Mozilla have released updates to Firefox browser and Thunderbird email client to address a bunch of vulnerabilities of which four categorized as critical, two as high, six as moderate and one as low.
Affected products are:
- Mozilla Firefox earlier than 39
- Mozilla Firefox ESR earlier than 31.8
- Mozilla Firefox ESR earlier than 38.1
- Mozilla Thunderbird earlier than 38.1
Links to the security advisories with details about addressed security issues:
MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
MFSA 2015-69 Privilege escalation in PDF.js
MFSA 2015-68 OS X crash reports may contain entered key press information
MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
MFSA 2015-66 Vulnerabilities found through code inspection
MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
MFSA 2015-61 Type confusion in Indexed Database Manager
MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment