Thursday, June 27, 2013

Mozilla Product Updates Released

Mozilla have released updates to Firefox web browser and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, six as high, three as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 22.0
- Mozilla Firefox ESR earlier than 17.0.7
- Mozilla Thunderbird earlier than 17.0.7
- Mozilla Thunderbird ESR earlier than 17.0.7

Links to the security advisories with details about addressed security issues:
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

No comments: