Mozilla issues security updates

"Critical" updates cover flaws in Firefox, Thunderbird and SeaMonkey that could allow for cross-site scripting and remote execution of code.

The Mozilla Foundation has issued "critical" security updates to vulnerabilities discovered in the Firefox browser, Thunderbird e-mail client and SeaMonkey application suite.

Flaws were found in versions of the open-source software prior to both Firefox 2.0.0.1 and Firefox 1.5.0.9, as well as prior to Thunderbird 1.5.0.9 and SeaMonkey 1.0.7, Mozilla said Tuesday.

The vulnerabilities could potentially be exploited to conduct cross-site scripting attacks, to let malicious attackers launch a remote execution of code on users' computers, and to expose sensitive information, according to an advisory from security company Secunia.

While Mozilla labeled the updates "critical," Secunia rated them "highly critical."

Mozilla advised people to forgo enabling JavaScript in Thunderbird and the mail portions of its Internet application suite SeaMonkey. People are also advised to download SeaMonkey 1.0.7, which is undergoing its final paces of testing.

"Some of these (flaws) were crashes that showed evidence of memory corruption, and we presume that at least some of these could be exploited to run arbitrary code with enough effort," according to one of six-related "critical" Mozilla security advisories issued Tuesday.

Last month, Mozilla also issued "critical" security updates for Firefox, Thunderbird and SeaMonkey . Like the new flaws, the earlier ones involved the potential for malicious attackers to take hold of users' systems.

Tags:
Security
About the author

    Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

     

    Discuss Mozilla issues security updates

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    For the vinyl curious: Pioneer PL-30-K turntable