Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefoxESR24.5.0

Overview

Id firefoxESR24.5.0
Name Mozilla Firefox ESR (en-us) 24.5 for Windows (Update) (See Notes)
Vendor Name mozilla
Product Mozilla Firefox ESR
Content Type Critical Critical
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 29 Apr 2014 12:00:00

firefoxESR24.5.0

Mozilla Firefox ESR (en-us) 24.5 for Windows (Update) (See Notes)

Vendor Name

mozilla

Product

Mozilla Firefox ESR

Released On

29 Apr 2014 12:00:00

Url

http://www.mozilla.org/firefox/24.5.0/releasenotes/

Description

Mozilla offers an Extended Support Release (ESR) cycle for Firefox that gives users a longer support tail than what is currently offered with regular Firefox releases. This ESR version is available for users who wish to remain on the ESR cycle. Please see Mozilla Firefox Extended Support Release for more information.

About This Update:
Firefox ESR 24.5 fixes the following security issues:

  • MFSA 2014-46 Use-after-free in nsHostResolve.
  • MFSA 2014-44 Use-after-free in imgLoader while resizing images.
  • MFSA 2014-43 Cross-site scripting (XSS) using history navigations.
  • MFSA 2014-42 Privilege escalation through Web Notification API.
  • MFSA 2014-38 Buffer overflow when using non-XBL object as XBL.
  • MFSA 2014-37 Out of bounds read while decoding JPG images.
  • MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer.
  • MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5).
  • Important Notes:

  • This update is applicable to Firefox ESR 24.x and Firefox ESR 17.x.
  • The detection logic only detects Firefox installations in the system-default Program Files folder (e.g. "C:\Program Files\Mozilla Firefox").
  • Deployment while Firefox is running will not upgrade the current browser session. The user will be prompted to reboot the next time Firefox is launched, in order to complete the upgrade.
  • Deployment with Uninstall will remove Firefox completely.
  • Related Resources

    Related Vulnerabilities

    CVE-2014-1518   CVE-2014-1520   CVE-2014-1523   CVE-2014-1524   CVE-2014-1529   CVE-2014-1530   CVE-2014-1531   CVE-2014-1532  

    Related Patches

    None

    Superseded Patches


    Last Updated: 27 May 2016 11:18:48