On Tuesday, the Mozilla Foundation released Firefox 18 for Mac OS X 10.6 and later, fixing 21 vulnerabilities (12 critical, 8 high, 1 moderate) that resolve 29 CVEs overall. Most of the critical vulnerabilities resolved in Firefox 18 are related to arbitrary code execution, while the other bug fixes are related to memory corruption or other potentially exploitable security issues.
Among the more notable bugs, detected by the Google Chrome team, was in regards to TURKTRUST mis-issued *.google.com certificate (CVE-2013-0743), a certificate authority in Mozilla’s root program that had mis-issued two intermediate certificates to customers. After Chrome detected and blocked an unauthorized digital certificate for the *google.com domain, the Google Chrome team investigated further and “found the certificate was issued by an intermediate certificate authority (CA) linking back to TURKTRUST, a Turkish certificate authority.” This of course is problematic because anyone who has intermediate certificate authority can use it to create a certificate for any website they wish to impersonate.
Mozilla clarified in its security advisory:
The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. The issue was resolved by revoking the trust for these specific mis-issued certificates.
Following is a complete list of the resolved vulnerabilities in Firefox 18:
- MFSA 2013-20 Mis-issued TURKTRUST certificates
- MFSA 2013-18 Use-after-free in Vibrate
- MFSA 2013-17 Use-after-free in ListenerManager
- MFSA 2013-16 Use-after-free in serializeToStream
- MFSA 2013-15 Privilege escalation through plugin objects
- MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
- MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
- MFSA 2013-11 Address space layout leaked in XBL objects
- MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
- MFSA 2013-09 Compartment mismatch with quickstubs returned values
- MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
- MFSA 2013-07 Crash due to handling of SSL on threads
- MFSA 2013-06 Touch events are shared across iframes
- MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
- MFSA 2013-04 URL spoofing in addressbar during page loads
- MFSA 2013-03 Buffer Overflow in Canvas
- MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
- MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Users can update Firefox using the browser’s internal updater (Firefox > About Firefox > Check for Updates), or you can download the new Firefox from Mozilla’s official site.