Bugs fixed in Firefox and Thunderbird.
It is not long since the release of version 184.108.40.206 of Firefox and Thunderbird, and yet the developers at the Mozilla Foundation have already prepared further versions of these Open Source programs. Rumours of these new versions have been circulating for some time, but now the details have been published. The new versions of Firefox is available now, and Thunderbird will follow shortly.
The next main revision of the web browser is due to be Firefox 2, which is already in beta, but although work on this is proceeding well, the latest update is 220.127.116.11. This improves the stability of the browser and also corrects some security holes. The email client Thunderbird is also vulnerable and version 18.104.22.168 will follow shortly.
A description of the change are given in the release Notes to Firefox 22.214.171.124 and Thunderbird 126.96.36.199. A list of the closed security holes is given in Known Vulnerabilities in Mozilla Products. This explains that in the new release, 12 holes have been plugged in Firefox and a total of 11 in Thunderbird.
With Thunderbird the developers classify only one error as critical; this allows a VCard attachment with a malformed base64 field to cause heap buffer overflow.
The download for Firefox 188.8.131.52 is already available in many international versions, for Windows, Linux and MAc OS X; that for Thunderbird 184.108.40.206 should be available shortly. All users of Firefox are advised to accept the new version when prompted by the Update function. Users of Thunderbird are also advised to install the new version when it becomes available.
As the Seamonkey project shares much of the same code base as Firefox and Thunderbird, it is also vulnerable to many of the same problems. This project is a continuation of the original Mozilla Websuite, including Browser, Mail and Chat clients, as well as an HTML editor. A new version 1.0.3 of Seamonkey is currently under development to fix 13 security holes. This new version should also soon be available for download.