Critical Vulnerabilities Firefox 21 & Thunderbird 17.0.6

Listen to this article

firefox_thunderbirdAlthough it is no longer actively developed, Mozilla Thunderbird continues to receive updates and the most recent one, as expected, benefited from a small number of fixes.

Among the most significant security issues (labeled “critical”) fixed in this release are memory corruption problems identified using Address Sanitizer.

On the same note, a use-after-free error that could lead to arbitrary code execution has been removed. Third on the list of critical vulnerabilities are various memory safety hazards that could have been exploited to run arbitrary code on the target system.

Security flaws with a lower impact (labeled “high”), but equally important, have also been eliminated. These made possible local privilege escalation through Mozilla Maintenance Service, gaining privileged access for content level constructor and usage of DOMSVGZoomEvent functions without being properly initialized.

All these security glitches affected both Mozilla Thunderbird and Firefox browser, therefore updating the latest versions of these products is highly recommended.

In the case of Firefox, though, the developer did away with additional high impact security threat. It refers to the update mechanism failing to refresh some Windows Registry entries, which would leave Mozilla Maintenance Service open to already fixed privilege escalation attacks.

Download Firefox for WindowsMacLinux or Android
Download Thunderbird for WindowsMac or Linux

About Faisal Ebrahim

Tech enthusiast, IT & Cybersecurity consultant & Sales manager. I'm passionate about staying ahead of the curve on emerging technologies, including EVs, AI, robotics, and the metaverse. For over 15 years, I've explored and shared these innovations on my blog,

Buy Me a Coffee