http://www.computerworld.com:80/action/article.do?command=viewArticleBasic&articleId=9022179&intsrc=news_ts_headMozilla Corp. patched its flagship Firefox browser today with fixes for six vulnerabilities, one of which was stamped "critical" by the open-source developer. This was the third time Mozilla has updated Firefox in 2007.
The updates bring the current browser to Version 2.0.0.4, and the 2005 edition to 1.5.0.12.
MFSA 2007-12, the most serious of the six, patched 30 separate memory corruption bugs in the browser layout and JavaScript engines. Even Mozilla seemed unsure of their impact. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory read.
Mozilla warned Thunderbird and SeaMonkey that their e-mail software, which shares Firefox's layout engine, may be vulnerable to these bugs as well. The developers recommend that users do not enable JavaScript in Thunderbird or the mail portion of SeaMonkey.
:)