In association with heise online

21 December 2011, 12:55

Critical holes in Firefox, Thunderbird and SeaMonkey

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mozilla Trio The Mozilla developers have not only given the Firefox browser a faster JavaScript engine with their update to version 9.0 but they have also closed various critical security holes. One critical flaw in previous versions of the browser allows an embedded OGG video element of "extreme" size to cause a crash that can potentially be exploited to inject malicious code. However, Mozilla is currently keeping the specific details of this confidentially disclosed vulnerability under wraps.

Mozilla have closed a hole which allowed attackers to access out-of-bounds memory areas and inject malicious code via specially crafted SVG files. Another critical issue addressed in Firefox 9.0 is a currently unspecified and potentially exploitable crash in the YARR regular expression library. Mozilla also took the opportunity in 9.0 to close other critical memory bugs.

Upgrading to Firefox 9.0 addresses these issues and all users are advised to upgrade, either using Firefox's automatic update system or by downloading the latest version. The vulnerabilities also exist in previous versions of the SeaMonkey "all-in-one Internet suite" and are addressed in the Seamonkey 2.6 update. The Thunderbird email client is vulnerable, but only the first vulnerability mentioned is rated as critical. Version 9.0 of Thunderbird will fix the issues but has not yet been released.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit