February 20, 2013
In addition to the release of Firefox 19.0 yesterday, Mozilla has released version 17.0.3 of its Thunderbird E-mail client, for Linux, Mac OS X, and Windows. This release corrects eight security vulnerabilities, four of which are rated Critical. (These are the same vulnerabilities that were fixed in Firefox 19.0. The two packages share a significant amount of code.) A bug with handling attachments in the message composition window was also fixed. More information is available in the Release Notes.
Because of the security fixes incorporated in this release, I recommend that you update your systems as soon as you conveniently can. You can use the update mechanism built into the software (Help / About Thunderbird / Check for Updates), or you can get a complete installation package, in a variety of languages, from the Thunderbird download page.
February 20, 2013
As expected, Adobe today released new versions of its Acrobat and Reader software for Windows, Mac OS X, and Linux. These address two critical security vulnerabilities (one a memory corruption problem, the other a buffer overflow) that, if exploited, might give an attacker control over your system. According to Adobe’s Security Bulletin [APSB13-07], the following versions of the software are vulnerable:
- Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
- Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
There is some evidence that these vulnerabilities are currently being exploited, primarily via E-mails that attempt to trick the user into opening a malicious PDF document.
Because the updates address a couple of serious vulnerabilities, I suggest that you update your systems as soon as you conveniently can. For Reader, Windows and Mac OS X users can get the new version via the update mechanism built into the software (Help -> Check for Updates). Alternatively, you can download update packages from these links:
Linux users can retrieve the new version, via FTP, from this link.
Please check the Security Bulletin for Acrobat update links.