7 Vulnerabilities Fixed in New Firefox, SeaMonkey Versions

Mozilla has released Firefox 3.5.6, 3.0.16, and SeaMonkey 2.0.1 to address 7 newly-disclosed vulnerabilities, 3 of them critical, in earlier versions.
The three critical updates are:MFSA 2009-67: Integer overflow, crash in libtheora video library—A malicious video could overflow a buffer size variable, resulting an undersized buffer and remote code execution. Firefox 3.0.x is unaffected as the library is not used in that version.MFSA 2009-66: Memory safety fixes in liboggplay media library—This flaw could allow remote code execution. Firefox 3.0.x is unaffected as the library is not used in that version.MFSA 2009-65: Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)—This is actually 4 separate vulnerabilities credited to 9 separate people. Mozilla doesn't research bugs such as these to the point of determining whether they can be used for remote code execution, but presumes that they can be.

There is one high severity update: MFSA 2009-68: NTLM reflection vulnerability—NTLM credentials from one application could be forwarded to another on behalf of the user.

Two moderate vulnerabilities, MFSA 2009-69 and MFSA 2009-70, could allow spoofing of an HTTPS URL and access to a parent chrome window.

Finally, MFSA 2009-71, (continue reading...)