Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefox17.0

Overview

Id firefox17.0
Name Mozilla Firefox (en-us) 17.0 for Windows (Update) (See Notes)
Vendor Name mozilla
Product Mozilla FireFox
Content Type Critical Critical
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 20 Nov 2012 12:00:00

firefox17.0

Mozilla Firefox (en-us) 17.0 for Windows (Update) (See Notes)

Vendor Name

mozilla

Product

Mozilla FireFox

Released On

20 Nov 2012 12:00:00

Url

http://www.mozilla.com/firefox/17.0/releasenotes/

Description

About This Update:
Firefox 17.0 fixes the following security issues:

  • MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer.
  • MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer.
  • MFSA 2012-104 CSS and HTML injection through Style Inspector.
  • MFSA 2012-103 Frames can shadow top.location.
  • MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges.
  • MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset.
  • MFSA 2012-100 Improper security filtering for cross-origin wrappers.
  • MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment.
  • MFSA 2012-98 Firefox installer DLL hijacking.
  • MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox.
  • MFSA 2012-96 Memory corruption in str_unescape.
  • MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page.
  • MFSA 2012-94 Crash when combining SVG text on path with CSS.
  • MFSA 2012-93 evalInSanbox location context incorrectly applied.
  • MFSA 2012-92 Buffer overflow while rendering GIF images.
  • MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11).
  • Important Notes:

  • This update is applicable to Firefox version 4 and higher.
  • The detection logic only detects Firefox installations in the system-default Program Files folder (e.g. "C:\Program Files\Mozilla Firefox").
  • Deployment while Firefox is running will not upgrade the current browser session. The user will be prompted to reboot the next time Firefox is launched, in order to complete the upgrade.
  • Deployment with Uninstall will remove Firefox completely.
  • Related Resources

    Related Vulnerabilities

    CVE-2012-4202   CVE-2012-4206   CVE-2012-4207   CVE-2012-4209   CVE-2012-4210   CVE-2012-4214   CVE-2012-4215   CVE-2012-4216   CVE-2012-5829   CVE-2012-5830   CVE-2012-5833   CVE-2012-5835   CVE-2012-5839   CVE-2012-5840   CVE-2012-5841   CVE-2012-5842   CVE-2012-4203   CVE-2012-4204   CVE-2012-4205   CVE-2012-4208   CVE-2012-4212   CVE-2012-4213   CVE-2012-4217   CVE-2012-4218   CVE-2012-5836   CVE-2012-5837   CVE-2012-5838   CVE-2012-5843  

    Related Patches

    Superseded Patches

    None


    Last Updated: 27 May 2016 11:15:35