Firefox and Thunderbird get security updates
THE MOZILLA FOUNDATION has fixed a hole in its Internet browser Firefox and email client Thunderbird in record time. Less than 48 hours after receiving a report of a critical flaw in Firefox, Mozilla issued an emergency update that patched it.
Mozilla released Firefox 3.6.12 and Firefox 3.5.15 to patch the vulnerability, which had been exploited by malware planted on the Nobel Peace Prize website. The vulnerability existed in the Windows, Mac OS X and Linux versions of Firefox 3.6 and the older Firefox 3.5. It does not cause problems for those using the Firefox 4 beta.
Thunderbird has browser-like capabilities and is vulnerable to the same bug. If the user opens a website in Thunderbird that exploits the vulnerability an attacker could get remote access to the local system.