In yesterday’s Firefox 13 release, Mozilla has fixed seven critical security vulnerabilities, four of which are critical. The majority of these vulnerabilities are also fixed in the latest Thunderbird 13 release.
More details on the vulnerabilities:
- MFSA 2012-40 – Buffer overflow and use-after-free issues found using Address Sanitizer
- MFSA 2012-39 – NSS parsing errors with zero length items
- MFSA 2012-38 – Use-after-free while replacing/inserting a node in a document
- MFSA 2012-37 – Information disclosure though Windows file shares and shortcut files
- MFSA 2012-36 – Content Security Policy inline-script bypass
- MFSA 2012-35 – Privilege escalation through Mozilla Updater and Windows Updater Service
- MFSA 2012-34 – Miscellaneous memory safety hazards
Firefox and Thunderbird users are advised to update their software as soon as possible to prevent possible exploitation of the fixed vulnerabilities.