Thursday, July 19, 2012

Mozilla Security Updates Available

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address 15 vulnerabilities of which five categorized as critical, four as high and six as moderate.

Affected products are:
- Mozilla Firefox earlier than 14
- Mozilla Firefox ESR earlier than 10.0.6
- Mozilla Thunderbird earlier than 14
- Mozilla Thunderbird ESR earlier than 10.0.6
- Mozilla SeaMonkey earlier than 2.11

Links to the security advisories with details about addressed security issues:
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-55 feed: URLs with an innerURI inherit security context of page
MFSA 2012-54 Clickjacking of certificate warning page
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-46 XSS through data: URLs
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: