Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Security Fixes and Improvements

August 17th, 2011, 10:19 GMT · By

Critical Security Updates Available for Thunderbird and SeaMonkey

SHARE:

Adjust text size:


Thunderbird 6, Thunderbird 3.1.12 and SeaMonkey 2.3 released
Enlarge picture
Mozilla has released security updates for Thunderbird and SeaMonkey in order to address critical vulnerabilities in the two products that could be exploited to compromise computers.

The newly released Thunderbird 6, Thunderbird 3.1.12 and SeaMonkey 2.3 fix a total of thirteen security flaws in the Gecko layout engine and other components.

The vulnerabilities addressed in Thunderbird 6 and SeaMonkey 2.3 are the same, with the exception of a high-impact information disclosure bug in Content Security Policy reports that was only patched in the latter.

The rest of the flaws consisted of three arbitrary code execution bugs in Mozilla's WebGL implementation, two JavaScript ones, one in the SVG implementation, one in Windows D2D hardware acceleration and several memory safety hazards.

All patched vulnerabilities are rated as critical and could lead to full system compromise, with the exception of the Windows D2D and Content Security Policy ones. These two are rated as high severity.

Seven vulnerabilities were patched in Thunderbird 3.1.12, but the only one in common with Thunderbird 6 was the SVG text manipulation flaw reported by regenrecht via TippingPoint's Zero Day Initiative.

Another two, a privileged escalation flaw in event management code and a dangling pointer one in the appendChild function, could be exploited through JavaScript.

A privilege escalation issue exploitable by dropping a tab element in content area was also addressed, and so were several memory bugs discovered by Mozilla community members.

In addition, two highly-rated vulnerabilities, a binary planting flaw in ThinkPadSensor::Startup and an information leakage in RegExp.input were patched in Thunderbird 3.1.12.

The latest version of Mozilla Thunderbird for Windows can be downloaded from here.
The latest version of Mozilla Thunderbird for Mac can be downloaded from here.
The latest version of Mozilla Thunderbird for Linux can be downloaded from here.

The latest version of Mozilla SeaMonkey for Windows can be downloaded from here.
The latest version of Mozilla SeaMonkey for Mac can be downloaded from here.
The latest version of Mozilla SeaMonkey for Linux can be downloaded from here.

TELL US WHAT YOU THINK:

1,119 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Critical Vulnerabilities Patched in Firefox and Thunderbird
Security Updates Available for Mozilla Firefox and Thunderbird
Thunderbird and SeaMonkey Get Security Updates

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use