18 Security Issues Fixed In Firefox 28

Updates are available for Firefox. A total of 18 security issues have been fixed in this release. Among these, 5 are categorized as critical, 3 as high-impact, 7 as moderate-impact, and 3 as minor security vulnerabilities. All these were discovered by Mariusz Mlynski, VUPEN, George Hotz and Jüri Aedla at the annual Pwn2own hacking contest.These vulnerabilities affect Seamonkey and Thunderbird as well.

List of issues fixed:

• MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
• MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
• MFSA 2014-30 Use-after-free in TypeObject
• MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
• MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
• MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
• MFSA 2014-26 Information disclosure through polygon rendering in MathML
• MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
• MFSA 2014-24 Android Crash Reporter open to manipulation
• MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
• MFSA 2014-22 WebGL content injection from one domain to rendering in another
• MFSA 2014-21 Local file access via Open Link in new tab
• MFSA 2014-20 onbeforeunload and Javascript navigation DOS
• MFSA 2014-19 Spoofing attack on WebRTC permission prompt
• MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
• MFSA 2014-17 Out of bounds read during WAV file decoding
• MFSA 2014-16 Files extracted during updates are not always read only
• MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

We advise our readers to update their Firefox as soon as possible.