Security News

Mozilla Patches 11 Critical Flaws with Firefox 20 Update

Posted on April 2nd, 2013 by

The Mozilla Foundation has released Firefox 20 for Mac OS X with patches for 11 critical flaws. Mozilla identifies critical-impacting flaws as those that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing. Therefore, this update is highly recommended and should be applied as soon as possible.

Following is a list of the security issues resolved in this update:

  • MFSA 2013-40: Out-of-bounds array read in CERT_DecodeCertPackage
  • MFSA 2013-39: Memory corruption while rendering grayscale PNG images
  • MFSA 2013-38: Cross-site scripting (XSS) using timed history navigations
  • MFSA 2013-37: Bypass of tab-modal dialog origin disclosure
  • MFSA 2013-36: Bypass of SOW protections allows cloning of protected nodes
  • MFSA 2013-35: WebGL crash with Mesa graphics driver on Linux
  • MFSA 2013-34: Privilege escalation through Mozilla Updater
  • MFSA 2013-33: World read and write access to app_tmp directory
  • MFSA 2013-32: Privilege escalation through Mozilla Maintenance Service
  • MFSA 2013-31: Out-of-bounds write in Cairo library
  • MFSA 2013-30: Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

To get the latest version, you can update Firefox on your Mac by using the browser’s internal updater (go to Firefox > About Firefox > Check for Updates). Or you can head over to Mozilla.org to download Firefox 20 for Mac.

  • http://www.facebook.com/heather.m.cuthill Heather M Cuthill

    Now they need to fix the problems with Firefox 20 itself. Every time I restart the browser, I get a restore session error. And if I leave the browser open for long periods of time (which I do regularly because I run an online business) Firefox freezes and requires a forced quit. But to top it off, every other app I have open – INCLUDING the Finder – needs to be forced to quit as well, and I’m not able to restart. I have to physically shut off my computer and then reboot.