Mozilla today announced the released of Firefox 20, which patches a total of 11 vulnerabilities, all labeled critical.

The flaws patched in the new release are as follows:

  1. MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
  2. MFSA 2013-39 Memory corruption while rendering grayscale PNG images
  3. MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
  4. MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
  5. MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
  6. MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
  7. MFSA 2013-34 Privilege escalation through Mozilla Updater
  8. MFSA 2013-33 World read and write access to app_tmp directory
  9. MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
  10. MFSA 2013-31 Out-of-bounds write in Cairo library
  11. MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

"Mozilla identifies critical-impacting flaws as those that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing," notes Intego's Derek Erwin. "Therefore, this update is highly recommended and should be applied as soon as possible."