Firefox v12.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
April 24, 2012
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
Fixed in Firefox 12
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
24 April 2012
Release Date: 2012-04-25
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 12.0 and Thunderbird version 12.0...
Date: Apr 24 2012
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1187 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0467 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0468 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0469 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0470 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0471 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0472 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0473 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0474 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0475 - 2.6
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0477 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0478 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0479 - 4.3
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Version(s): prior to 12.0...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with a target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can spoof certain web sites.
A remote user can obtain potentially sensitive information...