Multiple vulnerabilities have been discovered in Google Chrome (Web browser), Mozilla Firefox (Web browser), Mozilla Thunderbird (email client), and Netscape portable runtime applications (NSPR), which could allow remote code execution.

Bottom line:

  • Update your software to the latest versions and
  • Think B4 U Click!

These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted Web page. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the affected application on your computer. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems affected

  • Google Chrome Prior to 35.0.1916.153
  • Firefox versions prior to 30
  • Firefox Extended Support Release (ESR) versions prior to 24.6
  • Thunderbird versions prior to 24.6
  • Netscape Portable Runtime versions prior to 4.10.6

Remediation

  • Update vulnerable Google and Mozilla products immediately.
  • Do not visit un-trusted Web sites or follow links provided by unknown or un-trusted sources.
  • Do not open email attachments or click URLs from unknown or untrusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

Further Information

Information adapted from MS-ISAC Cyber Security Advisories 2014-055 and 2014-054.