The Mozilla Foundation has released Firefox 19 for Mac OS X, fixing 8 vulnerabilities (4 critical, 2 high, 2 moderate) that resolve 14 CVEs overall. Among the critical vulnerabilities fixed in Firefox 19, several include memory safety bugs, some of which could be exploited to run arbitrary code. Another notable bug fixed allows spoofing of addresses that can be used for phishing attacks by fooling users into entering credentials.
Eight vulnerabilities fixed in Firefox 19 are described as follows:
- MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
- MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
- MFSA 2013-26 Use-after-free in nsImageLoadingContent
- MFSA 2013-24 Web content bypass of COW and SOW security wrappers
- MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
- MFSA 2013-22 Out-of-bounds read in image rendering
- MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Users can update their software to the latest version on your Mac by using the browser’s internal updater (go to Firefox > About Firefox > Check for Updates). You can also head over to Mozilla’s download page to get Firefox 19 on your Mac.