Number: IRCNE2013091961
Date: 2013/09/19
According to “zdnet”, Mozilla has released new versions of Firefox and the Thunderbird email client. The new version adds many new features and fixes many serious vulnerabilities.
10 Critical vulnerabilities, 4 rated High and 6 rated Moderate are fixed in this version. Nine of the critical vulnerabilities are memory management errors and one an integer overflow; all could lead to malicious code execution.
Many of the vulnerabilities technically apply to Thunderbird, but in practice cannot be exploited because they require features, like scripting, which are disabled in email.Version 24 also adds several new features.
Version 24 also removes support for Certificate Revocation Lists (CRLs), the original method for certificate authorities to advertise the revocation of a digital certificate, typically for SSL/TLS. CRLs are static lists of certificate IDs; they can get large and be cumbersome to manage. Google Chrome already does not support them, nor does Firefox Mobile.
- 2