Firefox, Thunderbird Fix Holes

Thursday, June 7, 2012 @ 02:06 PM gHale


Mozilla’s Firefox 13 and Thunderbird 13 releases close critical security holes in the open source browser and email client.

In addition, Mozilla also ported most of these fixes to the Extended Support Release (ESR) versions of both products.

RELATED STORIES
Firefox Add-on Shows Visited URLs
Chrome 18 Updated; Closes Holes
Mozilla Goes Silent with Firefox Update
Opera 12 Beta Boosts Security

Firefox 13 includes seven security fixes, four of them for critically rated vulnerabilities. Six of these security problems also affect Firefox ESR. The corrections fix a buffer overflow and a use-after-free problem found using the Address Sanitizer tool and several other memory safety issues. A critical privilege escalation vulnerability in the Mozilla Updater only affects the current edition of Firefox; the ESR edition remains unaffected.

The vulnerabilities and their fixes are mirrored in the Thunderbird 13 and Thunderbird ESR updates as the browser and email client share a large amount of rendering code.

Firefox 13 (release notes), Firefox ESR 10.0.5 (release notes), Thunderbird 13 (release notes) and Thunderbird ESR 10.0.5 (release notes) are available from Mozilla’s web site for Windows, Mac OS X and Linux.



Leave a Reply

You must be logged in to post a comment.