Bugs fixed in Firefox and Thunderbird.
It is not long since the release of version 220.127.116.11 of Firefox and Thunderbird, and yet the developers at the Mozilla Foundation have already prepared further versions of these Open Source programs. Rumours of these new versions have been circulating for some time, but now the details have been published. The new versions of Firefox is available now, and Thunderbird will follow shortly.
The next main revision of the web browser is due to be Firefox 2, which is already in beta, but although work on this is proceeding well, the latest update is 18.104.22.168. This improves the stability of the browser and also corrects some security holes. The email client Thunderbird is also vulnerable and version 22.214.171.124 will follow shortly.
A description of the change are given in the release Notes to Firefox 126.96.36.199 and Thunderbird 188.8.131.52. A list of the closed security holes is given in Known Vulnerabilities in Mozilla Products. This explains that in the new release, 12 holes have been plugged in Firefox and a total of 11 in Thunderbird.
With Thunderbird the developers classify only one error as critical; this allows a VCard attachment with a malformed base64 field to cause heap buffer overflow.
The download for Firefox 184.108.40.206 is already available in many international versions, for Windows, Linux and MAc OS X; that for Thunderbird 220.127.116.11 should be available shortly. All users of Firefox are advised to accept the new version when prompted by the Update function. Users of Thunderbird are also advised to install the new version when it becomes available.
As the Seamonkey project shares much of the same code base as Firefox and Thunderbird, it is also vulnerable to many of the same problems. This project is a continuation of the original Mozilla Websuite, including Browser, Mail and Chat clients, as well as an HTML editor. A new version 1.0.3 of Seamonkey is currently under development to fix 13 security holes. This new version should also soon be available for download.