Wednesday, November 21, 2012

Updates For Mozilla Products

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which six categorized as critical, eight as high and one as moderate.

Affected products are:
- Mozilla Firefox earlier than 17.0
- Mozilla Firefox ESR earlier than 10.0.11
- Mozilla Thunderbird earlier than 17.0
- Mozilla Thunderbird ESR earlier than 10.0.11
- Mozilla SeaMonkey earlier than 2.14

Links to the security advisories with details about addressed security issues:
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: