Security Alert (A15-05-03): Multiple Vulnerabilities in Firefox and Thunderbird
13 May 2015
Firefox prior to version 38
Firefox ESR prior to version 31.7
Thunderbird prior to version 31.7
Depending on the vulnerability exploited, a successful attack could lead to application crash, bypass of security restrictions, elevation of privilege, information disclosure and arbitrary code execution.
Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:
Firefox 38 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/all.html
Firefox 38 for Android http://play.google.com/store/apps/details?id=org.mozilla.firefox
Firefox ESR 31.7 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/organizations/all/
Currently, the patch for Thunderbird is still pending from the product vendor. Since the vulnerability could be exploited by simply viewing a malicious website, as an interim measure as well as security best practices, users are reminded not to visit suspicious websites, nor follow URL links from un-trusted sources or emails such as spam, and to keep the virus signature as well as detection and repair engine up-to-date.
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.