Flaws Fixed in Firefox 20

Tuesday, April 2, 2013 @ 08:04 PM gHale


Mozilla included 11 critical security fixes and added a new privacy feature to Firefox 20 that enables users to begin a new private browsing session in a separate tab while still running a normal session in other tabs.

The new version of Firefox expands the capabilities of the private browsing function in the browser, a feature that allows users to browse without any cookies, logs or any other data retention.

RELATED STORIES
Security Fixes in New Chrome
Attack Shift: Web-based Attacks
Top Malicious Hosting Providers
Huge DDoS Attack a New Approach

“Firefox includes a new enhancement to private browsing that allows you to open a new private browsing window without closing or changing your current browsing session. You can shop for a birthday gift in a private window with your existing browsing session uninterrupted. You can also use a private browsing window to check multiple email accounts simultaneously,” Mozilla said in a blog post.

Mozilla also made the same change for the Android version of Firefox.

“We are also proud to announce that Firefox for Android also supports private browsing on a per tab basis. Firefox for Android allows you to open a new private browsing tab during your current browsing session, allowing you to switch between private and standard tabs within the same browsing session,” the company said.

In terms of security patches in Firefox 20, there are plenty. All of the vulnerabilities patched in this version are critical. Here’s the list of flaws fixed:
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)



Leave a Reply

You must be logged in to post a comment.