The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.

  • Firefox 26
  • Firefox ESR 24.2
  • Thunderbird 24.2
  • SeaMonkey 2.23

These vulnerabilities could allow a remote attacker to bypass intended security restrictions, conduct a spoofing attack, execute arbitrary code, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 26Firefox ESR 24.2Thunderbird 24.2, and SeaMonkey 2.23 and apply any necessary updates to help mitigate the risk.