Mozilla patches critical security vulnerabilities in Firefox and Thunderbird

By Dancho Danchev

In yesterday’s Firefox 13 release, Mozilla has fixed seven critical security vulnerabilities, four of which are critical. The majority of these vulnerabilities are also fixed in the latest Thunderbird 13 release.

More details on the vulnerabilities:

  • MFSA 2012-40 – Buffer overflow and use-after-free issues found using Address Sanitizer
  • MFSA 2012-39 – NSS parsing errors with zero length items
  • MFSA 2012-38 – Use-after-free while replacing/inserting a node in a document
  • MFSA 2012-37 – Information disclosure though Windows file shares and shortcut files
  • MFSA 2012-36 – Content Security Policy inline-script bypass
  • MFSA 2012-35 – Privilege escalation through Mozilla Updater and Windows Updater Service
  • MFSA 2012-34 – Miscellaneous memory safety hazards

Firefox and Thunderbird users are advised to update their software as soon as possible to prevent possible exploitation of the fixed vulnerabilities.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s