Security flaws found in fix for Firefox, SeaMonkey

Mozilla Foundation says patch issued in mid-December introduced vulnerability to browser and application suite.

Mozilla Foundation on Monday issued a critical fix designed to address vulnerabilities in a recent security update for the Firefox browser and SeaMonkey application suite.

The security flaws were discovered in Firefox 1.5.0.9 and 2.0.0.1, as well as in SeaMonkey 1.0.7, according to a security advisory posted by Mozilla.

Security researchers say the initial fix, issued in mid-December, was designed to address vulnerabilities in Firefox, SeaMonkey and Mozilla's Thunderbird e-mail client . But that particular fix introduced a flaw that could allow JavaScript code from Web content to be exploited, then lead to the execution of arbitrary code.

Mozilla advises Firefox users to upgrade to version 1.5.0.10 and 2.0.0.2, and SeaMonkey users to update to version 1.1.1 and 1.0.8.

Disabling JavaScript will not protect users from the vulnerabilities, Mozilla warned.

Tags:
Security
About the author

    Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

     

    Discuss Security flaws found in fix for Firefox,...

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Use Google Now to send messages with WhatsApp, Viber (and other apps)