Mozilla Releases Firefox and Thunderbird Updates

Mozilla has released Firefox and Thunderbird v2.0.0.17 and Firefox v3.0.3 to address multiple vulnerabilities. These may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a denial-of-service condition, operate with escalated privileges, or conduct Clickjacking attacks. Note that Firefox v3.0.2 was initially released to address these vulnerabilities. Version 3.0.3 was released to correct a flaw that was unrelated to the vulnerabilities.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Review the Security Advisories for Firefox 2.0.0.17.
• Review the Release Notes for Firefox 3.0.3.
• Upgrade to Firefox and Thunderbird 2.0.0.17 or Firefox 3.0.3 as necessary.

Read more: US-CERT Current Activity