Critical Vulnerabilities Fixed with Release of Firefox 18 and Thunderbird 17.0.2

The mis-issued TURKTRUST digital certificates have been blocked

By Eduard Kovacs on January 9th, 2013 09:16 GMT

Mozilla has released Firefox 18 and Thunderbird 17.0.2. Both releases address a number of critical vulnerabilities that could have been leveraged by a remote attacker to seamlessly install software or execute malicious code.

With these updates, Mozilla has blocked the mis-issued TURKTRUST certificates. It’s worth noting that the company was among the first to announce the removal of the problematic certificates after news broke out regarding the fact that they were being used in phishing attacks.

Aside from this, critical use-after-free vulnerabilities in Javascript Proxy objects, Vibrate, ListenerManager, serializeToStream, and when displaying table with many columns and column groups have been addressed in both Thunderbird and Firefox.

Other critical security issues fixed in both applications include a privilege escalation through plugin objects, and buffer overflows in Javascript string concatenation and in Canvas. Miscellaneous memory safety hazards have also been patched up.

In Firefox 18, an installer DLL hijacking flaw has been taken care of.

Firefox for Windows is available for download here
Firefox for Mac is available for download here
Firefox for Linux is available for download here

Thunderbird for Windows is available for download here
Thunderbird for Mac is available for download here
Thunderbird for Linux is available for download here 
Mozilla addresses vulnerabilities in Thunderbird 17.0.2 and Firefox 18
   Mozilla addresses vulnerabilities in Thunderbird 17.0.2 and Firefox 18
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments