Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: FF/TB Updates SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FF/TB Updates
A slew of security fixes are being rolled out for FireFox and Thunderbird.  The patches, which will take FireFox to version or and Thunderbird to fix critical security flaws such as XSS (cross-site scripting) issues, privacy leaks when retrieving RSS feeds, a flaw in SVG / DOM handling, and a cursor image overflow in FireFox.  Thunderbird gets fixes for a mail header overflow and inherits several of the FF fixes as well.  As I write this, the new code doesn't appear to be available, but expect the auto-update feature to kick in soon...

More info:


The links are now live and you can download this manually, but the auto-update feature is not there yet. Here's the list of security fixes in Firefox version

XSS using outer window's Function object
RSS Feed-preview referrer leak
Mozilla SVG Processing Remote Code Execution
XSS by setting img.src to javascript: URI
LiveConnect crash finalizing JS objects
Privilege escallation using watch point
CSS cursor image buffer overflow (Windows only)
Crashes with evidence of memory corruption (rv:


160 Posts
Dec 19th 2006

Sign Up for Free or Log In to start participating in the conversation!