Vulnerabilities have been reported in Mozilla Firefox and Thunderbird. These vulnerabilities could be exploited by malicious people to ypass browser/mail client security restrictions, disclose information, and conduct cross-site scripting and phishing attacks. Version 22.214.171.124 fixes these issues for both Firefox and Thunderbird, so update as soon as possible.
An Excel exploit has been released into the wild. The exploit takes advantage of a vulnerability described in MS08-014. Microsoft has already released an update for this, so if it hasn’t been installed already. Now would be a really great time to do so.
Mozilla Thunderbird 126.96.36.199 has been found to contain a heap buffer overflow vulnerability due to the way it handles external-body MIME types. Systems running this version of Thunderbird are vulnerable to compromise or the execution of arbitrary code via specially crafted email messages. You should update to Thunderbird 188.8.131.52 as soon as possible.
Mozilla’s advisory is located at: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 184.108.40.206 and prior. Thunderbird 220.127.116.11 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.
Some vulnerabilities in Apache Tomcat have been discovered. These vulnerabilities could allow for the manipulation of an SSL session or the disclosure of session ID’s. Administrators running Tomcat should update to version 5.5.26 or 6.0.16.
Multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey have been reported. These vulnerabilities could result in memory corruption, information exposure, directory traversal, and potentially other issues. A proof of concept exists for Firefox 18.104.22.168. Users should update their Mozilla software to the latest version, and keep an eye out for any additional updates to this issue.