Mozilla closes critical security holes
Only most recent versions are affected by these Vulnerabilities
Mozilla has released Firefox 10.0.1, Firefox ESR 10.0.1, Thunderbird 10.0.1, Thunderbird ESR 10.0.1 and SeaMonkey 2.7.1 to fix a single critical security hole in the browsers and mail clients which appeared in version 10. The security advisory says that versions previous to Firefox 10, Thunderbird 10 and Seamonkey 2.7 are unaffected by the use after free problem.
The problem was discovered by Mozilla developers and causes a “potentially exploitable” crash in nsXBLDocumentInfo::ReadPrototypeBindings. Updates are available through Firefox, Thunderbird and SeaMonkey’s automatic update system and can be made to install by bringing up the “About” dialogue for the relevant application and selecting the “Apply Upgrade” button when it appears. Firefox and Thunderbird 10 were released at the end of January.
- Mozilla – Critical holes fixed in their three big players (netsecurityit.wordpress.com)
- Thunderbird 10.0.1 Update Released (ghacks.net)
- Email Client Thunderbird 10 Released (ghacks.net)