The H-Online: In the latest round of updates of its suite of internet applications, Mozilla has detailed the security fixes in the Firefox 11 browser, Thunderbird 11 email and news client and SeaMonkey 2.8 “all-in-one internet application suite”. There are also fixes for the “enterprise” and legacy versions of Firefox and Thunderbird. These fixes include a correction to a memory error in Array.join() which had been fixed last month, but was exploited during the Pwn2Own contest by Vincenzo Iozzo.
According to the Security Advisories for Firefox page, the Firefox 11.0 update addresses a total of eight vulnerabilities in the browser, five of which are rated as “Critical”. The same vulnerabilities have also been fixed in Thunderbird 11 (release notes) and SeaMonkey 2.8 (release notes), as they are based on the same Gecko platform as Firefox 11.
The same issues are also addressed in the “enterprise” extended support releases (ESR) of Firefox ESR (advisory) and Thunderbird ESR (advisory). The legacy versions of the Mozilla applications have also been updated. Firefox 3.6.28, an update to the 3.6.x legacy branch of the browser, and Thunderbird 3.1.20, an update to the 3.1.x branch of Thunderbird, both close four of the critical bugs and one moderate problem.