Thursday, February 18, 2010

Mozilla Fixes Some Vulnerabilities

Mozilla has released security bulletins related to found issues in some of their products. Three of the found vulnerabilities are categorized as critical and two other as moderate. The latest 3.6 version of Firefox is not affected by any of these listed vulnerabilities.

Critical:
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- Thunderbird prior 3.0.2
- SeaMonkey prior 2.0.3

MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3

MFSA 2010-03 Use-after-free crash in HTML parser
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- Thunderbird prior 3.0.2
- SeaMonkey prior 2.0.3


Moderate:
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3

MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: