The Mozilla Foundation has released Firefox 21 for Mac OS X with fixes for eight vulnerabilities (3 critical, 4 high, 1 moderate). Mozilla’s Firefox 21 resolves three critical vulnerabilities, which the company identifies as flaws that can be used to run attacker code and install software on affected machines, requiring no user interaction beyond normal web browsing.
Some of the issues resolved in the Firefox software update are potentially exploitable, allowing for remote code execution. Therefore, we strongly recommend all Firefox users apply these updates as soon as possible.
Following is a list of the security issues resolved in this update:
- MFSA 2013-48 Memory corruption found using Address Sanitizer
- MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
- MFSA 2013-46 Use-after-free with video and onresize event
- MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
- MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
- MFSA 2013-43 File input control has access to full path
- MFSA 2013-42 Privileged access for content level constructor
- MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Users can update Firefox using the browser’s internal updater (Firefox > About Firefox > Check for Updates), or you can download the new Firefox from Mozilla’s official site.