Mozilla Shuts Vital Security Hole

Tuesday, February 14, 2012 @ 03:02 PM gHale

Mozilla released Firefox 10.0.1, Firefox ESR 10.0.1, Thunderbird 10.0.1, Thunderbird ESR 10.0.1 and SeaMonkey 2.7.1 to fix a single critical security hole in the browsers and mail clients which appeared in version 10.

The security advisory said versions previous to Firefox 10, Thunderbird 10 and Seamonkey 2.7 are unaffected by the use after free problem.

RELATED STORIES
Google Secures Chrome 17
Chrome Loses SSL Query Capability
Mozilla Closes Product Suite Holes
Holes Fixed in Mozilla Network

Mozilla developers discovered the issue, which causes a “potentially exploitable” crash in nsXBLDocumentInfo::ReadPrototypeBindings.

Updates are available through Firefox, Thunderbird and SeaMonkey’s automatic update system and can also install by bringing up the “About” dialogue for the relevant application and selecting the “Apply Upgrade” button when it appears. Firefox and Thunderbird 10 released at the end of January.

The updates are also available for the new ESR (Extended Support Release) versions of the browser and email client, Firefox ESR and Thunderbird ESR which are currently in their “qualification” phase.



Leave a Reply

You must be logged in to post a comment.