US-CERT says some of the vulnerabilities involve the way Firefox and Thunderbird handle URLs and images.
The U.S. Computer Emergency Readiness Team is advising people to upgrade to the latest versions of the Firefox Web browser and the Thunderbird email program to plug numerous critical security holes.
Issued this week, the warning from the agency within the Department of Homeland Security said failing to use the latest versions would leave computers open to malware that could enable an attacker to commandeer a PC. US-CERT said some of the vulnerabilities involved the way Firefox and Thunderbird handle URLs or images.
"By taking advantage of one or more vulnerabilities in Mozilla products, an attacker may be able to take control of your computer," US-CERT said.
Last week, Mozilla Corp., maker of the open source browser and email client, updated Firefox to patch two-dozen vulnerabilities, most of them critical. Firefox 18.104.22.168 debuted just days after rival Microsoft Corp. fixed 10 security problems within Internet Explorer.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.