Firefox 20 Patches 11 Security Flaws
All of the flaws are labeled critical, indicating that they can leveraged to run attacker code and install software with no user interaction.
The flaws patched in the new release are as follows:
- MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
- MFSA 2013-39 Memory corruption while rendering grayscale PNG images
- MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
- MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
- MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
- MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
- MFSA 2013-34 Privilege escalation through Mozilla Updater
- MFSA 2013-33 World read and write access to app_tmp directory
- MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
- MFSA 2013-31 Out-of-bounds write in Cairo library
- MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
"Mozilla identifies critical-impacting flaws as those that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing," notes Intego's Derek Erwin. "Therefore, this update is highly recommended and should be applied as soon as possible."