Mozilla releases Firefox & Thunderbird security updates
Mozilla has released updates for the Firefox web browser and for the Thunderbird news and email client, closing a number of critical security vulnerabilities in those open source products. The latest security and stability update to the 3.6.x branch of Firefox addresses a total of 9 security issues, including five that Mozilla lists as critical, two high-level bugs and one rated as moderate.
Critical Firefox bugs include a library loading bug, a location bar (aka the Awesome Bar) property problem, a buffer overflow and memory corruption error when using document.write, a dangling pointer problem and various memory safety hazards, most of which could possibly lead to the execution of remote code. The Mozilla development team have also released Firefox 3.5.14 to address the same vulnerabilities.
As they are based on the same Gecko layout engine versions as Firefox, the 3.1.5 and 3.0.9 maintenance and security updates for Thunderbird close the same issues addressed in the above Firefox releases. Other changes in version 3.1.5 include various user interface and add-on fixes. Additionally, the developers have announced that the next 3.0.x branch update, version 3.0.10, will be the final update for Thunderbird 3.0 users, who are encouraged to upgrade to the latest 3.1.x branch.
Mozilla will also release an update for its SeaMonkey "all-in-one internet application suite" to address the above issues. Further information about the 2.0.9 update, which has yet to be released at the time of this writing and also fixes a number of non-security-relevant crashes, can be found in the SeaMonkey 2.0.9 security advisory and in the release notes.
Update 21-10-10: The SeaMonkey developers have now released version 2.0.9.
More details about the updates can be found in the Firefox 3.5.14 and 3.6.11, and Thunderbird 3.0.9 and 3.1.5 release notes. Firefox 3.5.14 and 3.6.11, and Thunderbird 3.0.9 and 3.1.5 are available to download for Windows, Mac OS X and Linux. Alternatively, users can upgrade to the new versions, either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu.
Firefox and Thunderbird binaries are released under the Mozilla Firefox End-User Software License Agreement and Mozilla Thunderbird End-User Software License Agreement, and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.
- Mozilla Foundation Security Advisories, Firefox and Thunderbird security advisories.
- Firefox 3.6.11 and 3.5.14 security updates now available, a Mozilla Developer Center blog post.
- Thunderbird 3.1.5 and 3.0.9 Updates Are Now Available, a Mozilla Developer Center blog post.
- Firefox 4 falling behind schedule?, a report from The H.