Security & Privacy

The Mozilla Foundation has issued updates to Firefox, Thunderbird and SeaMonkey, versions 10, for a single critical vulnerability. Two Mozilla developers:

found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

This vulnerability does not affect Firefox 9.

You can update Firefox by choosing Firefox > About Firefox, then clicking the Check for Updates button. You can also download Firefox here.