Mozilla Firefox v16 Released with Critical Security Updates

by Carol~ Moderator - 10/10/12 4:03 AM

Yesterday Mozilla released Firefox v16.0 which included 14 Security updates. Eleven (11) were rated Critical and three (3) as High.

Fixed in Firefox 16:

MFSA 2012-87 - Use-after-free in the IME State Manager
MFSA 2012-86 - Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 - Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 - Spoofing and script injection through location.hash
MFSA 2012-83 - Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 - top object and location property accessible by plugins
MFSA 2012-81 - GetProperty function can bypass security checks
MFSA 2012-80 - Crash with invalid cast when using instanceof operator
MFSA 2012-79 - DOS and crash with full screen and history navigation
MFSA 2012-78 - Reader Mode pages have chrome privileges
MFSA 2012-77 - Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 - Continued access to initial origin after setting document.domain
MFSA 2012-75 - select element persistance allows for attacks
MFSA 2012-74 - Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

For Additional Details: https://www.mozilla.org/security/known-vulnerabilities/firefox.html

What's New (and more) can be found in the post titled, "Firefox v16.0 Released"