Mozilla’s Firefox and Thunderbird are among the most liked web browsers and e-mail client respectively for millions of users across the world. The ease of use over other web browsers and fantastic features in the email client is attributed to the popularity of the two. However, if you use Mozilla Firefox and Thunderbird, you will have to do a few security updates published by Mozilla lately. The updates are essential for the legacy version of both Thunderbird and Firefox. The updates would be prompted automatically on your systems.
Speaking about the security fixes of latest Firefox 3.6.7 for Mac, Linux and Windows Operating systems, there were about 14 security bugs that were fixed by Mozilla. Out of the 14 security bugs, eight were termed as critical, two were among the high-level security issues and four were termed as moderate bugs. The bugs created number of problems in these operating systems like: cross origin leakage of script file name in the error message. The bugs accounted to Cross-domain data theft with the help of CSS, vulnerabilities like multiple location bar spoofing, the characters that were mapped to U+FFFD in 8 bit encodings caused the next character to vanish, cross-origin data disclosure using the importScripts and the Web Workers and same-origin bypass with the help of canvas context. The bugs caused remote code execution with malformed PNG image type, nsTreeSelection dangling pointer remote code execution, overflow of the Array index integer, arbitrary execution of code with the help of SJOW and fast native function and remote code execution vulnerability of the Plugin parameter nEnsureCachedAttrParamArrays. Other problems associated with the bugs include error in the NodeIterator, problems in the DOM attribute cloning remote code execution and a few miscellaneous memory safety hazards. The same bugs were fixed for the Firefox 3.5.11 versions but Mozilla is encouraging its users to use the upgraded version i.e. Firefox 3.6.7.
Mozilla has encouraged its users to upgrade to newer versions of Thunderbird as soon as possible although the Thunderbird 3.0.x versions will receive the security updates from Mozilla for some time.