OS/Platform/Application:

Mozilla Thunderbird (on all applicable platforms)
Mozilla Firefox version 2.0.0.x

Category: ALERT
Severity: HIGH
Attention: Thunderbird and Firefox 2.0.0.x Users, System Administrators, Desktop Support Personnel.

Summary: The Mozilla Foundation has released updated versions its popular Thunderbird email client and also "legacy" (version 2.0.0.x) Firefox web browser.  Version 2.0.0.17 of Thunderbird and Firefox address a number of security vulnerabilities, including two listed as "critical" for Thunderbird and four listed as "critical" for Firefox 2.0.0.x.

Note: The most recent version of Firefox is 3.0.2.  The Mozilla foundation is continuing to provide software updates for legacy (2.0.0.x) versions of Firefox but has announced that update support for this product line will end in mid-December 2008.  The vendor is encouraging users to upgrade to Firefox version 3.0.x at their earliest convenience.

Recommended Actions:  Thunderbird and Firefox 2.0.0.x users, support personnel and system administrators are encouraged to read the security bulletin(s) and apply the update(s) at their earliest convenience.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Thunderbird 2.0.0.17 security content page:
http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html

Thunderbird download page:
http://www.mozilla.com/en-US/products/thunderbird/

Firefox 2.0.0.17 security content page:
http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.17

Firefox 2.0.0.17 download page:
http://www.mozilla.com/en-US/firefox/all-older.html

Firefox 3.0.2 download page (for users wishing to upgrade to Firefox 3.0.x):
http://www.getfirefox.com