Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefox24.5


Id firefox24.5
Name Mozilla Firefox ESR 24.5 for Mac OS X (Update) (See Notes)
Vendor Name mozilla
Product Mozilla Firefox ESR
Content Type Critical Critical
Operating System(s) OSX 
Released On 29 Apr 2014 12:00:00


Mozilla Firefox ESR 24.5 for Mac OS X (Update) (See Notes)

Vendor Name



Mozilla Firefox ESR

Released On

29 Apr 2014 12:00:00



Mozilla offers an Extended Support Release (ESR) cycle for Firefox that gives users a longer support tail than what is currently offered with regular Firefox releases. This ESR version is available for users who wish to remain on the ESR cycle. Please see Mozilla Firefox Extended Support Release for more information.

About This Update:
Firefox ESR 24.5 fixes the following security issues:

  • MFSA 2014-46 Use-after-free in nsHostResolve.
  • MFSA 2014-44 Use-after-free in imgLoader while resizing images.
  • MFSA 2014-43 Cross-site scripting (XSS) using history navigations.
  • MFSA 2014-42 Privilege escalation through Web Notification API.
  • MFSA 2014-38 Buffer overflow when using non-XBL object as XBL.
  • MFSA 2014-37 Out of bounds read while decoding JPG images.
  • MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5).
  • Important Notes:

  • By default, deployment will automatically update in the Applications folder.
  • Deployment while Firefox is running will not update the current browser session. The user may re-launch Firefox in order to complete the update.
  • Use the download only option to deploy the installer to the agent's temporary directory (by default, "/tmp/{Agent GUID}"). An administrator may then manually install the update.
  • The detection logic only detects Firefox installations in the current system volume. Multiple installations of Firefox may cause unexpected detection results.
  • System Requirements:
    Mac OS X 10.6
    Mac OS X 10.7
    Mac OS X 10.8
    Mac OS X 10.9

    Related Resources

    Related Vulnerabilities

    CVE-2014-1518   CVE-2014-1523   CVE-2014-1524   CVE-2014-1529   CVE-2014-1530   CVE-2014-1531   CVE-2014-1532  

    Related Patches


    Superseded Patches

    Last Updated: 27 May 2016 11:18:48