Softpedia >News >Security >Security Fixes and Improvements
Softpedia Homepage   

Security Updates Available for Mozilla Firefox and Thunderbird

Mar 2, 2011 08:30 GMT  ·  By
  

Mozilla has released security updates for its Firefox browser and Thunderbird email client addressing a significant number of critical vulnerabilities that can lead to arbitrary code execution.

There were a total of ten vulnerabilities fixed in the new Firefox 3.6.14 and 3.5.17, while Thunderbird 3.1.8 contains patches for three.

Eight of the flaws have a critical severity rating and consists of a crash caused by corrupted JPEG image (MFSA 2011-09), a Windows-only memory corruption during text run construction (MFSA 2011-07), an use-after-free memory error using Web Workers (MFSA 2011-06), another one in JSON.stringify (MFSA 2011-03) and two buffer overflows, one in JavaScript atom map (MFSA 2011-05) and one in JavaScript upvarMap (MFSA 2011-04).

A critical issue where recursive eval calls cause confirm dialogs to evaluate to true (MFSA 2011-02) was also addressed, while one patch (MFSA 2011-01) resolves multiple memory safety hazards.

The security changelog is completed by a fix for high-risk CSRF issues with plugins and 307 redirects (MFSA 2011-10) and moderate-impact problem with ParanoidFragmentSink allowing javascript: URLs in chrome documents (MFSA 2011-08).

It's worth noting that the corrupted JPEG crash (MFSA 2011-09) only affects Firefox 3.6.14 and Thunderbird 3.1.8. Instead, Firefox 3.5.17 addresses a critical vulnerability fixed in Firefox 3.6.13 back in December (MFSA 2010-74).

In addition to MFSA 2011-09, Thunderbird 3.1.8 also incorporated the patches for the memory issues covered in MFSA 2011-01 and the MFSA 2011-08 moderate-risk problem.

This Firefox update comes in preparation for the Pwn2Own contest at the upcoming CanSecWest 2011 security conference, which will put hackers against browsers. Google also patched its Chrome browser yesterday.

The latest version of Mozilla Firefox for Windows can be downloaded here.

The latest version of Mozilla Firefox for Mac can be downloaded here.

The latest version of Mozilla Firefox for Linux can be downloaded here.

The latest version of Mozila Thunderbird for Windows can be downloaded here.

The latest version of Mozila Thunderbird for Mac can be downloaded here.

The latest version of Mozila Thunderbird for Linux can be downloaded here.