For current alerts and security information please see our security page
Older Security Alerts & Announcements
Security Update (February 7, 2008): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (November 26, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (October 18, 2007): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install this update as soon as possible.
- Firefox 2.0.0.8
- Thunderbird 2.0.0.9 (November 14, 2007)
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (September 18, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (July 30, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.
- Firefox 2.0.0.6
- Thunderbird 2.0.0.6 (August 1)
- Thunderbird 1.5.0.13 (August 23)
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (July 17, 2007): Security updates have been issued for Firefox that fix critical security vulnerabilities. All users should install this update as soon as possible.
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (May 30, 2007): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these updates as soon as possible.
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (March 20, 2007): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these updates as soon as possible.
- Firefox 2.0.0.3
- Firefox 1.5.0.11
- Thunderbird 1.5.0.10 (March 1, 2006)
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (December 19, 2006): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these udpates as soon as possible.
Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support.
Security Update (July 27, 2006): All users should upgrade to Mozilla Thunderbird 1.5.0.5, the latest security and stability release. Most users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Contact your site's computer support staff for help, or help is available through our Community Support forums.
Security Update (July 26, 2006): All users should upgrade to Mozilla Firefox 1.5.0.5, the latest security and stability release. Most users should get an automatic update notification, and users who have turned that off can use the "Check for Updates..." item on the Help menu. If the menu item is disabled you will have to install from a more privileged user account. Help is available through our Community Support forums.
Security Updates (June 1, 2006): All users should upgrade to Mozilla Firefox 1.5.0.4 and Mozilla Thunderbird 1.5.0.4, the latest security and stability releases. Users should get an automatic update notification, and users who have turned that off can use the "Check for Updates..." item on the Help menu.
Mozilla Firefox 1.5.0.3 Update Available (May 2, 2006) All users should upgrade to Firefox 1.5.0.3, a stability and security update to Firefox 1.5. Users should get an automatic update notification, but if this is turned off they can download Firefox from the download page.
Mozilla Firefox 1.5.0.2 Update Available (April 13, 2006) All users should upgrade to Firefox 1.5.0.2, a stability and security update to Firefox 1.5. Users should get an automatic update notification, but if this is turned off they can download Firefox from the download page.
Security Advisory (February 7, 2006): Exploit code that targets the Linux version of Firefox 1.5 has been published on milw0rm. This exploit uses the vulnerability described in MFSA 2006-04 which has been fixed in Firefox 1.5.0.1 and does not affect Firefox 1.0 versions
Mozilla Firefox 1.5.0.1 Update Available (February 1, 2006) All users should upgrade to Firefox 1.5.0.1, a stability and security update to Firefox 1.5. Users should get an automatic update notification, but if this is turned off they can download Firefox from the download page.
Security Advisory (December 8, 2005) We have investigated reports of an exploit involving web pages with long titles and have found no risk to users beyond a temporary unresponsiveness at startup. We have posted details and instructions on clearing history data.
Mozilla Firefox 1.0.7 Update Available (September 21, 2005) All users should upgrade to Firefox 1.0.7, a security update to Firefox 1.0. Users can download Firefox from the download page.
Security Advisory (September 21, 2005) The Mozilla Foundation is aware of the Linux.RST.b virus that infected Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky Lab. No versions of Mozilla Firefox were infected. Infected files have been removed from the Mozilla ftp mirror network as of September 17.
Mozilla recommends to our Korean users who have downloaded affected products to run an AntiVirus product on their machine to scan for the Linux.RST.b virus and delete infected files. Further information about the Linux.RST.b virus can be found here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99978
Security Advisory (September 9, 2005) The Mozilla Foundation is aware of a potentially critical security vulnerability in Mozilla and Firefox browsers' support for IDN, as reported publicly on September 8. There are currently no known active exploits of this vulnerability although a "proof of concept" has been reported. To protect yourself against this exploit, follow these instructions.
Mozilla Firefox 1.0.5 Update Available (July 12, 2005) All users should upgrade to Firefox 1.0.5, a security update to Firefox 1.0. Users can download Firefox from the download page.
Mozilla Firefox 1.0.4 Update Available (May 11, 2005) All users should upgrade to Firefox 1.0.4, a security update to Firefox 1.0. Users can download Firefox from the download page.
Security Advisory (May 8, 2005) The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7. There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported. Changes to the Mozilla Update Web service have been made to mitigate the risk of an exploit. Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript.
For more information about the vulnerabilities, see the advisory. Further information including the availability of updates will be posted at www.mozilla.org.
Mozilla Firefox 1.0.3 and Mozilla 1.7.7 Updates Available (April 15, 2005) All users should upgrade to Firefox 1.0.3, a security update to Firefox 1.0. Users can download Firefox from the download page or use Firefox's built-in update mechanism. Mozilla 1.7.7 is also now available here.
Mozilla Foundation Announces Availability of Firefox 1.0.2 (March 23, 2005) All users should upgrade to Firefox 1.0.2 which includes several security fixes. Users can download Firefox from the download page or use Firefox's built-in update mechanism.
Updates to Mozilla Thunderbird and Mozilla 1.7 Released (March 21, 2005) All users should upgrade to Mozilla Thunderbird 1.0.2 and Mozilla 1.7.6. Users can download Thunderbird from the download page. Users can download Mozilla 1.7.6.
Mozilla Foundation Announces Update to Firefox (February 24, 2005) All users should upgrade to Firefox 1.0.1, a security update to Firefox 1.0. Users can download Firefox from the download page or use Firefox's built-in update mechanism.
Mozilla Foundation Announces Important Security Update (October 1, 2004) The Mozilla Foundation releases an important security update for Firefox. All users should upgrade to the latest version of the Firefox Preview Release. A patch is available for current Preview Release users. More information and download links are available in the announcement.
Mozilla Foundation Announces First Security Bug Bounty Payments, Security Fixes (September 14, 2004) The Mozilla Foundation today announced the first payments as part of its Security Bug Bounty Program and security improvements in the new Firefox Preview Release, Thunderbird 0.8, and Mozilla 1.7.3. Please see the list of known vulnerabilities for details.
Internet
Security Systems, Inc. (ISS) reported buffer overflow
vulnerabilities in all known releases of the Network Security Services
(Network Security Services (NSS)) library suite.
(August 2004) Updates are available for server products that use NSS
Updates
to Mozilla 1.7, Firefox 0.9, Thunderbird 0.7 to fix security vulnerabilities
(August 4, 2004) The Mozilla applications have been updated to fix several security issues, including some vulnerabilities recently mentioned in the press.
Security Bug Bounty Program announcement
(August 2, 2004)
Announcement on Security Issues
(August 2, 2004)
shell:Protocol security Issue
(July 7, 2004) The shell:Protocol security vulnerability affects the
Mozilla Application Suite, Firefox, and Thunderbird.
Download the latest versions or learn how to
patch your current version to fix
this problem.