NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Security Fixes and Improvements

September 8th, 2010, 11:58 GMT · By Lucian Constantin

Security Updates Available for Thunderbird and SeaMonkey

Adjust text size:

Thunderbird 3.1.3 fixes critical security vulnerabilities

Mozilla has released Thunderbird 3.1.3 and SeaMonkey 2.0.7 in order to fix a flurry of vulnerabilities that could lead to arbitrary code execution.

There are a total of fourteen security advisories, some covering multiple bugs and some pertaining only to certain operating systems.

For example, one of the addressed issues stems from a Windows design flaw which also affects hundreds of other applications and allows for attacks dubbed "binary planting".

This is caused by the fact that Windows prioritizes certain locations when searching for a binary file to load, if the full path is not specified.

Another memory corruption vulnerability marked as critical can only be exploited on Mac systems by opening a document with a specially crafted font.

A different flaw, which is marked as low impact on Thunderbird 3.1 is actually critical for SeaMonkey 2.0 and Thunderbird 3.0 branches. Because of this a 3.0.7 Thunderbird update was also released.

There are also two cross-site scripting (XSS) vulnerabilities, marked as high and medium respectively, and a low-impact information disclosure one.

"[…] The type attribute of an <object> tag can override the charset of a framed HTML document, even when the document is included across origins.

"This could potentially allow an attacker to inject UTF-7 encoded JavaScript into a site, bypassing the site's XSS filters, and then executing the code [...]," is explained in the advisory corresponding to the high impact XSS bug.

It is also noted that both Thunderbird 3.1.3 and 3.0.7 address several stability issues and make small corrections to the user interface.

As usual, the Thunderbird and SeaMonkey updates shipped at the same time as a security update for Firefox, since all of the products are powered by the Gecko engine.

Thunderbird 3.1.3 and 3.0.7 for Windows can be downloaded from here.

Thunderbird 3.1.3 and 3.0.7 for Mac can be downloaded from here.

Thunderbird 3.1.3 and 3.0.7 for Linux can be downloaded from here.

SeaMonkey 2.0.7 for Windows can be downloaded from here.

SeaMonkey 2.0.7 for Mac can be downloaded from here.

SeaMonkey 2.0.7 for Linux can be downloaded from here.

FILED UNDER:

Thunderbird 3.1.3

SeaMonkey 2.0.7

security update

critical vulnerability

TELL US WHAT YOU THINK:

803 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

New Firefox Update Fixes Critical Vulnerabilities

Thunderbird Security Updates Address Critical Vulnerabilities

Mozilla Ramps Up Vulnerability Reward Program

Thunderbird 2.0.0.23 Patches SSL Vulnerabilities

READER COMMENTS:

No user comments yet.

Be the first to express your opinion!

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use