Aug 17, 2011 10:19 GMT  ·  By

Mozilla has released security updates for Thunderbird and SeaMonkey in order to address critical vulnerabilities in the two products that could be exploited to compromise computers.

The newly released Thunderbird 6, Thunderbird 3.1.12 and SeaMonkey 2.3 fix a total of thirteen security flaws in the Gecko layout engine and other components.

The vulnerabilities addressed in Thunderbird 6 and SeaMonkey 2.3 are the same, with the exception of a high-impact information disclosure bug in Content Security Policy reports that was only patched in the latter.

The rest of the flaws consisted of three arbitrary code execution bugs in Mozilla's WebGL implementation, two JavaScript ones, one in the SVG implementation, one in Windows D2D hardware acceleration and several memory safety hazards.

All patched vulnerabilities are rated as critical and could lead to full system compromise, with the exception of the Windows D2D and Content Security Policy ones. These two are rated as high severity.

Seven vulnerabilities were patched in Thunderbird 3.1.12, but the only one in common with Thunderbird 6 was the SVG text manipulation flaw reported by regenrecht via TippingPoint's Zero Day Initiative.

Another two, a privileged escalation flaw in event management code and a dangling pointer one in the appendChild function, could be exploited through JavaScript.

A privilege escalation issue exploitable by dropping a tab element in content area was also addressed, and so were several memory bugs discovered by Mozilla community members.

In addition, two highly-rated vulnerabilities, a binary planting flaw in ThinkPadSensor::Startup and an information leakage in RegExp.input were patched in Thunderbird 3.1.12.

The latest version of Mozilla Thunderbird for Windows can be downloaded from here. The latest version of Mozilla Thunderbird for Mac can be downloaded from here. The latest version of Mozilla Thunderbird for Linux can be downloaded from here. The latest version of Mozilla SeaMonkey for Windows can be downloaded from here. The latest version of Mozilla SeaMonkey for Mac can be downloaded from here. The latest version of Mozilla SeaMonkey for Linux can be downloaded from here.