The newest versions of the Firefox Web browser and the Thunderbird e-mail app were recently released, patching 16 vulnerabilities in Firefox (seven of them critical) and 12 in Thunderbird (five of them critical).
"That's the greatest number of security fixes in one version since Firefox switched to the rapid release model," notes ITWire's Stephen Withers.
"The bug fixes close several memory-related critical vulnerabilities that could be exploited by remote attackers to execute arbitrary code on a target system," The H Security reports. "Both Firefox and Thunderbird were affected by a vulnerability that allowed an attacker to inject code into the web console and use eval() to run it in a privileged context. This could allow malicious sites to execute arbitrary code when the console is invoked by the user. This problem, rated as high on Mozilla's scale, has now been fixed. Further security vulnerabilities, two of them rated critical, were closed in the Graphite 2 library, in WebGL and in the SVG rendering engine which are all used by both Firefox and Thunderbird."
"Mozilla also fixed a bitmap processing error in which Firefox crashed when attempting to decode bitmap (.bmp) images with a negative height header value," writes Sophos' Paul Roberts. "The vulnerability caused a memory crash that could, potentially, be exploitable, Mozilla warned."