The Mozilla Foundation has released Firefox 17 for Mac OS X 10.6 and later, with patches for six critical vulnerabilities that the company sees as remotely exploitable. Firefox 17 patches a combined 16 vulnerabilities, 15 of which Mozilla considers high-impact or critical flaws, and one moderate-impact flaw. Critical-impact flaws are those that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
Six critical flaws fixed in Firefox 17 are described as follows:
- MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
- MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
- MFSA 2012-104 CSS and HTML injection through Style Inspector
- MFSA 2012-94 Crash when combining SVG text on path with CSS
- MFSA 2012-92 Buffer overflow while rendering GIF images
- MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
We recommend all users upgrade to the latest version, which you can do on your Mac by using the browser’s internal updater (go to Firefox > About Firefox > Check for Updates). You may also head over to Mozilla’s download page to get Firefox 17 on your Mac.