Multiple security vulnerabilities fixed in Firefox and Thunderbird
The releases of Firefox 13 and Thunderbird 13 close a number of critical security holes in the open source browser and email client. Mozilla has also ported most of these fixes to the Extended Support Release (ESR) versions of both products.
Firefox 13 includes seven security fixes in total, four of them for critically rated vulnerabilities. Six of these security problems also affect Firefox ESR. The corrections fix a buffer overflow and a use-after-free problem both found using the Address Sanitizer tool and several other memory safety issues. A critical privilege escalation vulnerability in the Mozilla Updater only affects the current edition of Firefox; the ESR edition is unaffected.
Firefox 13 (release notes), Firefox ESR 10.0.5 (release notes), Thunderbird 13 (release notes) and Thunderbird ESR 10.0.5 (release notes) are available from Mozilla's web site for Windows, Mac OS X and Linux.