16 December 2009, 10:32

Mozilla releases SeaMonkey 2.0 security update

Less than two months after the release of SeaMonkey 2.0, Mozilla has announced the availability of the first maintenance and security update to its "all-in-one internet application suite". SeaMonkey is the successor to the old Netscape Communicator and Mozilla Application suites and includes a web browser with advanced email and newsgroup support, an IRC chat client and HTML editing support.

SeaMonkey 2.0.1 addresses a total of seven vulnerabilities, three of them rated critical. Fixes include a critical vulnerability in the browser engine used by SeaMonkey and two critical bugs in liboggplay and the Theora video library, all of which could possibly lead to a crash and the execution of arbitrary code on a victim's system. Additionally, one high risk vulnerability in which "NTLM credentials from one application could be forwarded to another arbitary application via the browser", two moderate risk issues related to the location bar and the chrome window.opener, and one low risk vulnerability, have been closed. These are the same vulnerabilities that have been patched by version 3.5.6 of Firefox.

In addition to fixes for a number of non-security-relevant crashes, the latest release adds support for the Italian language, corrects a bug in the password manager and fixes the email count bug on the Mac OS X dock icon. The developers note that support for version 1.5 Beta 4 or later of the Firebug Add-on is now in place. All users are advised to update to the latest release as soon as possible.

More details about the release can be found in the release notes and the change log. SeaMonkey 2.0.1 is available to download for Windows, Mac OS X and Linux. SeaMonkey binaries are released under the Mozilla SeaMonkey End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.

See also: