In association with heise online

19 February 2013, 20:36

Firefox 19 brings PDF viewer and 4 critical security fixes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mozilla Firefox The latest release of Mozilla's Firefox open source web browser, version 19, brings few new features but does close four critical security holes. The release notes list only the arrival of PDF.js, the PDF viewer written in JavaScript, as a new feature. This, it is hoped, should reduce users' exposure to malicious PDF documents which exploit third party PDF reader plugins to get access to the underlying operating system.

Alongside improvements in startup performance, the desktop version of Firefox 19 also adds, disabled by default, an experimental Remote Web Console, which can connect to Firefox for Android and Firefox OS web applications and interact with them from within the desktop installation of Firefox. Another experimental addition is a Browser Debugger for add-on and browser developers.

The critical flaws fixed in Firefox 19 include MFSA-2013-28, a collection of user-after-frees, out-of-bounds reads, and buffer overflows found with Address Sanitizer; MFSA-2013-26, a use-after-free when loading image content; MFSA-2013-23, a WebIDL wrapping issue; and MVSA-2013-21, several memory safety bugs which were presumed to be possibly exploitable. Also fixed was a high severity flaw with HTTPS connections with malicious proxies which could enable phishing attacks (MFSA-2013-27) and a high severity flaw that could allow content to bypass security wrappers (MFSA-2013-24).

The fixed versions of Mozilla products are Firefox 19 (download), Firefox ESR 17.0.3 (download), Thunderbird 17.0.3 (download) and Thunderbird ESR 17.0.3 (download), and SeaMonkey 2.16 (download but not updated yet).


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit