FYI...
Firefox v16.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
Oct 11, 2012
What's new...
- https://www.mozilla.org/en-US/firefo.../releasenotes/
- https://blog.mozilla.org/security/20...in-firefox-16/
"Impact: The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters..."
Security Advisories for v16.0.1:
- https://www.mozilla.org/security/kno...#firefox16.0.1
Fixed in Firefox 16.0.1
MFSA 2012-89 defaultValue security checks not applied
"... regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object... CVE-2012-4192, CVE-2012-4193..."
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
"... bugs showed evidence of memory corruption under certain circumstances... some of these could be exploited to run arbitrary code... websockets crash affecting Firefox 16... CVE-2012-4190, CVE-2012-4191..."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4190 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4191 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4192 - 4.3
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4193 - 9.3 (HIGH)
12 Oct 2012
___
- http://www.securitytracker.com/id/1027653
CVE Reference: CVE-2012-4190, CVE-2012-4191
Oct 12 2012
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.1).
- https://secunia.com/advisories/50932/
Last Update: 2012-10-12
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.
- http://h-online.com/-1728382
12 Oct 2012