Mozilla Patches 12 Firefox Flaws

The organization also patched the Thunderbird e-mail client
Mozilla Corp. on Thursday patched its Firefox browser against 12 vulnerabilities, 5 of them labeled "critical" by the Mountain View, Calif. company.

Firefox is the fourth security update to the 1.5 edition of the browser since it released last November. The number of holes plugged in, however, is only half that of April's mega-patch, when 24 total, 11 of them "critical," were fixed.

Danish vulnerability tracker Secunia tagged the update with a "highly critical" rating, it's second highest ranking.

Some of the flaws could be used by attackers to generate buffer overflows, which can lead to further system access, including planting malicious code on the computer, Secunia noted. Others would let attackers run malicious JavaScript without the user's permission.

A list of the bugs patched by can be found on the Mozilla Foundation's Web site.

Mozilla also patched its Thunderbird e-mail client, fixing 8 flaws by releasing version; meanwhile, the separate SeaMonkey project rolled out its 1.0.2 version, the follow-up to the now-defunct Mozilla browsing suite, and fixed a long list of bugs.

This is the second update of Firefox since Mozilla announced it was ending support for the older Firefox 1.x line.

Firefox and Thunderbird can be downloaded from the Mozilla Corp. site, while SeaMonkey can be found here. Users of Firefox and Thunderbird 1.5.x, however, can wait for those programs' automatic update functions to kick in and retrieve the smaller-sized update files.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing