Mozilla discloses six security flaws

News by Frank Washkuch Jr.

Mozilla released six security advisories on Wednesday for flaws in its Firefox, SeaMonkey and Thunderbird programs.

Mozilla released six security advisories on Wednesday for flaws in its Firefox, SeaMonkey and Thunderbird programs.

The most serious of the vulnerabilities is a "critical" flaw in Firefox, Thunderbird and SeaMonkey that can allow crashes if exploited. Mozilla’s investigators have presumed the flaw to allow arbitrary code, according to an advisory.

The organisation also advised users to disable JavaScript in Thunderbird or the mail portions of SeaMonkey. Mozilla credited its developers and security community with reporting the flaw.

All disclosed flaws were fixed in Firefox versions 2.0.0.4 and 1.5.0.12, Thunderbird 2.0.0.4 and 1.5.0.12 and SeaMonkey 1.0.9 and 1.1.2.

Mozilla also warned of a "high" impact cross-site scripting bug in Firefox that could be used to inject malicious code onto a victimised site. Users were advised to disable JavaScript until a fixed version can be installed.

The Californian organisation also fixed a "moderate" security vulnerability in Thunderbird and SeaMonkey APOP Authentication, as well as three "low" impact vulnerabilities in XUL Popup Spoofing, cookie handling and form autocomplete.

Many of the third-parties who provide the extensions, such as Yahoo, Google and Facebook, have been notified of the bug but have yet to provide a patch.

Mozilla patched three flaws in two March releases.

A Mozilla representative could not immediately be reached for comment today.
Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events