Following delays due to a startup crash regression, the Mozilla project development team has issued updates for the Firefox web browser and for the Thunderbird news and email client to close multiple critical security vulnerabilities affecting these products.
According to the developers, the Firefox updates address a total of ten issues, including eight critical security bugs, one high risk and one moderate problem. Many of the issues, such as crashes caused by corrupted JPEG images, memory corruption during text run construction, or buffer overflows in the JavaScript engine, could potentially lead to the remote execution of arbitrary code on a victim's system.

Thunderbird Logo As version 3.1.x is based on the same Gecko layout engine version as Firefox 3.6, the 3.1.8 update for Thunderbird fixes two of the same critical issues addressed in the above Firefox releases. The developers note that Thunderbird 3.0.11 from December of last year was the final security and stability update for Thunderbird 3.0.x and advise all users to upgrade to the 3.1 branch.

The link for this article located at H Security is no longer available.