Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefoxESR10.0.12

Overview

Id firefoxESR10.0.12
Name Mozilla Firefox ESR (en-us) 10.0.12 for Windows (Update) (See Notes)
Vendor Name mozilla
Product Mozilla FireFox
Content Type Critical Critical
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 08 Jan 2013 12:00:00

firefoxESR10.0.12

Mozilla Firefox ESR (en-us) 10.0.12 for Windows (Update) (See Notes)

Vendor Name

mozilla

Product

Mozilla FireFox

Released On

08 Jan 2013 12:00:00

Url

http://www.mozilla.com/firefox/10.0.12/releasenotes/

Description

Mozilla offers an Extended Support Release (ESR) cycle for Firefox that gives users a longer support tail than what is currently offered with regular Firefox releases. This ESR version is available for users who wish to remain on the ESR cycle. Please see Mozilla Firefox Extended Support Release for more information.

About This Update:
Firefox ESR 10.0.12 fix the following security issues:

  • MFSA 2013-20 Mis-issued TURKTRUST certificates.
  • MFSA 2013-17 Use-after-free in Listener Manager.
  • MFSA 2013-16 Use-after-free in serializeToStream.
  • MFSA 2013-15 Privilege escalation through plugin objects.
  • MFSA 2013-12 Buffer overflow in JavaScript string concatenation.
  • MFSA 2013-11 Address space layout leaked in XBL objects.
  • MFSA 2013-09 Compartment mismatch with quick stubs returned values.
  • MFSA 2013-05 Use-after-free when displaying table with many columns and column groups.
  • MFSA 2013-04 URL spoofing in address bar during page loads.
  • MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer.
  • MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2).
  • MFSA 2012-98 Firefox installer DLL hijacking.
  • Important Notes:

  • This update is applicable to Firefox ESR 10.x.
  • The detection logic only detects Firefox installations in the system-default Program Files folder (e.g. "C:\Program Files\Mozilla Firefox").
  • Deployment while Firefox is running will not upgrade the current browser session. The user will be prompted to reboot the next time Firefox is launched, in order to complete the upgrade.
  • Deployment with Uninstall will remove Firefox completely.
  • Related Resources

    Related Vulnerabilities

    CVE-2012-0759   CVE-2012-4206   CVE-2013-0744   CVE-2013-0746   CVE-2013-0748   CVE-2013-0750   CVE-2013-0753   CVE-2013-0754   CVE-2013-0758   CVE-2013-0762   CVE-2013-0766   CVE-2013-0767   CVE-2013-0769  

    Related Patches

    None

    Superseded Patches

    None


    Last Updated: 27 May 2016 11:16:03