Seamonkey, Firefox, and Thunderbird vulnerbilities - Update to latest Versions

Since our dear Ramona is under the weather, she has asked me to post this.

According to Secunia, there are vulnerbilities in these programs that need to be fixed by updating your current version. Here's a quick look at what the problems are.

Seamonkey:
The following two vulnerabilities have also been reported:

1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body.

2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow.

Solution: Update to version 1.0.7.

Firefox:

1)Various errors in the layout engine and JavaScript engine can be exploited to cause memory corruption and some may potentially allow execution of arbitrary code.

2) An error when reducing the CPU's floating point precision, which may happen on Windows when loading a plugin creating a Direct3D device, may cause the "js_dtoa()" function to not exit and instead cause a memory corruption.

3) A boundary error when setting the cursor to a Windows bitmap using the CSS cursor property can be exploited to cause a heap-based buffer overflow.

4) An unspecified error in the "watch()" JavaScript function can be exploited to execute arbitrary code.

5) An error in LiveConnect causes an already freed object to be used and may potentially allow execution of arbitrary code.

6) An error in the handling of the "src" attribute of IMG elements loaded in a frame can be exploited to change the attribute to a "javascript:" URI. This allows execution of arbitrary HTML and script code in a user's browser session.

7) A memory corruption error within the SVG processing may allow execution of arbitrary code by appending an SVG comment DOM node from one document into another type of document (e.g. HTML).

8) The "Feed Preview" feature of Firefox 2.0 may leak feed-browsing habits to websites when retrieving the icons of installed web-based feed viewers.

9) A Function prototype regression in Firefox 2.0 can be exploited to execute arbitrary HTML and script code in a user's browser session.

Solution: Update to version 1.5.0.9 or 2.0.0.1.

Thunderbird:

1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body.

2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow.

Solution: Update to version 1.5.0.9.

As always, stay secure and make sure you have the latest updates.

Mike

 

Updates are not easily available. I was able to get the URLs

http://releases.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.1/
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.9/
http://releases.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5.0.9/
http://www.mozilla.org/projects/seamonkey/

Pick the win32 folder for Windows, and the appropriate language, i.e.en-US for the USA.
For seamonkey pick the win32 installer.exe
I installed the three above-mentioned program on top of the existing version.
A few extentions may not be compatible, but there is no problem if the Mr Tech Local Install are present.

 

Hi Westside.

I've been looking for version 1.5.0.9 but when I click on Win32 then eng-US, I have two downloads, i.e., complete and partial. Which do I use for updating from 1.5.0.7? Your help is appreciated.

 

Hello Ann, you can download the full version of TB 1.0.5.9 from Majorgeeks at this url: http://www.majorgeeks.com/Mozilla_Thunderbird_d4064.html

It will install right over the previous version of TB, no need to uninstall your older version.

 

Westside - or anyone: Can you tell me which of the two FF exe at the link you posted is the one I need (complete or partial)?

Hi JohnB - The link you posted is for Thunderbird while I am looking for FF only.
I have never used TB, but would love to try it. At one time Ramaona posted problems that I did not dare to get into, so I never installed it. Does it work OK for you? What version do you use of Firefox? TIA!

 

Ann,

If you plan on updating your V. 1.5.0.7, Mozilla urges users of V. 1.5 to upgrade to Firefox 2.0.0.1.

Firefox 1.5.0.9: http://www.mozilla.com/en-US/firefox/all-older.html
Firefox 2.0.0.1: http://www.mozilla.com/en-US/firefox/

Thunderbird is a very stable Mail Client, and it is a no hassle install. What Mail Client do you use now?

To answer your question, the 4.9MB file is the offline full install of Firefox. I would suggest that you uninstall 1.5.0.7 before installing 2.0.0.1, to ensure that all files are compatible.

 

Hi Ramona,

Thanks for the links. I have updated from 1.5.0.7 to 1.5.0.9. I hope to use this until FF 2 has been in use for awhile and all the bugs are fixed.

I use Opera for my mail. I have to check up on TB to make sure it will not cause any problems. I could use some input from you.

My experience with Firefox has been great, but I have not used any themes, extensions and what not, just the browser.

Glad to hear from you once more and wish you a Happy New Year.

 

Ann,

It will never happen my dear girl! There is no such animal as a browser with no bugs, or security vulnerabilities. However, Firefox and Thunderbird have fewer than most. Engineers are constantly working to make these two applications as safe as possible.

I believe you will find Thunderbird as stable as it gets, and in my opinion, superior to Opera Mail. Here is an explanation of how to migrate Opera Mail to Thunderbird:
http://www.tomwalsham.com/post.php?id=66

 

Thank you for the link, Ramona. I will check it out.

I finally remembered the problem there was with TB. there was a conflict with Norton AV. Perhaps you can remember exactly what the problem was. i still use Norton so I'd like to know if the situation was resolved.