(LiveHacking.Com) – The Mozilla Foundation has released Firefox 11 with new features and five critical security fixes. It has also simultaneously released security updates for Firefox 3.6.28, Thunderbird 3.1.20 and SeaMonkey 2.8. The vulnerabilities addressed may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack.
Mozilla had earlier written that the release of FireFox 11 would be delayed as it was waiting for a report from ZDI about a possible new security vulnerability. However it transpired that the bug was one Mozilla had already identified and fixed. However, Mozilla did add that in order to understand the impacts of Microsoft’s “Patch Tuesday” fixes, it would initially release Firefox for manual updates only.
In Firefox 11 Mozilla has fixed the following Critical vulnerabilities:
- MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:22.214.171.124)
- MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
- MFSA 2012-14 SVG issues found with Address Sanitizer
- MFSA 2012-12 Use-after-free in shlwapi.dll
The new verison also contains the following “Moderate” priority secrurity fixes:
- MFSA 2012-18 window.fullScreen writeable by untrusted content
- MFSA 2012-15 XSS with multiple Content Security Policy headers