Tuesday, November 20, 2012

Mozilla Firefox 17 Released, Includes Security Updates

Firefox 17 was sent to the release channel today by Mozilla.  Included in the update are six (6) critical, nine (9) high and one (1) Moderate security update.

Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.

Security Updates Fixed in Firefox 17

    MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
    MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
    MFSA 2012-104 CSS and HTML injection through Style Inspector
    MFSA 2012-103 Frames can shadow top.location
    MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
    MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
    MFSA 2012-100 Improper security filtering for cross-origin wrappers
    MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
    MFSA 2012-98 Firefox installer DLL hijacking
    MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
    MFSA 2012-96 Memory corruption in str_unescape
    MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
    MFSA 2012-94 Crash when combining SVG text on path with CSS
    MFSA 2012-93 evalInSanbox location context incorrectly applied
    MFSA 2012-92 Buffer overflow while rendering GIF images
    MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

      What's New

      • NEW -- First revision of the Social API and support for Facebook Messenger
      • NEW -- Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
      The Release Notes include additional changes and fixed features in version 17.  As with previous versions 15, the update includes a long list of Bug Fixes, referenced below.


      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      No comments: