Friday, August 31, 2012

Mozilla Security Updates

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address 16 vulnerabilities of which seven categorized as critical, six as high and three as moderate.

Affected products are:
- Mozilla Firefox earlier than 15
- Mozilla Firefox ESR earlier than 10.0.7
- Mozilla Thunderbird earlier than 15
- Mozilla Thunderbird ESR earlier than 10.0.7
- Mozilla SeaMonkey earlier than 2.12

Links to the security advisories with details about addressed security issues:
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-71 Insecure use of __android_log_print
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-60 Escalation of privilege through about:newtab
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: