Tuesday, August 06, 2013

Mozillia Firefox 23.0 Released with Critical Security Updates



Firefox

Mozilla sent Firefox Version 23.0 to the release channel. The current update includes thirteen security updates of which five are critical, six high, one moderate and one low.

This article explains about the "mixed content blocking" that was included in Version 23.0: Mixed Content Blocking in Firefox Aurora | Mozilla Security Blog.

Fixed in Firefox 23

  • MFSA 2013-75 Local Java applets may read contents of local file system
  • MFSA 2013-74 Firefox full and stub installer DLL hijacking
  • MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
  • MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
  • MFSA 2013-71 Further Privilege escalation through Mozilla Updater
  • MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
  • MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
  • MFSA 2013-68 Document URI misrepresentation and masquerading
  • MFSA 2013-67 Crash during WAV audio file decoding
  • MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
  • MFSA 2013-65 Buffer underflow when generating CRMF requests
  • MFSA 2013-64 Use after free mutating DOM during SetBody
  • MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

What’s New

  • NEW -- Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages (learn more)
  • NEW -- Options panel created for Web Developer Toolbox
  • CHANGED --"Enable JavaScript" preference checkbox has been removed and user-set values will be reset to the default
  • CHANGED -- Updated Firefox Logo
  • CHANGED -- Improved about:memory's functional UI
  • CHANGED -- Simplified interface for notifications of plugin installation
  • CHANGED -- Enabled DXVA2 on Windows Vista+ to accelerate H.264 video decoding
  • CHANGED -- Users can now switch to a new search provider across the entire browser
  • CHANGED -- CSP policies using the standard syntax and semantics will now be enforced
  • CHANGED -- < input type='file' > rendering improvements (see bug 838675)
  • CHANGED -- Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate
  • CHANGED -- "Load images automatically" and Always show the tab bar" checkboxes removed from preferences and reset to defaults


Known Issues

  • Unresolved -- Moving Firefox to background while playing a flash video in full screen mode and bring it back to view will freeze the app (see 809055)
  • Unresolved -- If you try to start Firefox using a locked profile, it will crash (see 573369)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


1 comment:

Shrikhandiya said...

Nice info as i am firefox user.
Thanks