Mozilla has fixed seven vulnerabilities in the latest release of Firefox, with SeaMonkey and Thunderbird also affected.
The two critical vulnerabilities resolved in Firefox's 220.127.116.11 release also affect Thunderbird and Mozilla's email application suite, SeaMonkey. Mozilla has identified two other "high impact" flaws — MFSA 2008-19 and MFSA 2008-18 — which could allow an attacker to create false login prompts and discover a user's identity through SSL certificates.
"It was possible to have a background tab create a borderless XUL [Mozilla's SML user-interface language] pop-up in front of the active tab in the user's browser. This technique could be used by an attacker to spoof form elements, such as a login prompt for a site opened in a different tab, and steal the user's login credentials for that site," Mozilla advised on its known-vulnerabilities web page.