Mozilla’s Firefox 13 and Thunderbird 13 releases close critical security holes in the open source browser and email client.
In addition, Mozilla also ported most of these fixes to the Extended Support Release (ESR) versions of both products.
Firefox 13 includes seven security fixes, four of them for critically rated vulnerabilities. Six of these security problems also affect Firefox ESR. The corrections fix a buffer overflow and a use-after-free problem found using the Address Sanitizer tool and several other memory safety issues. A critical privilege escalation vulnerability in the Mozilla Updater only affects the current edition of Firefox; the ESR edition remains unaffected.
The vulnerabilities and their fixes are mirrored in the Thunderbird 13 and Thunderbird ESR updates as the browser and email client share a large amount of rendering code.
Firefox 13 (release notes), Firefox ESR 10.0.5 (release notes), Thunderbird 13 (release notes) and Thunderbird ESR 10.0.5 (release notes) are available from Mozilla’s web site for Windows, Mac OS X and Linux.