Critical holes in Firefox, Thunderbird and SeaMonkey
Mozilla have closed a hole which allowed attackers to access out-of-bounds memory areas and inject malicious code via specially crafted SVG files. Another critical issue addressed in Firefox 9.0 is a currently unspecified and potentially exploitable crash in the YARR regular expression library. Mozilla also took the opportunity in 9.0 to close other critical memory bugs.
Upgrading to Firefox 9.0 addresses these issues and all users are advised to upgrade, either using Firefox's automatic update system or by downloading the latest version. The vulnerabilities also exist in previous versions of the SeaMonkey "all-in-one Internet suite" and are addressed in the Seamonkey 2.6 update. The Thunderbird email client is vulnerable, but only the first vulnerability mentioned is rated as critical. Version 9.0 of Thunderbird will fix the issues but has not yet been released.