Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » firefox28.0

Overview

Id firefox28.0
Name Mozilla Firefox 28.0 for Mac OS X (Update) (See Notes)
Vendor Name mozilla
Product Mozilla FireFox
Content Type Critical Critical
Language(s)
Operating System(s) OSX 
Released On 18 Mar 2014 12:00:00

firefox28.0

Mozilla Firefox 28.0 for Mac OS X (Update) (See Notes)

Vendor Name

mozilla

Product

Mozilla FireFox

Released On

18 Mar 2014 12:00:00

Url

http://www.mozilla.org/firefox/28.0/releasenotes/

Description

About This Update:
Firefox 28.0 fixes the following critical security issues:

  • MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering.
  • MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects.
  • MFSA 2014-30 Use-after-free in TypeObject.
  • MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs.
  • MFSA 2014-28 SVG filters information disclosure through feDisplacementMap.
  • MFSA 2014-27 Memory corruption in Cairo during PDF font rendering.
  • MFSA 2014-26 Information disclosure through polygon rendering in MathML.
  • MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore.
  • MFSA 2014-22 WebGL content injection from one domain to rendering in another.
  • MFSA 2014-20 onbeforeunload and Javascript navigation DOS.
  • MFSA 2014-19 Spoofing attack on WebRTC permission prompt.
  • MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key.
  • MFSA 2014-17 Out of bounds read during WAV file decoding.
  • MFSA 2014-16 Files extracted during updates are not always read only.
  • MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4).
  • Important Notes:

  • By default, deployment will automatically update Firefox.app in the Applications folder.
  • Deployment while Firefox is running will not update the current browser session. The user may re-launch Firefox in order to complete the update.
  • Use the download only option to deploy the installer to the agent's temporary directory (by default, "/tmp/{Agent GUID}"). An administrator may then manually install the update.
  • The detection logic only detects Firefox installations in the current system volume. Multiple installations of Firefox may cause unexpected detection results.
  • System Requirements:
    Mac OS X 10.6
    Mac OS X 10.7
    Mac OS X 10.8
    Mac OS X 10.9

    Related Resources

    Related Vulnerabilities

    CVE-2014-1493   CVE-2014-1494   CVE-2014-1496   CVE-2014-1497   CVE-2014-1498   CVE-2014-1499   CVE-2014-1500   CVE-2014-1502   CVE-2014-1504   CVE-2014-1505   CVE-2014-1508   CVE-2014-1509   CVE-2014-1510   CVE-2014-1511   CVE-2014-1512   CVE-2014-1513   CVE-2014-1514  

    Related Patches

    Superseded Patches


    Last Updated: 27 May 2016 11:18:37