Critical holes in Firefox, Thunderbird and SeaMonkey
The Mozilla developers have not only given the Firefox browser a faster JavaScript engine with their update to version 9.0 but they have also closed various critical security holes. One critical flaw in previous versions of the browser allows an embedded OGG video element of "extreme" size to cause a crash that can potentially be exploited to inject malicious code. However, Mozilla is currently keeping the specific details of this confidentially disclosed vulnerability under wraps.
Mozilla have closed a hole which allowed attackers to access out-of-bounds memory areas and inject malicious code via specially crafted SVG files. Another critical issue addressed in Firefox 9.0 is a currently unspecified and potentially exploitable crash in the YARR regular expression library. Mozilla also took the opportunity in 9.0 to close other critical memory bugs.
Upgrading to Firefox 9.0 addresses these issues and all users are advised to upgrade, either using Firefox's automatic update system or by downloading the latest version. The vulnerabilities also exist in previous versions of the SeaMonkey "all-in-one Internet suite" and are addressed in the Seamonkey 2.6 update. The Thunderbird email client is vulnerable, but only the first vulnerability mentioned is rated as critical. Version 9.0 of Thunderbird will fix the issues but has not yet been released.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
