Mozilla Release Firefox 3.6.13 Security Update
While using my Firefox web browser this morning, I was notified about a new available security and stability release – Firefox version 3.6.13. I immediately downloaded the latest version and updated Firefox. After that, I checked on the Mozilla website to find out more about the security issues that were addressed. I found out that this release contains patches for 11 vulnerabilities with 9 of those being deemed as critical.
Here’s the complete list of vulnerabilities that were patched in Firefox 3.6.13:
- XSS hazard in multiple character encodings
- Location bar SSL spoofing using network error page
- Incomplete fix for CVE-2010-0179
- Integer overflow vulnerability in NewIdArray
- Use-after-free error with nsDOMAttribute MutationObserver
- Java security bypass from LiveConnect loaded via data: URL meta refresh
- Add support for OTS font sanitizer
- Crash and remote code execution using HTML tags inside a XUL tree
- Chrome privilege escalation with window.open and <isindex> element
- Buffer overflow while line breaking after document.write with long string
- Miscellaneous memory safety hazards (rv:184.108.40.206/ 220.127.116.11)
Aside from the Firefox release, Mozilla has also released a security update for their email client – Thunderbird version 3.1.7. The Thunderbird release contains several bug fixes for performance and stability as well as enhancements for better handling of locally stored large folder files and improvements to reduce the risk of corruption of local IMAP mailbox copies.
If you are using Mozilla Firefox as your web browser and Thunderbird as your default email client, it is strongly recommended that you immediately update to the latest versions. In case you didn’t receive any notifications while using Firefox of Thunderbird, you can download and install the updates manually from their respective websites – Firefox website and Thunderbird website