Lucene search

HistoryFeb 18, 2014 - 1:25 p.m.

Security update for MozillaFirefox (important)


0.076 Low




This updates the Mozilla Firefox browser to the 24.3.0ESR
security release. The Mozilla NSS libraries are now on
version 3.15.4.

The following security issues have been fixed:

MFSA 2014-01: Memory safety bugs fixed in Firefox ESR
24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)

MFSA 2014-02: Using XBL scopes its possible to
steal(clone) native anonymous content

MFSA 2014-03: Download "open file" dialog delay is
too quick, doesn’t prevent clickjacking (CVE-2014-1480)

MFSA 2014-04: Image decoding causing FireFox to crash
with Goo Create (CVE-2014-1482)(bnc#862356)

MFSA 2014-05: caretPositionFromPoint and
elementFromPoint leak information about iframe contents via
timing information (CVE-2014-1483)(bnc#862360)

MFSA 2014-06: Fennec leaks profile path to logcat

MFSA 2014-07: CSP should block XSLT as script, not as
style (CVE-2014-1485)

MFSA 2014-08: imgRequestProxy Use-After-Free Remote
Code Execution Vulnerability (CVE-2014-1486)

MFSA 2014-09: Cross-origin information disclosure
with error message of Web Workers (CVE-2014-1487)

MFSA 2014-10: settings & history ID bug

MFSA 2014-11: Firefox reproducibly crashes when using
asm.js code in workers and transferable objects

MFSA 2014-12: TOCTOU, potential use-after-free in
libssl’s session ticket processing
(CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH
value (CVE-2014-1491)(bnc#862289)

MFSA 2014-13: Inconsistent this value when invoking
getters on window (CVE-2014-1481)(bnc#862309)