CINXE.COM

Security Center

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("http://www.mozilla.org:80/security/#Security_Alerts","20071127015631","https://web.archive.org/","web","/_static/", "1196128591"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" /> <!-- End Wayback Rewrite JS Include --> <link rel="top" title="Home" href="http://www.mozilla.org/"> <link rel="stylesheet" type="text/css" href="/web/20071127015631cs_/http://www.mozilla.org/css/print.css" media="print"> <link rel="stylesheet" type="text/css" href="/web/20071127015631cs_/http://www.mozilla.org/css/base/content.css" media="all"> <link rel="stylesheet" type="text/css" href="/web/20071127015631cs_/http://www.mozilla.org/css/cavendish/content.css" title="Cavendish" media="screen"> <link rel="stylesheet" type="text/css" href="/web/20071127015631cs_/http://www.mozilla.org/css/base/template.css" media="screen"> <link rel="stylesheet" type="text/css" href="/web/20071127015631cs_/http://www.mozilla.org/css/cavendish/template.css" title="Cavendish" media="screen"> <link rel="icon" href="/web/20071127015631im_/http://www.mozilla.org/images/mozilla-16.png" type="image/png"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Language" content="en"> <meta http-equiv="Content-Style-Type" content="text/css"> <title>Security Center</title> <script src="/web/20071127015631js_/http://www.mozilla.org/__utm.js" type="text/javascript"></script> </head> <body id="www-mozilla-org" class="deepLevel"> <div id="container"> <p class="skipLink"><a href="#mainContent" accesskey="2">Skip to main content</a></p> <div id="header"> <h1><a href="/web/20071127015631/http://www.mozilla.org/" title="Return to home page" accesskey="1">Mozilla</a></h1> <ul> <li id="menu_aboutus"><a href="/web/20071127015631/http://www.mozilla.org/about/" title="Getting the most out of your online experience">About</a></li> <li id="menu_developers"><a href="/web/20071127015631/http://www.mozilla.org/developer/" title="Using Mozilla's products for your own applications">Developers</a></li> <li id="menu_store"><a href="https://web.archive.org/web/20071127015631/http://store.mozilla.org/?r=mozorg1" title="Shop for Mozilla products on CD and other merchandise">Store</a></li> <li id="menu_support"><a href="/web/20071127015631/http://www.mozilla.org/support/" title="Installation, trouble-shooting, and the knowledge base">Support</a></li> <li id="menu_products"><a href="/web/20071127015631/http://www.mozilla.org/products/" title="All software Mozilla currently offers">Products</a></li> </ul> <form id="searchbox_002443141534113389537:ysdmevkkknw" action="https://web.archive.org/web/20071127015631/http://www.google.com/cse" title="mozilla.org Search"> <div> <label for="q" title="Search mozilla.org's sites">search mozilla:</label> <input type="hidden" name="cx" value="002443141534113389537:ysdmevkkknw"> <input type="hidden" name="cof" value="FORID:0"> <input type="text" id="q" name="q" accesskey="s" size="30"> <input type="submit" id="submit" value="Go"> </div> </form> </div> <hr class="hide"> <div id="mBody"> <div id="side"> <ul id="nav"> <li><a title="Roadmap" href="/web/20071127015631/http://www.mozilla.org/roadmap.html"><strong> Roadmap</strong></a></li> <li><a title="Projects" href="/web/20071127015631/http://www.mozilla.org/projects/"><strong> Projects</strong></a></li> <li><a title="For developers" href="/web/20071127015631/http://www.mozilla.org/developer/"><strong> Coding</strong></a> <ul> <li><a title="Module Owners" href="/web/20071127015631/http://www.mozilla.org/owners.html"> Module Owners</a></li> <li><a title="Hacking" href="/web/20071127015631/http://www.mozilla.org/hacking/"> Hacking</a></li> <li><a title="Get the Source" href="https://web.archive.org/web/20071127015631/http://developer.mozilla.org/en/docs/Download_Mozilla_Source_Code"> Get the Source</a></li> <li><a title="Building Mozilla" href="https://web.archive.org/web/20071127015631/http://developer.mozilla.org/en/docs/Build_Documentation"> Build It</a></li> </ul> </li> <li><a title="Testing" href="/web/20071127015631/http://www.mozilla.org/quality/"><strong> Testing</strong></a> <ul> <li><a title="Downloads of mozilla.org software releases" href="/web/20071127015631/http://www.mozilla.org/download.html"> Releases</a></li> <li><a title="Latest mozilla builds for testers" href="/web/20071127015631/http://www.mozilla.org/developer/#builds"> Nightly Builds</a></li> <li><a title="For testers to report bugs" href="https://web.archive.org/web/20071127015631/https://bugzilla.mozilla.org/"> Report A Problem</a></li> </ul> </li> <li><a title="Tools for mozilla developers" href="/web/20071127015631/http://www.mozilla.org/tools.html"><strong> Tools</strong></a> <ul> <li><a title="Bug tracking system for mozilla testers." href="https://web.archive.org/web/20071127015631/https://bugzilla.mozilla.org/"> Bugzilla</a></li> <li><a title="Latest status of mozilla builds" href="https://web.archive.org/web/20071127015631/http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox"> Tinderbox</a></li> <li><a title="Latest checkins" href="https://web.archive.org/web/20071127015631/http://bonsai.mozilla.org/cvsqueryform.cgi"> Bonsai</a></li> <li><a title="Source cross reference" href="https://web.archive.org/web/20071127015631/http://lxr.mozilla.org/seamonkey/"> LXR</a></li> </ul> </li> <li><a title="Frequently Asked Questions." href="/web/20071127015631/http://www.mozilla.org/faq.html"><strong> FAQs</strong></a></li> </ul> </div> <hr class="hide"> <div id="mainContent"> <h1>Security Center</h1> <p>Whether you're using the Web or checking your email, you care about your security and privacy. In the Mozilla project <a href="security-announcement.html">we understand the importance of security</a>. Here you will find alerts and announcements on security and privacy issues, general tips for surfing the Web and using email more securely, more information about how we maintain and enhance the security of our products, and useful links for Web developers.</p> <p>On this page:</p> <ul class="toc"> <li><a href="#Security_Alerts">Security Alerts &amp; Announcements</a></li> <li><a href="#Tips_for_secure_browsing">Tips for Secure Browsing</a></li> <li><a href="#Tips_for_using_email_securely">Tips for Using Email Securely</a></li> <li><a href="#For_Developers">For Developers: Contacting Mozilla</a></li> </ul> <h2><a name="Security_Alerts" id="Security_Alerts">Security Alerts &amp; Announcements</a></h2> <ul> <li><a href="/web/20071127015631/http://www.mozilla.org/projects/security/known-vulnerabilities.html"> Known vulnerabilities</a> listed by product</li> <li><a href="announce/"> Mozilla Foundation Security Advisories</a> for all products</li> </ul> <p style="margin-bottom: 0;"><strong>Security Update </strong> (October 18, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.</p> <ul> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">Firefox 2.0.0.8</a></li> </ul> <p>Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/support/">Community Support</a>.</p> <p style="margin-bottom: 0;"><strong>Security Update </strong> (September 18, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.</p> <ul> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">Firefox 2.0.0.7</a></li> </ul> <p>Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/support/">Community Support</a>.</p> <p style="margin-bottom: 0;"><strong>Security Update </strong> (July 30, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.</p> <ul> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">Firefox 2.0.0.6</a></li> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/thunderbird/">Thunderbird 2.0.0.6</a> (August 1)</li> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/thunderbird/all-older.html">Thunderbird 1.5.0.13</a> (August 23)</li> </ul> <p>Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/support/">Community Support</a>.</p> <p style="margin-bottom: 0;"><strong>Security Update </strong> (July 17, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.</p> <ul> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">Firefox 2.0.0.5</a></li> </ul> <p>Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/support/">Community Support</a>.</p> <p style="margin-bottom: 0;"><strong>Security Update </strong> (May 30, 2007): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these updates as soon as possible.</p> <ul> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">Firefox 2.0.0.4</a></li> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/all-older.html">Firefox 1.5.0.12</a></li> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/thunderbird/all-older.html">Thunderbird 1.5.0.12</a></li> </ul> <p>Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/support/">Community Support</a>.</p> <p style="margin-bottom: 0;"><strong>Security Update </strong> (March 20, 2007): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these updates as soon as possible.</p> <ul> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">Firefox 2.0.0.3</a></li> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/all-older.html">Firefox 1.5.0.11</a></li> <li><a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/thunderbird/">Thunderbird 1.5.0.10</a> (March 1, 2006)</li> </ul> <p>Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our <a href="/web/20071127015631/http://www.mozilla.org/support/">Community Support</a>.</p> <p><a href="older-alerts.html">Previous alerts and announcements</a></p> <h2><a name="Tips_for_secure_browsing" id="Tips_for_secure_browsing">Tips for Secure Browsing</a></h2> <ul> <li>Always use the most current version of your <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.com/firefox/">browser</a>.</li> <li>Check for the "lock" icon on the status bar that shows that you are on a secured web site. Also check that the URL begins with "https" in the location bar when making transactions online.</li> <li>In the Tools menu of Firefox, Tools &gt; Options... &gt; Privacy, you can clear your information with one click of a button. This is especially useful when using a computer in a public location.</li> <li>Perform transactions (like shopping or submitting personal information) at sites that are well established and that are familiar to you. If you're not familiar with a site, make sure that the site has a privacy policy and information about the site's security measures.</li> </ul> <h2><a name="Tips_for_using_email_securely" id="Tips_for_using_email_securely">Tips for Using Email Securely</a></h2> <ul> <li>Be aware that it is extremely easy for someone to forge an email message to make it appear as if the message has been sent by your bank, a software vendor (e.g., Microsoft), or another entity with whom you do business. If a message requests that you send your password or other private information, or asks that you run or install an attached file, then it is very likely that the message is not legitimate. When in doubt, just mark the message as "junk" and delete it.</li> <li>Be cautious when clicking on links sent to you in email messages. If you do click on such a link, double-check the name of the site as shown in the location bar of the browser, and be especially careful if the site name displayed is an IP address (e.g., "192.168.25.75") instead of a domain name (e.g., "www.example.com"); in the former case it is very likely the site is not legitimate. Don't enter any personal information into forms displayed at such a site, and if you have any concerns whatsoever about your security, just close the browser window.</li> </ul> <h2><a name="For_Developers" id="For_Developers">For Developers: Contacting Mozilla</a></h2> <p>Report security-related bugs and learn more about how we secure our products:</p> <ul> <li><strong>If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address security@mozilla.org.</strong> Note that your report may be eligible for a reward; see below.</li> <li>For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our <a href="/web/20071127015631/http://www.mozilla.org/projects/security/security-bugs-policy.html">policy for handling security bugs</a>.</li> <li>We want to make Firefox, Thunderbird, the Mozilla Suite, and other Mozilla products as secure as possible, and want to encourage research, study, timely disclosure, and rapid fixing of any serious security vulnerabilities. We've established a <a href="bug-bounty.html">Security Bug Bounty Program</a> to reward people who help us reach that objective.</li> <li>Mozilla-based products include a default list of CA certificates used when connecting to SSL-enabled servers and in other contexts. If you are a CA and would like your CA certificate(s) considered for inclusion in Mozilla, please see the <a href="/web/20071127015631/http://www.mozilla.org/projects/security/pki/nss/ca-certificates/policy.html">Mozilla CA certificate policy</a>.</li> <li>We encourage you to learn more about our <a href="/web/20071127015631/http://www.mozilla.org/projects/security/">Mozilla security projects</a> and participate in the development of security features and capabilities in our products.</li> </ul> <p>Press Contact: Steve Naventi, 415-392-8282, or send mail to <a href="https://web.archive.org/web/20071127015631/mailto:press@mozilla.com">press@mozilla.com</a>.</p> <p>The PGP key for security@mozilla.org can be used to send encrypted mail or to verify responses received from that address.</p> <pre> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.3 (MingW32) mQGiBELuiHkRBACzYrGGdElFoB50tk1h88rd3QPnZfHFZhGOvl9QzXOjFl2B41AD iJ1xc53EGINv+OkFEs9Fudtn6PTODga1gY2aLwJbOVyH0LOZI+lZYsWGIL45Mb3b wDkWwug/xRJxLicxSVhIkY9ZSiHrnh1Qg6zxHaNkPYRShYzGbyMpoEgs+wCg+mZm vnqtEkFGSpTYPyV7Rox0LlEEAJA0oyzFfx6RraoSNnc577bAmYV7ZjRrY5eFrI83 gz2ublUb4fz7Oa3DZm4X22CvtXENyk1UrwTKNWQBhZh2A7AW4sg4AoFrujV1CvT2 kBSA5eXwKsiM+e8sYRL2SBA3EJugBJEM/CWTWlCvijPtJg2CHGKnP3RlIDV7nCKA XChNA/9Jf3t0XCMywz5PUfEG+q0ZCmlQAMDmi7lRVHn31B0ZfY/MUhJXVCqaGn1D O02uEGckVFuy6qLipYDPS4vPnyaFgb9ebvsEWJt5zD2byPd0K6uXq9q5+cZ8uIi8 5XoAyYza3EwiFC9bGm9QkGd4zHsSRQja/75glT/d2M7Qq2ZrkLQnTW96aWxsYSBT ZWN1cml0eSA8c2VjdXJpdHlAbW96aWxsYS5vcmc+iGQEExECACQFAkLuiHkCGwMF CQlmAYAGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQlqJHOA2KtxbQWQCgofEFJhYS cb0hyFFVkDlBQRxE4cIAnRQFyoWkFv+W9mdURTKcD+ztEsmVuQINBELuiIMQCADk O/yxxmbD++Y0elZ6x4t4wEdAbiR8CsnLIyKVzFc+xDNrjOyxxuy+IJ3co233Rl/X EA+0amZW8yIpTojKqTzii87Qh3YU+LhulEeYT5viSue0PlTLZwsqD7vBs7Bs/2ho IVPZ7i5q98zNWw4Sx5X+gAf0HsDHYLWIYDp85R9Y9x29YoP6zwZ177+Ol6fZhMju cCs0yoyxMP0gs/moqIXGJ7YGHlm7X0Re6XF+lt1iQZRHrQuA9TLgBOw7KtdHjPbJ +eXVFIJ30fWIC2hrK04xgAelUqYbd5rYKToXpbULRfvCE74rlYNwAYFca8p4hOjW p04Mcj0yjZfFTOSKwz83AAMFCACdFLpPT3CYr7NhyXuahmirvuWo0oqJIeJ3tU3B g/2qPgZ/wp7ANPa6TKz+S9HonIwfIvwJl7V+VTJDnbVbc8f1DF2IPXkbvSnSi430 Uemp3+fBo2LZ2y7dCK8XP8NOiP/M8yOsS3u8PzW9EXkucuxmOT1edwiJ81BACvD2 BbHuWNuLcBveVaPkYyfYONXQ/zlYa+Yvn2zGXPlB0eqCMD4RgyZ0VeyUIjyFq/JK XBGBWbbFph3+tTEimkTvoNsGxgPNNV0i8lzWp/UXhm0rHV1GLQ31Ak4K6R/S+Fpv uRCYW8vMPQ65GxaOW2bBF3ymTf+2ehRgYZjFxzAS7JgI7XB/iE8EGBECAA8FAkLu iIMCGwwFCQlmAYAACgkQlqJHOA2KtxbMuwCeKcVcuJ98HNlKMWWmM9DDdtckCuAA n1X1+Lod8A2PyaXt5vhaGZnzpbEG =QlM5 -----END PGP PUBLIC KEY BLOCK----- </pre> <hr class="hide"> </div> </div> <div id="footer"> <ul> <li><a href="/web/20071127015631/http://www.mozilla.org/sitemap.html">Site Map</a></li> <li><a href="/web/20071127015631/http://www.mozilla.org/security/">Security Updates</a></li> <li><a href="/web/20071127015631/http://www.mozilla.org/contact/">Contact Us</a></li> <li><a href="/web/20071127015631/http://www.mozilla.org/foundation/donate.html">Donate</a></li> </ul> <p class="copyright"> Portions of this content are &copy; 1998&#8211;2007 by individual mozilla.org contributors; content available under a Creative Commons license | <a href="https://web.archive.org/web/20071127015631/http://www.mozilla.org/foundation/licensing/website-content.html">Details</a>.</p> <p> <span>Last modified October 19, 2007</span> <span><a href="https://web.archive.org/web/20071127015631/http://bonsai-www.mozilla.org/cvslog.cgi?file=mozilla-org/html/security/index.html&amp;rev=&amp;root=/www/">Document History</a></span> <span><a href="https://web.archive.org/web/20071127015631/https://doctor.mozilla.org/?action=edit&amp;file=mozilla-org/html/security/index.html">Edit this Page</a></span> <span>(or <a href="/web/20071127015631/http://www.mozilla.org/contribute/writing/cvs">via CVS</a>)</span> </p> </div> </div> </body> </html> <!-- FILE ARCHIVED ON 01:56:31 Nov 27, 2007 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 07:41:18 Nov 24, 2024. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). --> <!-- playback timings (ms): captures_list: 0.657 exclusion.robots: 0.033 exclusion.robots.policy: 0.02 esindex: 0.012 cdx.remote: 25.441 LoadShardBlock: 96.359 (3) PetaboxLoader3.datanode: 119.536 (4) load_resource: 163.667 PetaboxLoader3.resolve: 94.725 -->

Pages: 1 2 3 4 5 6 7 8 9 10