Tuesday, October 09, 2012

Mozilla Firefox 16 Released, Includes Critical Security Updates

UPDATE: Firefox 16 was pulled from the update channel. See the Mozilla Security Blog: Security Vulnerability in Firefox 16. Until the problems with version 16 are fixed, the previous version 15.0.1 can be downloaded from this direct link: Firefox 15.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Firefox 16 was sent to the release channel today by Mozilla.  Included in the update are eleven (11) critical and three (3) high security updates.

Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.

Security Updates Fixed in Firefox 16

  • MFSA 2012-87 Use-after-free in the IME State Manager
  • MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
  • MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
  • MFSA 2012-84 Spoofing and script injection through location.hash
  • MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
  • MFSA 2012-82 top object and location property accessible by plugins
  • MFSA 2012-81 GetProperty function can bypass security checks
  • MFSA 2012-80 Crash with invalid cast when using instanceof operator
  • MFSA 2012-79 DOS and crash with full screen and history navigation
  • MFSA 2012-78 Reader Mode pages have chrome privileges
  • MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
  • MFSA 2012-76 Continued access to initial origin after setting document.domain
  • MFSA 2012-75 select element persistance allows for attacks
  • MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

What's New

  • NEW -- Firefox on Mac OS X now has preliminary VoiceOver support turned on by default
  • NEW -- Initial web app support (Windows/Mac/Linux
  • NEW -- Acholi and Kazakh localizations added
The Release Notes include additional changes and fixed features in version 16.  As with version 15, there the update includes a long list of Bug Fixes, referenced below.


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Caligula said...

It appears Mozilla has been jacked as my Firefox won't recognize or go to its "why this update" site as it says the certificate is invalid, the app doesn't have its own "upgrade" or "uninstall" options, and there is no security on the updater itself that will allow you to determine if it really IS from Mozilla or its just a third part Java craplet stuffing itself into the foreground to get you to install malware.

Suggest Mozilla grow a brain and distribute through Apple's App store so that we KNOW that we're connecting to the right place. Any web site that can't maintain their SSL certificate shouldn't be one your download software from.

Corrine said...

Hi, Caligula.

You shouldn't be getting a certificate error. If you have a Microsoft operating system, be sure you've installed the latest security updates as there were Cert. changes.

As to Firefox, the upgrade link for Firefox is located in "Help" from the Firefox menu at the upper left of the browser window. Select "About Firefox."

If you have a Mac, then you need to select "About Firefox" from the Firefox menu.

Firefox isn't an "app". It is a software program. I certainly wouldn't want to go to Apple to install it as I don't use any Apple software.