Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, two as high, five as moderate and two as low.
Affected products are:
- Mozilla Firefox earlier than 37
- Mozilla Firefox ESR earlier than 31.6
- Mozilla Thunderbird earlier than 31.6
Links to the security advisories with details about addressed security issues:
MFSA 2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
MFSA 2015-41 PRNG weakness allows for DNS poisoning on Android
MFSA 2015-40 Same-origin bypass through anchor navigation
MFSA 2015-39 Use-after-free due to type confusion flaws
MFSA 2015-38 Memory corruption crashes in Off Main Thread Compositing
MFSA 2015-37 CORS requests should not follow 30x redirections after preflight
MFSA 2015-36 Incorrect memory management for simple-type arrays in WebRTC
MFSA 2015-35 Cursor clickjacking with flash and images
MFSA 2015-34 Out of bounds read in QCMS library
MFSA 2015-33 resource:// documents can load privileged pages
MFSA 2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
MFSA 2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
MFSA 2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment