Critical holes closed in Firefox, Thunderbird and SeaMonkey
Following the latest round of updates to its suite of internet applications, Mozilla has now detailed all of the security fixes in the new versions of its Firefox web browser, Thunderbird news and email client, and the SeaMonkey "all-in-one internet application suite". As they are all based on the same Gecko platform, version 14.0 of Firefox and Thunderbird , and version 2.11 of SeaMonkey close a number of the same security holes, some of which are rated as "Critical" by the project; updates have also been published for the "enterprise" versions of Firefox and Thunderbird to address these issues.
These critical vulnerabilities include a code execution problem related to
The developers have also corrected three high-risk vulnerabilities – including location spoofing and data leakage issues – and three moderate security bugs. Additionally, the update to Firefox closes a high-risk cross-site scripting (XSS) problem, and two moderate issues. Many of these same vulnerabilities have been addressed in version 10.0.6 of Mozilla's "enterprise" Extended Support Releases (ESR) of Firefox ESR and Thunderbird ESR.
Firefox 14.0.1 (release notes), Firefox ESR 10.0.6 (release notes), Thunderbird 14.0 (release notes), Thunderbird ESR 10.0.6 (release notes) and SeaMonkey 2.11 (release notes) are available to download for Windows, Mac OS X and Linux from the project's site.
- Fixed in Firefox 14, security advisories from Mozilla.
- Fixed in Thunderbird 14, security advisories from Mozilla.
- Fixed in SeaMonkey 2.11, security advisories from Mozilla.
- Fixed in Firefox ESR 10.0.6, security advisories from Mozilla.
- Fixed in Thunderbird ESR 10.0.6, security advisories from Mozilla.