Firefox and Thunderbird updates patch security holes
The Mozilla Project has published updates for Firefox, its open source web browser, and the Thunderbird email client to fix several bugs and other critical issues found in previous versions. The latest Firefox 5 rapid release update addresses a total of 8 security vulnerabilities, 5 of which are rated as "Critical" by Mozilla.
The update to the 3.6.x branch of Firefox, version 3.6.18, fixes nearly twenty bugs. These include four of the critical security holes noted above, as well as another critical issue related to multiple dangling pointer problems and a cookie isolation error. On its download page, the project notes that "Firefox 3.6.x will be maintained with security and stability updates for a short amount of time". As such, all users are strongly encouraged to upgrade to Firefox 4.x or later.
As Thunderbird 3.1.x is based on the same Gecko browser engine as Firefox 3.6.x, the 3.1.11 update addresses most, if not all of the vulnerabilities fixed in Firefox 3.6.18. At the time of writing, the Security Advisories for Thunderbird 3.1 web page, the release notes and the download page have yet to be updated to reflect the latest version.
Further information about the updates can be found in the Firefox 3.6.18 and 5.0 release notes. Firefox 3.6.18 and 5.0 are available to download for Windows, Mac OS X and Linux. Alternatively, users can upgrade to the new versions, either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu. Mozilla encourages users to upgrade to the latest releases as soon as possible.
Firefox and Thunderbird binaries are released under the Mozilla Firefox End-User Software License Agreement and the Mozilla Thunderbird End-User Software License Agreement, and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.
- Mozilla releases Firefox 5, a report from The H.
- Thunderbird 5.0 arrives in Beta channel, skips 4.0, a report from The H.