Critical holes remedied in Firefox, Seamonkey and Thunderbird
On Saturday, Mozilla released updates for Firefox, Seamonkey, and Thunderbird. In addition to a number of minor bugs, the update remedies some critical security holes in the SVG and JavaScript engines as well as in the Network Security Services (NSS), which could allow attackers to crash a system or execute arbitrary code.
Another five security holes only concern Firefox and Seamonkey. An update remedies these flaws, which concern the parser, the character set, caching, and the pop-up blocker and may allow attackers to manipulate the content displayed, spy on data, or execute malicious code.
Users of the programs are therefore advised to upgrade to Firefox 1.5.0.10 or 2.0.0.2, Seamonkey 1.0.8 and Thunderbird 1.5.0.10 as quickly as possible. Not all of the updates have yet been made available for downloading, however. Mozilla Security has issued dedicated advisories for each flaw (1, 2, 3, 4, 5, 6, 7).
(ehe)