Wednesday, February 5, 2014

Mozilla Product Updates Released

Mozilla have released updates to Firefox and Seamonkey browsers and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, four as high, four as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 27
- Mozilla Firefox ESR 24.x earlier than 24.3
- Mozilla Thunderbird earlier than 24.3
- Mozilla SeaMonkey earlier than 2.24

Links to the security advisories with details about addressed security issues:
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: