Skip to comments.Firefox, Thunderbird, SeaMonkey Get a Security Overhaul
Posted on 06/01/2007 3:08:01 PM PDT by Zakeet
The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite.
Firefox users who don't install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low-privilege mode.
According to Mozilla's advisory, the impacts of the vulnerabilities vary. "Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory says.
Mozilla fixed the Layout Engine bugs in these updates: Firefox Versions 126.96.36.199 and 188.8.131.52.
(Excerpt) Read more at news.yahoo.com ...
I downloaded the latest version the other day. I ain’t got no Sea-Monkey. What am I missing?
I couldn't help but snicker a bit when I read this.
Use Firefox almost exclusively now. Up dated it yesterday. The Cooliris add on is really cool.
Yeah...what b seamonkey?
I just updated Firefox to the latest, and LOVE the new spell check. Just like a good WP program, a misspelled word in the window for typing a post here is underlined in red, and you correct it by selecting options with a right click, including adding to dictionary.
No more using the awful FR spell checker with its moronic failure to understand words with apostrophes and hyphens.
This has to be making the Firefox folks very happy, they are now big enough to be worth hacking...
Thanks a lot for the heads-up. Just updated my Firefox for Linux Mint.
I have to strongly disagree with you there. I've seen MS go months without fixing vulnerabilities that have been reported to them. Only when the folks who reported it to them threaten to go public would they release patches. I've heard of this happening quite a lot in the earlier days of XP.
Is there a secret handshake for upgrading thunderbird?
In some cases security people get so fed up waiting even after it goes public that they produce their own unofficial patch, which embarrasses Microsoft into finally fixing it. IIRC, that was the case with the WMF vulnerability.
Not much, it blows. It appears to be the latest incarnation of Netscape, with Netscape's vastly inferior interface to Firefox, but it does have a built-in email client and news viewer.
The truth is often times a hard thing. So brace yourself: remember those x-ray glasses they sold in comic books? THEY DON’T WORK!
Interesting... I use Thunderbird 184.108.40.206 which updated for security issues on May 30:
However I also see a reference to Thunderbird 220.127.116.11 which appears to be a newer release but could be just a beta. It does not show any updates:
Think I'll stick with version 1.5 for a while.
Thunderbird 1.5: This version of Thunderbird will be supported until October 18, 2007 with security and stability updates. We strongly encourage all users to upgrade to Thunderbird 2.
Unsupported versions of Thunderbird for other platforms are also available.
One more note. As of last month (May) Thunderbird 2.0 had some bugs. Check out this Thunderbird Forum thread, especially the May 18th post:
Thanks. I’ve been on 2.0 pretty much since it was released. Seems to work o.k. for me. Then again, I have 95% of my spam filtering happening at my email provider.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.