Dec 10, 2010 12:15 GMT  ·  By

Mozilla has released Thunderbird 3.1.7, 3.0.11 and SeaMonkey 2.0.11 as stability and security updates, which fix multiple critical vulnerabilities that can lead to arbitrary code execution.

The new Thunderbird version contains patches for a total of five vulnerabilities rated as critical, which are covered in three advisories.

One involves the implementation of Google’s OpenType Santizer (OTS) library, which parses, serializes and validates downloadable font files, preventing any of them from exploiting vulnerabilities in the underlying font handling code.

The implementation resolves several security issues (CVE-2010-3768) credited to Marc Schoenefeld from the Red Hat Security Response Team and Christoph Diehl from Mozilla security.

The second critical vulnerability, identified as CVE-2010-3768, concerns a buffer overflow condition that can be triggered by passing a long string to the document.write() function.

Such cases triggered an invalid read past the end of an array causing a crash which an attacker could potentially use to run arbitrary code on a victim's computer,” Mozilla explains.

The final three critical memory safety bugs (CVE-2010-3776, CVE-2010-3777 and CVE-2010-3778) are located in the Gecko layout engine and are covered in a cumulative security advisory.

One of these flaws only affects Thunderbird 3.1.x, one Thunderbird 3.0.x, and the other both branches. However, all users are encouraged to update to Thunderbird 3.1.

Thunderbird 3.0.11 is the last security and stability update for Thunderbird 3.0.x. Thunderbird 3.0.x users will be prompted and encouraged to start using Thunderbird 3.1 starting early next year,” the Mozilla developers announce.

As far as SeaMonkey, Mozilla’s Internet suite, is concerned, the new 2.0.11 fixes all of the vulnerabilities addressed in Thunderbird, but also an additional eight patched in Firefox.

The latest version of Mozila Thunderbird for Windows can be downloaded here.

The latest version of Mozila Thunderbird for Mac can be downloaded here.

The latest version of Mozila Thunderbird for Linux can be downloaded here.

The latest version of Mozila SeaMonkey for Windows can be downloaded here.

The latest version of Mozila SeaMonkey for Mac can be downloaded here.

The latest version of Mozila SeaMonkey for Linux can be downloaded here.