Sunday, May 17, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which five categorized as critical, five as high, two as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 38
- Mozilla Firefox ESR earlier than 31.7
- Mozilla Thunderbird earlier than 31.7

Links to the security advisories with details about addressed security issues:
MFSA 2015-58 Mozilla Windows updater can be run outside of application directory
MFSA 2015-57 Privilege escalation through IPC channel messages
MFSA 2015-56 Untrusted site hosting trusted page can intercept webchannel responses
MFSA 2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
MFSA 2015-54 Buffer overflow when parsing compressed XML
MFSA 2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
MFSA 2015-52 Sensitive URL encoded information written to Android logcat
MFSA 2015-51 Use-after-free during text processing with vertical text enabled
MFSA 2015-50 Out-of-bounds read and write in asm.js validation
MFSA 2015-49 Referrer policy ignored when links opened by middle-click and context menu
MFSA 2015-48 Buffer overflow with SVG content and CSS
MFSA 2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
MFSA 2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird

No comments: