Multiple vulnerabilities
The new version was implemented regime Firefox Health Report, which allows to monitor the performance of the browser.
According to the developers of the browser from the Mozilla, users have available the new version, Firefox 21, which was removed a number of vulnerabilities, including three critical.
Experts was eliminated a total of eight gaps. It should be noted that two of the critical vulnerabilities affect only Firefox, Thunderbird, and since the other company’s products are no vulnerable components.
Among the updates that are not related to security, it is worth noting the expansion of the user interface to configure the Do Not Track, an increase in graphics performance and support for the implementation of the default technology WebRTC, designed to work with multi-user web-applications.
Furthermore, Firefox 21 was introduced mode Firefox Health Report, allows to prepare a report of the current rendering performance of the browser, to compare these data with other users, and configurations, etc.
Detailed description of vulnerabilities
Multiple vulnerabilities in Mozilla Firefox
Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 6
CVE ID: CVE-2012-1942
CVE-2013-0801
CVE-2013-1669
CVE-2013-1670
CVE-2013-1672
CVE-2013-1673
CVE-2013-1674
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Vector of operation: Remote
Impact: Security Bypass, System compromise
Affected products: Mozilla Firefox 20.x
Affected versions: Mozilla Firefox versions prior to 21.0
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
1. The vulnerability is caused due to an unspecified error. The removed user can cause damage of memory and compromise target system. Details aren’t disclosed.
2. The vulnerability is caused due to an unspecified error. This can be exploited to corrupt memory and potentially execute arbitrary code. Details aren’t disclosed.
3. The vulnerability is caused due to an error related to Chrome Object Wrappers (COW). This can be by reference to the content level constructor to bypass certain security restrictions.
4. An error use after release when resizing video object during its playback. This can be exploited to compromise a vulnerable system.
5. The vulnerability is caused due to an error in the function “_cairo_xlib_surface_add_glyph ()”. A remote user can execute arbitrary record.
6. The vulnerability is caused due to an error of use after the release of the functions of “mozilla :: plugins :: child :: _geturlnotify ()”, “nsFrameList :: FirstChild ()” and “nsContentUtils :: RemoveScriptBlocker ()”. This can be exploited to compromise a vulnerable system.
Manufacturer URL: http://www.mozilla.org/en-US/firefox/new/
Solution: Update to version 21.0 from a site of the producer.
