Mozilla has released updates to its popular Firefox browser, its Thunderbird e-mail client, and its SeaMonkey application suite, aiming to address highly critical security flaws that could expose users' sensitive information.
Users are advised to update to version 3.0.5 of Firefox, which was released Tuesday. They are also advised to update to version 18.104.22.168 of Thunderbird and version 1.1.14 of SeaMonkey.
The vulnerabilities were found in earlier versions of Firefox 3, as well as in versions of Firefox 2.
According to a research note released Wednesday by security researcher Secunia:
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
- An error when processing the "persist" XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions.
One advisory addresses critical security flaws in all three programs (Firefox, Thunderbird, and SeaMonkey) that could arise from memory corruption and result in malicious attackers launching arbitrary code from users computers.