Firefox 28.0 released ...
FYI...
Firefox 28.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 28.0:
- https://www.mozilla.org/security/kno...html#firefox28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Mar 18, 2014
... complete list of changes in this release... 865 bugs found.
___
- http://www.securitytracker.com/id/1029928
CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
Mar 19 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 28.0 ...
Solution: The vendor has issued a fix (28.0)...
___
- https://www.computerworld.com/s/arti..._Pwn2Own_holes
Mar 19, 2014 - "... Firefox 28 was primarily a security update, patching the five Pwn2Own flaws and 15 others..."
___
Firefox 28.0.1 for Android
- https://www.mozilla.org/security/kno...#firefox28.0.1
- https://www.mozilla.org/security/ann...sa2014-33.html
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1515
"... Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application..."
:fear: