Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefoxESR10.0.8


Id firefoxESR10.0.8
Name Mozilla Firefox ESR (en-us) 10.0.8 for Windows (Update) (See Notes)
Vendor Name mozilla
Product Mozilla FireFox
Content Type Critical Critical
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 09 Oct 2012 12:00:00


Mozilla Firefox ESR (en-us) 10.0.8 for Windows (Update) (See Notes)

Vendor Name



Mozilla FireFox

Released On

09 Oct 2012 12:00:00



Mozilla offers an Extended Support Release (ESR) cycle for Firefox that gives users a longer support tail than what is currently offered with regular Firefox releases. This ESR version is available for users who wish to remain on the ESR cycle. Please see Mozilla Firefox Extended Support Release for more information.

About This Update:
Firefox ESR 10.0.8 fixes the following security issues:

  • MFSA 2012-87 Use-after-free in the IME State Manager.
  • MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer.
  • MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer.
  • MFSA 2012-84 Spoofing and script injection through location.hash.
  • MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties.
  • MFSA 2012-82 top object and location property accessible by plugins.
  • MFSA 2012-81 GetProperty function can bypass security checks.
  • MFSA 2012-79 DOS and crash with full screen and history navigation.
  • MFSA 2012-77 Some DOMWindowUtils methods bypass security checks.
  • MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8).
  • MFSA 2012-59 Location object can be shadowed using Object.defineProperty.
  • Important Notes:

  • This update is applicable to Firefox ESR 10.x.
  • The detection logic only detects Firefox installations in the system-default Program Files folder (e.g. "C:\Program Files\Mozilla Firefox").
  • Deployment while Firefox is running will not upgrade the current browser session. The user will be prompted to reboot the next time Firefox is launched, in order to complete the upgrade.
  • Deployment with Uninstall will remove Firefox completely.
  • Related Resources

    Related Vulnerabilities

    CVE-2012-1956   CVE-2012-3982   CVE-2012-3986   CVE-2012-3988   CVE-2012-3990   CVE-2012-3991   CVE-2012-3992   CVE-2012-3993   CVE-2012-3994   CVE-2012-3995   CVE-2012-4179   CVE-2012-4180   CVE-2012-4181   CVE-2012-4182   CVE-2012-4183   CVE-2012-4184   CVE-2012-4185   CVE-2012-4186   CVE-2012-4187   CVE-2012-4188  

    Related Patches


    Superseded Patches

    Last Updated: 27 May 2016 11:15:16