Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefox10.0.8

Overview

Id firefox10.0.8
Name Mozilla Firefox ESR 10.0.8 for Mac OS X (Update) (See Note)
Vendor Name mozilla
Product Firefox
Content Type Critical Critical
Language(s)
Operating System(s) OSX 
Released On 09 Oct 2012 12:00:00

firefox10.0.8

Mozilla Firefox ESR 10.0.8 for Mac OS X (Update) (See Note)

Vendor Name

mozilla

Product

Firefox

Released On

09 Oct 2012 12:00:00

Url

http://www.mozilla.com/firefox/10.0.8/releasenotes/

Description

Mozilla offers an Extended Support Release (ESR) cycle for Firefox that gives users a longer support tail than what is currently offered with regular Firefox releases. This ESR version is available for users who wish to remain on the ESR cycle. Please see Mozilla Firefox Extended Support Release for more information.

About This Update:
Firefox ESR 10.0.8 fixes the following security issues:

  • MFSA 2012-87 Use-after-free in the IME State Manager.
  • MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer.
  • MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer.
  • MFSA 2012-84 Spoofing and script injection through location.hash.
  • MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties.
  • MFSA 2012-82 top object and location property accessible by plugins.
  • MFSA 2012-81 GetProperty function can bypass security checks.
  • MFSA 2012-79 DOS and crash with full screen and history navigation.
  • MFSA 2012-77 Some DOMWindowUtils methods bypass security checks.
  • MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8).
  • MFSA 2012-59 Location object can be shadowed using Object.defineProperty.
  • Important Note:
    The detection logic only detects Firefox installations in the current system volume.

    System Requirements:
    Intel-based Mac OS X 10.5
    Mac OS X 10.6
    Mac OS X 10.7

    Related Resources

    Related Vulnerabilities

    CVE-2012-1956   CVE-2012-3982   CVE-2012-3986   CVE-2012-3988   CVE-2012-3990   CVE-2012-3991   CVE-2012-3992   CVE-2012-3993   CVE-2012-3994   CVE-2012-3995   CVE-2012-4179   CVE-2012-4180   CVE-2012-4181   CVE-2012-4182   CVE-2012-4183   CVE-2012-4184   CVE-2012-4185   CVE-2012-4186   CVE-2012-4187   CVE-2012-4188  

    Related Patches

    None

    Superseded Patches


    Last Updated: 27 May 2016 11:15:17