Sunday, August 7, 2016

Mozilla Firefox Updates Released

Mozilla have released updates to Firefox browser to address a bunch of vulnerabilities of which three categorized as critical, seven as high, 11 as moderate and two as low.

Affected products are:
- Mozilla Firefox earlier than 48
- Mozilla Firefox earlier than ESR 45.3

Links to the security advisories with details about addressed security issues:
MFSA 2016-84 Information disclosure through Resource Timing API during page navigation
MFSA 2016-83 Spoofing attack through text injection into internal error pages
MFSA 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
MFSA 2016-81 Information disclosure and local file manipulation through drag and drop
MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
MFSA 2016-79 Use-after-free when applying SVG effects
MFSA 2016-78 Type confusion in display transformation
MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
MFSA 2016-75 Integer overflow in WebSockets during data buffering
MFSA 2016-74 Form input type change from password to text can store plain text password in session restore file
MFSA 2016-73 Use-after-free in service workers with nested sync events
MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
MFSA 2016-71 Crash in incremental garbage collection in JavaScript
MFSA 2016-70 Use-after-free when using alt key and toplevel menus
MFSA 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
MFSA 2016-68 Out-of-bounds read during XML parsing in Expat library
MFSA 2016-67 Stack underflow during 2D graphics rendering
MFSA 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
MFSA 2016-63 Favicon network connection can persist when page is closed
MFSA 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)


Fresh version can be obtained via inbuilt updater or by downloading from the product site:
Firefox

No comments: