Firefox 18 was sent to the release channel today by Mozilla. Included in the update are twelve (12) critical, seven (7) high and one (1) Moderate security update.
Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible. Included in the update is the revocation in trust of two TURKTRUST certificates.
Security Updates Fixed in Firefox 18
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
MFSA 2012-98 Firefox installer DLL hijacking
- NEW -- Support for Retina Display on OS X 10.7 and up
- NEW -- Preliminary support for WebRTC
UpdateTo get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu.
If you do not use the English language version, Fully Localized Versions are available for download.
- Common questions after updating Firefox
- Security Updates
- Mozilla Firefox Release Notes
- Mozilla Security Blog: Revoking Trust in Two TurkTrust Certificates
- Bug Fixes