Mozilla Patches Firefox, Thunderbird


Of the four critical vulnerabilities patched in Firefox, none are currently being exploited, Mozilla said in detailed descriptions of each fixed flaw. In fact, Mozilla said in several of the descriptions that it was not sure whether the specific vulnerabilities could be exploited, but had issued patches just in case.

"We presume that at least some of these could be exploited to run arbitrary code with enough effort," Mozilla stated in one patch's explanation.

That jibes with recent comments made by the company's new security chief, Window Snyder, who pointed out in a Tuesday interview that Mozilla's developers fix bugs even if they can't prove they are exploitable.

Two of the remaining 3 patches were labeled as "Moderate," while the third was tagged as "Important" by Mozilla. Danish vulnerability tracker Secunia, on the other hand, gave the update a collective "Highly critical" rating, its second-most-dire ranking.

Sponsored post

Mozilla also updated the Thunderbird e-mail client to, and patched 6 vulnerabilities, 2 of them critical.

The independent Camino and SeaMonkey projects updated their applications Thursday, too. The former, a native Mac OS X browser, moved up to version 1.0.3 by fixing several critical security and stability problems, and integrated the patches to the most recent Gecko rendering engine. SeaMonkey, which is a follow-on to the discontinued Mozilla browsing suite, migrated to version 1.0.5.

Firefox and Thunderbird can be downloaded from the Mozilla site. Existing users, meanwhile can update from within the browser or e-mail client (Help|Check for Updates in the Windows version), or wait for the automatic update service to kick in.

The new versions are available for Windows, Mac OS X, and Linux in 37 language-localized versions.