Firefox 14 fixes 5 critical security vulnerabilities

Summary:The newest version of Mozilla Foundation's flagship Firefox browser fixes 5 critical security vulnerabilities.

The newest version of Mozilla Foundation's flagship Firefox browser fixes 5 critical security vulnerabilities.

More details on the patched vulnerabilities:

MFSA 2012-56 - Code execution through javascript: URLs
MFSA 2012-55 - feed: URLs with an innerURI inherit security context of page
MFSA 2012-54 - Clickjacking of certificate warning page
MFSA 2012-53 - Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 - JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 - X-Frame-Options header ignored when duplicated
MFSA 2012-50 - Out of bounds read in QCMS
MFSA 2012-49 - Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 - use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 - Improper filtering of javascript in HTML feed-view
MFSA 2012-46 - XSS through data: URLs
MFSA 2012-45 - Spoofing issue with location
MFSA 2012-44 - Gecko memory corruption
MFSA 2012-43 - Incorrect URL displayed in addressbar through drag and drop
MFSA 2012-42 - Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)

Users are advised to update to the latest version immediatelly.

Find out more about Dancho Danchev at his LinkedIn profile.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.