Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefox28.0

Overview

Id firefox28.0
Name Mozilla Firefox (en-us) 28.0 for Windows (Update) (See Notes)
Vendor Name mozilla
Product Mozilla Firefox
Content Type Critical Critical
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 18 Mar 2014 12:00:00

firefox28.0

Mozilla Firefox (en-us) 28.0 for Windows (Update) (See Notes)

Vendor Name

mozilla

Product

Mozilla Firefox

Released On

18 Mar 2014 12:00:00

Url

http://www.mozilla.org/firefox/28.0/releasenotes/

Description

About This Update:
Firefox 28.0 fixes the following security issues:

  • MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering.
  • MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects.
  • MFSA 2014-30 Use-after-free in TypeObject.
  • MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs.
  • MFSA 2014-28 SVG filters information disclosure through feDisplacementMap.
  • MFSA 2014-27 Memory corruption in Cairo during PDF font renderingv.
  • MFSA 2014-26 Information disclosure through polygon rendering in MathML.
  • MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore.
  • MFSA 2014-22 WebGL content injection from one domain to rendering in another.
  • MFSA 2014-20 onbeforeunload and Javascript navigation DOS.
  • MFSA 2014-19 Spoofing attack on WebRTC permission prompt.
  • MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key.
  • MFSA 2014-17 Out of bounds read during WAV file decoding.
  • MFSA 2014-16 Files extracted during updates are not always read only.
  • MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4).
  • Important Notes:

  • This update is applicable to Firefox version 4 and higher.
  • The detection logic only detects Firefox installations in the system-default Program Files folder (e.g. "C:\Program Files\Mozilla Firefox").
  • Deployment while Firefox is running will not upgrade the current browser session. The user will be prompted to reboot the next time Firefox is launched, in order to complete the upgrade.
  • Deployment with Uninstall will remove Firefox completely.
  • Related Resources

    Related Vulnerabilities

    CVE-2014-1493   CVE-2014-1494   CVE-2014-1496   CVE-2014-1497   CVE-2014-1498   CVE-2014-1499   CVE-2014-1500   CVE-2014-1502   CVE-2014-1504   CVE-2014-1505   CVE-2014-1508   CVE-2014-1509   CVE-2014-1510   CVE-2014-1511   CVE-2014-1512   CVE-2014-1513   CVE-2014-1514  

    Related Patches

    Superseded Patches


    Last Updated: 27 May 2016 11:19:32