/14923

    12. Mozilla Browser/Firefox Zero-Width Non-Joiner Stack Corruption Vulnerability
    2006-03-08
    http://www.securityfocus.com/bid/14918

    13. Mozilla Browser/Firefox DOM Objects Spoofing Vulnerability
    2006-03-07
    http://www.securityfocus.com/bid/14921

    14. Mozilla Browser/Firefox Arbitrary Command Execution Vulnerability
    2006-03-04
    http://www.securityfocus.com/bid/14888

    15. Mozilla Firefox HTML Parsing Denial of Service Vulnerability
    2006-02-22
    http://www.securityfocus.com/bid/16741

    16. Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
    2006-02-14
    http://www.securityfocus.com/bid/14242

    17. Mozilla Firefox XBL -MOZ-BINDING Property Cross-Domain Scripting Vulnerability
    2006-02-07
    http://www.securityfocus.com/bid/16427

    18. Multiple Browser Proxy Auto-Config Script Handling Remote Denial of Service Vulnerability
    2006-01-10
    http://www.securityfocus.com/bid/14924

    Internet explorer

    1. Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17196

    2. Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17457

    3. Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17453

    4. Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17181

    5. Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17468

    6. Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17454

    7. Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17460

    8. Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17455

    9. Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability
    2006-04-17
    http://www.securityfocus.com/bid/17131

    10. Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability
    2006-04-11
    http://www.securityfocus.com/bid/17450

    11. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
    2006-04-10
    http://www.securityfocus.com/bid/17404

    12. Microsoft Internet Explorer WMF Image Parsing Memory Corruption Vulnerability
    2006-04-07
    http://www.securityfocus.com/bid/16516

    13. Microsoft Windows DHTML Edit Control Script Injection Vulnerability
    2006-03-11
    http://www.securityfocus.com/bid/11950

    14. Microsoft Internet Explorer Java Applet Handling Denial of Service Vulnerability
    2006-03-09
    http://www.securityfocus.com/bid/16978

    15. Microsoft Internet Explorer IsComponentInstalled Buffer Overflow Vulnerability
    2006-03-03
    http://www.securityfocus.com/bid/16870

    16. Microsoft Internet Explorer Script Engine Buffer Overflow Vulnerability
    2006-02-21
    http://www.securityfocus.com/bid/16687

    17. Microsoft Internet Explorer Drag And Drop File Installation Vulnerability Variant
    2006-02-14
    http://www.securityfocus.com/bid/16352

    18. Microsoft Windows Media Player Automatic File Download and Execution Vulnerability
    2006-02-07
    http://www.securityfocus.com/bid/7640

    19. Microsoft Internet Explorer Dialog Manipulation Vulnerability
    2006-02-07
    http://www.securityfocus.com/bid/15823

    20. Microsoft Internet Explorer ActiveX Control Kill Bit Bypass Vulnerability
    2006-02-07
    http://www.securityfocus.com/bid/16409

    21. Microsoft Internet Explorer URLMon.DLL Denial Of Service Vulnerability
    2006-02-07
    http://www.securityfocus.com/bid/16463

    22. Microsoft Internet Explorer Flash ActionScript JScript Handling Denial of Service Vulnerability
    2006-02-07
    http://www.securityfocus.com/bid/16441

    23. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability
    2006-01-16
    http://www.securityfocus.com/bid/16240

    En el 2006 IE 23 vulnerabilidades Mozilla Firefox 18. Son muy seguros estos navegadores?

  2. Lo único que he visto y que me parece muy bien es el sistema de correccion o actualizaciones de firefox son mas eficientes qe bug explorer, ese navegador debería trminarsey y yo creo que viaja para su autodestrucción.

Deja un comentario

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.

A %d blogueros les gusta esto: