Firefox updates

[AplusWebMaster]

FYI...

Firefox v12.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla.com/firefox/all.html
April 24, 2012

What's new...
- https://www.mozilla.org/firefox/12.0/releasenotes/
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
- https://www.mozilla.org/firefox/12.0...s/buglist.html
Security Advisories:
- https://www.mozilla.org/security/kno...html#firefox12
Fixed in Firefox 12
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
___

- http://h-online.com/-1546370
24 April 2012
> http://www.h-online.com/security/new...ew=zoom;zoom=3
___

- https://secunia.com/advisories/48932/
Release Date: 2012-04-25
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 12.0 and Thunderbird version 12.0...

- http://www.securitytracker.com/id/1026971
Date: Apr 24 2012
CVE Reference::
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1187 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0467 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0468 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0469 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0470 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0471 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0472 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0473 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0474 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0475 - 2.6
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0477 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0478 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0479 - 4.3
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Version(s): prior to 12.0...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with a target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can spoof certain web sites.
A remote user can obtain potentially sensitive information...

.