The Mozilla Foundation has released Firefox 20 for Mac OS X with patches for 11 critical flaws. Mozilla identifies critical-impacting flaws as those that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing. Therefore, this update is highly recommended and should be applied as soon as possible.
Following is a list of the security issues resolved in this update:
- MFSA 2013-40: Out-of-bounds array read in CERT_DecodeCertPackage
- MFSA 2013-39: Memory corruption while rendering grayscale PNG images
- MFSA 2013-38: Cross-site scripting (XSS) using timed history navigations
- MFSA 2013-37: Bypass of tab-modal dialog origin disclosure
- MFSA 2013-36: Bypass of SOW protections allows cloning of protected nodes
- MFSA 2013-35: WebGL crash with Mesa graphics driver on Linux
- MFSA 2013-34: Privilege escalation through Mozilla Updater
- MFSA 2013-33: World read and write access to app_tmp directory
- MFSA 2013-32: Privilege escalation through Mozilla Maintenance Service
- MFSA 2013-31: Out-of-bounds write in Cairo library
- MFSA 2013-30: Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
To get the latest version, you can update Firefox on your Mac by using the browser’s internal updater (go to Firefox > About Firefox > Check for Updates). Or you can head over to Mozilla.org to download Firefox 20 for Mac.