Saturday, February 28, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which three categorized as critical, six as high, six as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 36
- Mozilla Firefox ESR earlier than 31.5
- Mozilla Thunderbird earlier than 31.5

Links to the security advisories with details about addressed security issues:
MSFA-2015-27 Caja Compiler JavaScript sandbox bypass
MSFA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
MSFA-2015-24 Reading of local files through manipulation of form autocomplete
MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
MSFA-2015-21 Buffer underflow during MP3 playback
MSFA-2015-20 Buffer overflow during CSS restyling
MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
MSFA-2015-16 Use-after-free in IndexedDB
MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
MSFA-2015-14 Malicious WebGL content crash when writing strings
MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
MSFA-2015-12 Invoking Mozilla updater will load locally stored DLL files
MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: