An update for both Firefox and Thunderbird has been released by
Mozilla. Version 1.5.0.4 is now available, according to the release
notes, the list below are the supposed fixed
known-vulnerabilities.
For Firefox
- MFSA 2006-43 Privilege escalation using
addSelectionListener - MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
- MFSA 2006-41 File stealing by changing input type
(variant) - MFSA 2006-39 “View Image” local resource linking (Windows)
- MFSA 2006-38 Buffer overflow in crypto.signText()
- MFSA 2006-37 Remote compromise via content-defined setter on
object prototypes - MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
- MFSA 2006-35 Privilege escalation through XUL persist
- MFSA 2006-34 XSS viewing javascript: frames or images from
context menu - MFSA 2006-33 HTTP response smuggling
- MFSA 2006-32 Fixes for crashes with potential memory
corruption - MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig,
Greasemonkey)
For Thunderbird
- MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
- MFSA 2006-40 Double-free on malformed VCard
- MFSA 2006-38 Buffer overflow in crypto.signText()
- MFSA 2006-37 Remote compromise via content-defined setter on
object prototypes - MFSA 2006-35 Privilege escalation through XUL persist
- MFSA 2006-33 HTTP response smuggling
- MFSA 2006-32 Fixes for crashes with potential memory
corruption - MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig,
Greasemonkey
So update those firefox and thunderbird softwares now…