Thursday, September 24, 2015

Mozilla Product Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which four categorized as critical, five as high, nine as moderate and one as low.

Affected products are:
- Mozilla Firefox earlier than 41
- Mozilla Firefox ESR earlier than 38.3

Links to the security advisories with details about addressed security issues:
MFSA 2015-114 Information disclosure via the High Resolution Time API
MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
MFSA 2015-112 Vulnerabilities found through code inspection
MFSA 2015-111 Errors in the handling of CORS preflight request headers
MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
MFSA 2015-109 JavaScript immutable property enforcement can be bypassed
MFSA 2015-108 Scripted proxies can access inner window
MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
MFSA 2015-106 Use-after-free while manipulating HTML media content
MFSA 2015-105 Buffer overflow while decoding WebM video
MFSA 2015-104 Use-after-free with shared workers and IndexedDB
MFSA 2015-103 URL spoofing in reader mode
MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript
MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
MFSA 2015-97 Memory leak in mozTCPSocket to servers
MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

No comments: