14 DAY TRIAL // Mozilla has released Firefox 18 and Thunderbird 17.0.2. Both releases address a number of critical vulnerabilities that could have been leveraged by a remote attacker to seamlessly install software or execute malicious code.
With these updates, Mozilla has blocked the mis-issued TURKTRUST certificates. It’s worth noting that the company was among the first to announce the removal of the problematic certificates after news broke out regarding the fact that they were being used in phishing attacks.
Aside from this, critical use-after-free vulnerabilities in Javascript Proxy objects, Vibrate, ListenerManager, serializeToStream, and when displaying table with many columns and column groups have been addressed in both Thunderbird and Firefox.
Other critical security issues fixed in both applications include a privilege escalation through plugin objects, and buffer overflows in Javascript string concatenation and in Canvas. Miscellaneous memory safety hazards have also been patched up.
In Firefox 18, an installer DLL hijacking flaw has been taken care of.
Firefox for Windows is available for download here Firefox for Mac is available for download here Firefox for Linux is available for download here
Thunderbird for Windows is available for download here Thunderbird for Mac is available for download here Thunderbird for Linux is available for download here