Mozilla plugs 10 security holes in Firefox
Thunderbird not go with latest updates
Mozilla coughed its latest Firefox update this week and patched ten flaws – five of which were critical vulnerabilities – in the latest version of its browser.
The firm said it strongly recommended that Firefox fanciers upgrade to version 18.104.22.168 because of the number of security fixes built into the latest update.
The update, which applies to Windows, Mac and Linux-based machines, was pushed out automatically by Mozilla earlier this week.
Other vulnerabilities that have now been patched include a privacy issue with SSL client authentication, an HTTP referrer spoofing bug and a fix for a Java socket connection to any local port via LiveConnect.
However, the firm has not built the fixes into the latest version of its mail client Thunderbird, even though it shares five of the flaws. Mozilla’s David Ascher said on his blog last week that patches will not be available for “several weeks”.