Mozilla fixes 10 Firefox flaws, half seen as 'critical'
But Thunderbird patches are delayed for 'several weeks'
Computerworld - Mozilla Corp. yesterday patched 10 vulnerabilities, half of them marked "critical," in its open-source browser as it updated Firefox to Version 220.127.116.11. The new Mozilla Messaging Inc. spin-off, however, was not able to provide a matching update to its Thunderbird e-mail client, which shares five of the Firefox flaws that were fixed.
Mozilla's six advisories spelled out five Firefox bugs marked "critical," three tagged "high" and one each "moderate" and "low."
"There's a little bit here to interest most everyone," said Andrew Storms, director of security operations at nCircle Network Security Inc. "The bulletins claim no favor in the many types of vulnerabilities typically associated with browsers."
"Sun has updated the Java Runtime Environment with a fix for this problem. Mozilla has also added a fix to LiveConnect to protect users who don't have the latest version of Java," Mozilla said in the advisory.
"Here we have Firefox putting out a mitigation step for a bug in Java," said Storms. "It's a welcome addition when one vendor can help out another."
All 10 vulnerabilities were also patched by the SeaMonkey Project, a separate open-source initiative that develops a multifunction browser suite.
A release date for Thunderbird 18.104.22.168 to fix the flaws has not been set. According to David Ascher, the head of Mozilla Messaging, the e-mailer's update will follow Firefox's by "several weeks."
In a post to his blog last week, Ascher cited several reasons why a simultaneous release of Thunderbird and Firefox updates was impossible. "Some of those resource contentions are due to not enough automation for the Thunderbird release process, and some of it is the consequence of not enough people with the right training," he said.
Read more about Security in Computerworld's Security Topic Center.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!