Firefox, Thunderbird and SeaMonkey updates fix critical vulnerabilities
In the latest round of updates of its suite of internet applications, Mozilla has detailed the security fixes in the Firefox 11 browser, Thunderbird 11 email and news client and SeaMonkey 2.8 "all-in-one internet application suite". There are also fixes for the "enterprise" and legacy versions of Firefox and Thunderbird. These fixes include a correction to a memory error in Array.join() which had been fixed last month, but was exploited during the Pwn2Own contest by Vincenzo Iozzo.
According to the Security Advisories for Firefox page, the Firefox 11.0 update addresses a total of eight vulnerabilities in the browser, five of which are rated as "Critical". The same vulnerabilities have also been fixed in Thunderbird 11 (release notes) and SeaMonkey 2.8 (release notes), as they are based on the same Gecko platform as Firefox 11.
These critical issues include memory handling errors and a use-after-free problem that could lead to memory corruption, a crash when accessing keyframe cssText, and a privilege escalation issue when javascript: is used as the user's home page URL. A critical use-after-free bug in SVG animation has also been fixed. Some of these vulnerabilities, Mozilla says, could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim's system. Mozilla has also corrected three moderate vulnerabilities, including two cross-site scripting (XSS) holes and an issue that could be used for UI spoofing.
The same issues are also addressed in the "enterprise" extended support releases (ESR) of Firefox ESR (advisory) and Thunderbird ESR (advisory). The legacy versions of the Mozilla applications have also been updated. Firefox 3.6.28, an update to the 3.6.x legacy branch of the browser, and Thunderbird 3.1.20, an update to the 3.1.x branch of Thunderbird, both close four of the critical bugs and one moderate problem.
See also:
- Mozilla stages release of Firefox 11, a report from The H.
(crve)