Mozilla releases Firefox & Thunderbird security updates
The Mozilla development team has released updates for the Firefox web browser and for the Thunderbird news and email client to close multiple critical security vulnerabilities affecting these products. According to the developers, the Firefox updates address a total of twelve issues, including 9 critical security bugs, one high-risk and a moderate XSS hazard. Many of the issues could potentially lead to the remote execution of arbitrary code on a victim's system.
As they are based on the same Gecko layout engine versions as Firefox, the 3.1.7 and 3.0.11 security updates for Thunderbird close three of the same critical issues addressed in the above Firefox releases. Other changes in the 3.1.7 update include fixes to improve handling of large folder files stored locally, as well as improvements to local copies of IMAP mailboxes.
The Mozilla developers have also released an update for the SeaMonkey "all-in-one internet application suite" to address the above issues. The update includes fixes for a number of non-security related crashes, improving the application's overall stability. Further information about version 2.0.11 of SeaMonkey can be found in the release notes and in the SeaMonkey 2.0.11 security advisory.
More details about the updates can be found in the Firefox 3.5.16 and 3.6.13, and Thunderbird 3.0.11 and 3.1.7 release notes. Firefox 3.5.16 and 3.6.13, and Thunderbird 3.0.11 and 3.1.7 are available to download for Windows, Mac OS X and Linux. Alternatively, users can upgrade to the new versions, either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu. All users are strongly encouraged to upgrade to the latest releases as soon as possible.
Firefox and Thunderbird binaries are released under the Mozilla Firefox End-User Software License Agreement and the Mozilla Thunderbird End-User Software License Agreement, and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.
- Mozilla Foundation Security Advisories, Firefox and Thunderbird security advisories.
- Firefox 3.6.13 and 3.5.16 security updates now available, a Mozilla Developer Center blog post.
- Thunderbird 3.1.7 and 3.0.11 Updates Are Now Available, a Mozilla Developer Center blog post.