In association with heise online

28 October 2010, 12:18

Mozilla issues Firefox & Thunderbird security updates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox Logo Just one week after the previous updates were released, the Mozilla development team have issued updates for the Firefox web browser and for the Thunderbird news and email client to close a critical security vulnerability affecting these products. According to the developers, the updates address a critical security issue that could potentially lead to the remote execution of arbitrary code on a victim's system. The previously reported zero day vulnerability (CVE-2010-3765), which was used to attack visitors to the Nobel Peace Prize web site, was related to a bug that lead to a heap buffer overflow when mixing document.write and DOM insertion.

Thunderbird Logo As they are based on the same Gecko layout engine versions as Firefox, the 3.1.6 and 3.0.10 security updates for Thunderbird close the same issues addressed in the above Firefox releases. Additionally, the developers note that, while reading email in Thunderbird does not pose a risk to users, the vulnerability could be triggered via an RSS feed if JavaScript is enabled or by a third-party add-on that enables browser-like functionality.

SeaMonkey Logo The Mozilla developers will also release an update for SeaMonkey, the "all-in-one internet application suite" to address the above issues. Further information about this 2.0.10 update, which has yet to be released at the time of this writing and fixes the above mentioned vulnerability and several non-security-relevant crashes, can be found in the SeaMonkey 2.0.10 security advisory and in the release notes.

More details about the updates can be found in the Firefox 3.5.15 and 3.6.12, and Thunderbird 3.0.10 and 3.1.6 release notes. Firefox 3.5.15 and 3.6.12, and Thunderbird 3.0.10 and 3.1.6 are available to download for Windows, Mac OS X and Linux. Alternatively, users can upgrade to the new versions, either by waiting for the automated update notification or, when applicable, by manually selecting "Check for updates" from the Help Menu. All users are strongly encouraged to upgrade to the latest releases as soon as possible.

Firefox and Thunderbird binaries are released under the Mozilla Firefox End-User Software License Agreement and the Mozilla Thunderbird End-User Software License Agreement, and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit