Tuesday, January 08, 2013

Mozilla Firefox 18.0.0 Released With Critical Security Updates



Firefox 18 was sent to the release channel today by Mozilla.  Included in the update are twelve (12) critical, seven (7) high and one (1) Moderate security update.

Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.  Included in the update is the revocation in trust of two TURKTRUST certificates.

Security Updates Fixed in Firefox 18

    MFSA 2013-20 Mis-issued TURKTRUST certificates
    MFSA 2013-19 Use-after-free in Javascript Proxy objects
    MFSA 2013-18 Use-after-free in Vibrate
    MFSA 2013-17 Use-after-free in ListenerManager
    MFSA 2013-16 Use-after-free in serializeToStream
    MFSA 2013-15 Privilege escalation through plugin objects
    MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
    MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
    MFSA 2013-12 Buffer overflow in Javascript string concatenation
    MFSA 2013-11 Address space layout leaked in XBL objects
    MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
    MFSA 2013-09 Compartment mismatch with quickstubs returned values
    MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
    MFSA 2013-07 Crash due to handling of SSL on threads
    MFSA 2013-06 Touch events are shared across iframes
    MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
    MFSA 2013-04 URL spoofing in addressbar during page loads
    MFSA 2013-03 Buffer Overflow in Canvas
    MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
    MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
    MFSA 2012-98 Firefox installer DLL hijacking

      What's New

      • NEW -- Faster JavaScript performance via IonMonkey compiler
      • NEW -- Support for Retina Display on OS X 10.7 and up
      • NEW -- Preliminary support for WebRTC
      The Release Notes include additional changes and fixed features in version 18.  As with previous versions, the update includes a long list of Bug Fixes, referenced below.

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      No comments: