ACC Mail ACC ACC Homepage
About ACCACC NewsFaculty Services IndexStudent Services IndexACC User DocumentationACC Computing PoliciesRecommended Systems and Purchase informationComputer Support Services
 

Security Bulletin Summary February 9, 2006

Overview
Who is Affected

Recommended Actions

Administrative Users
FireFox Users
SeaMonkey Users
Thunderbird
Other Mozilla Products

Further Assistance

Other Bulletins

ADMINISTRATIVE Staff: If you use a computer at HOME, please read on.

STUDENTS, FACULTY, ADMINISTRATIVE STAFF, ACADEMIC STAFF AND ALL HOME USERS must follow the recommendations below.

I. OVERVIEW

Macintosh and Windows FireFox (web browser), Thunderbird (email client), SeaMonkey and other Mozilla products have a serious security hole, that could put your computer, and other computers on the network, at risk if you use any of these products.

FireFox users should upgrade to the latest version (1.5.0.1) ASAP. You can download the current version of FireFox at http://www.mozilla.com/firefox.

Those using Thunderbird, SeaMonkey or other Mozilla products must configure those products to disable JavaScript. Instructions are below.

II. WHO IS AFFECTED?

Windows and Macintosh OS and Linux computer users with the following software may be at risk:

  • Mozilla web browser, email and newsgroup client
  • Mozilla SeaMonkey
  • Firefox web browser
  • Thunderbird email client

III. RECOMMENDED ACTION - ADMINISTRATIVE USERS ON CAMPUS

Administrative users that have Firefox installed on their campus computer should contact Administrative Computing for upgrading to the latest version.

IV. RECOMMENDED ACTION - ACADEMIC AND HOME COMPUTERS USERS WITH FIREFOX OR SEAMONKEY

FireFox users should upgrade to the latest version (1.5.0.1) ASAP. You can download the current version of FireFox at http://www.mozilla.com/firefox.

V. RECOMMENDED ACTION - ACADEMIC AND HOME COMPUTERS USERS WITH THUNDERBIRD, SEAMONKEY AND OTHER MOZILLA PRODUCTS

Although ACC does not support Thunderbird, we recommend anyone who uses this email client make sure that Javascript is NOT enabled. This is the default configuration, but you should confirm that JavaScript is not enabled, or disable it.

Thunderbird Instructions

Please upgrade to the current Thunderbird version at http://www.mozilla.com/thunderbird and confirm that Javascript is disabled.

Thunderbird 1.5 for Macintosh--From the Thunderbird/Preferences/Privacy menu,make sure the option to Block Javascript is checked.

Thunderbird 1.5 for Windows--From the Tools/Options/Privacy menu, make sure the option to Block Javascript is checked.

SeaMonkey Instructions

SeaMonkey users should upgrade to version 1.0 ASAP at http://www.mozilla.org/projects/seamonkey/. You can leave JavaScript enabled if you have SeaMonkey 1.0.

VI. FOR FURTHER ASSISTANCE

Students, faculty and academic staff please contact Academic Computing:
Telephone: 610-896-1480
Email: compctr@haverford.edu
Web: http://www.haverford.edu/acc/helpdesk/
In Person: Stokes 204 9am to 5pm, Monday through Friday and until 9am to 9pm on Tuesdays.

Administrative staff please contact Administrative Computing:
Telephone: 610-896-1044
Email: admincc@haverford.edu

VII. MORE INFORMATION

For additional information on this threat, please refer to the following web sites:

* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/security/announce/>

* Mozilla Foundation Security Advisories -
<http://www.mozilla.org/projects/security/known-vulnerabilities.html>

* US-CERT Vulnerability Note VU#592425 -
<http://www.kb.cert.org/vuls/id/592425>

 

 

For Questions and Comments, contact Haverford College's Academic Computing Center.
Last updated on February 10, 2006

HC HomeCampus DirectoryHaverford College Library ResourcesHaverford College Web Search EngineAcademic DepartmentsACC Home