Firefox 220.127.116.11 fixes security vulnerabilities [Update]
The Mozilla development team have released update 18.104.22.168 for their Firefox web browser. It is available via the automatic update function or can be downloaded in various languages for Windows, Mac OS X or Linux. Firefox users are advised to update their browser as soon as possible.
The update does not offer any new features. It does, however, appear to fix security vulnerabilities which include the recently reported vulnerability arising from a complicated interaction with Microsoft's Internet Explorer. Certainly the demonstration web page by Thor Larholm no longer functions in our tests after installing the update.
The page of known vulnerabilities lists eight security issues that 22.214.171.124 remedies, including the above Internet Explorer interaction vulnerability. The security problem when accessing wyciwyg:// URIs reported in the last few days, which can be used for spoofing, has also been addressed. In addition, critical bugs which could lead to crashes and possible code injection have been fixed, as has a vulnerability which led to escalation of privileges via the event handler.
According to the security advisories of the Mozilla developers, two of the vulnerabilities also affect Thunderbird. The mail program can also crash and possibly execute injected code. Also the previously reported interaction between Internet Explorer and Firefox can also occur between IE and Thunderbird. According to the security advisories, Thunderbird 126.96.36.199 will fix those errors. It isn't available on the download servers yet though. It should appear as release shortly.