Firefox 17 was sent to the release channel today by Mozilla. Included in the update are six (6) critical, nine (9) high and one (1) Moderate security update.
Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.
Security Updates Fixed in Firefox 17
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
- NEW -- First revision of the Social API and support for Facebook Messenger
- NEW -- Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
UpdateTo get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu.
If you do not use the English language version, Fully Localized Versions are available for download.