Saturday, October 13, 2012

Mozilla Security Updates Available

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which 13 categorized as critical and three as high.

Affected products are:
- Mozilla Firefox earlier than 16.0.1
- Mozilla Firefox ESR earlier than 10.0.9
- Mozilla Thunderbird earlier than 16.0.1
- Mozilla Thunderbird ESR earlier than 10.0.9
- Mozilla SeaMonkey earlier than 2.13.1

Links to the security advisories with details about addressed security issues:
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-78 Reader Mode pages have chrome privileges
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: