Mozilla has fixed multiple flaws in Firefox, SeaMonkey and Thunderbird that attackers could exploit to bypass security restrictions, crash machines and run malicious code. The issues do not appear to affect the recently-released Firefox 2.0.
According to three advisories Mozilla released Tuesday:
RSA digital signatureswith a low exponent could be forged. The flaw was corrected in the Mozilla Network Security Services (NSS) library version 3.11.3 used by Firefox 2.0 and current development versions of Mozilla clients, but Firefox 220.127.116.11 was still vulnerable to attack.
The problems are rated critical by Mozilla and are fixed in Firefox 18.104.22.168, Thunderbird 22.214.171.124 and SeaMonkey 1.0.6.
The issues do not appear to affect the recently released Firefox 2.0, which included a variety of security tweaks and a new anti-phishing feature.