Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Mozilla Firefox v16 Released with Critical Security Updates

Oct 9, 2012 9:03PM PDT

Yesterday Mozilla released Firefox v16.0 which included 14 Security updates. Eleven (11) were rated Critical and three (3) as High.

Fixed in Firefox 16:

MFSA 2012-87 - Use-after-free in the IME State Manager
MFSA 2012-86 - Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 - Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 - Spoofing and script injection through location.hash
MFSA 2012-83 - Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 - top object and location property accessible by plugins
MFSA 2012-81 - GetProperty function can bypass security checks
MFSA 2012-80 - Crash with invalid cast when using instanceof operator
MFSA 2012-79 - DOS and crash with full screen and history navigation
MFSA 2012-78 - Reader Mode pages have chrome privileges
MFSA 2012-77 - Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 - Continued access to initial origin after setting document.domain
MFSA 2012-75 - select element persistance allows for attacks
MFSA 2012-74 - Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.Cool

For Additional Details: https://www.mozilla.org/security/known-vulnerabilities/firefox.html

What's New (and more) can be found in the post titled, "Firefox v16.0 Released"

Discussion is locked