In association with heise online

06 June 2012, 12:40

Multiple security vulnerabilities fixed in Firefox and Thunderbird

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox and Thunderbird logos

The releases of Firefox 13 and Thunderbird 13 close a number of critical security holes in the open source browser and email client. Mozilla has also ported most of these fixes to the Extended Support Release (ESR) versions of both products.

Firefox 13 includes seven security fixes in total, four of them for critically rated vulnerabilities. Six of these security problems also affect Firefox ESR. The corrections fix a buffer overflow and a use-after-free problem both found using the Address Sanitizer tool and several other memory safety issues. A critical privilege escalation vulnerability in the Mozilla Updater only affects the current edition of Firefox; the ESR edition is unaffected.

The vulnerabilities and their fixes are mirrored in the Thunderbird 13 and Thunderbird ESR updates as the browser and email client share a large amount of rendering code.

Firefox 13 (release notes), Firefox ESR 10.0.5 (release notes), Thunderbird 13 (release notes) and Thunderbird ESR 10.0.5 (release notes) are available from Mozilla's web site for Windows, Mac OS X and Linux.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit