In association with heise online

02 March 2011, 09:42

Mozilla issues Firefox & Thunderbird security updates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox Logo Following delays due to a startup crash regression, the Mozilla project development team has issued updates for the Firefox web browser and for the Thunderbird news and email client to close multiple critical security vulnerabilities affecting these products. According to the developers, the Firefox updates address a total of ten issues, including eight critical security bugs, one high risk and one moderate problem. Many of the issues, such as crashes caused by corrupted JPEG images, memory corruption during text run construction, or buffer overflows in the JavaScript engine, could potentially lead to the remote execution of arbitrary code on a victim's system.

Thunderbird Logo As version 3.1.x is based on the same Gecko layout engine version as Firefox 3.6, the 3.1.8 update for Thunderbird fixes two of the same critical issues addressed in the above Firefox releases. The developers note that Thunderbird 3.0.11 from December of last year was the final security and stability update for Thunderbird 3.0.x and advise all users to upgrade to the 3.1 branch.

SeaMonkey Logo The Mozilla developers also plan to release an update, version 2.0.12, for the SeaMonkey "all-in-one internet application suite" to address the above security issues. The update will also include fixes for a number of non-security related crashes, improving the application's overall stability. At the time of this posting, however, the update has yet to be published. More details about SeaMonkey 2.0.12 can be found in the preliminary release notes and in the SeaMonkey 2.0.12 security advisories.

Further information about the updates can be found in the Firefox 3.5.17 and 3.6.14, and Thunderbird 3.1.8 release notes. Firefox 3.5.17 and 3.6.14, and Thunderbird 3.1.8 are available to download for Windows, Mac OS X and Linux. Alternatively, users can upgrade to the new versions, either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu. All users are strongly encouraged to upgrade to the latest releases as soon as possible.

Firefox and Thunderbird binaries are released under the Mozilla Firefox End-User Software License Agreement and the Mozilla Thunderbird End-User Software License Agreement, and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit