Security Alert (A15-07-03): Multiple Vulnerabilities in Firefox and Thunderbird
03 July 2015
Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, uses of uninitialized memory, poor validation, read of not owned memory in zip files and buffer overflows. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.
Firefox prior to version 39
Firefox ESR 38.x prior to version 38.1
Firefox ESR 31.x prior to version 31.8
Thunderbird prior to version 38.1
Depending on the vulnerability exploited, a successful attack could lead to application crash, bypass of security restrictions, elevation of privilege, information disclosure and arbitrary code execution.
Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:
Firefox 39 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/all.html
Firefox 39 for Android http://play.google.com/store/apps/details?id=org.mozilla.firefox
Firefox ESR 31.8 and 38.1 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/organizations/all/
Thunderbird 38.1 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/thunderbird/all.html
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.