Tuesday, April 24, 2012

Mozilla Firefox 12 Released with Critical Security Updates


Firefox 12 was sent to the release channel today by Mozilla.  It is important to note two important things to about this update.

First, the release of version 12 is the last version release to officially support Windows 2000, Windows XP RTM or XP Service Pack 1.  Windows XP SP2 and above will be the oly supported Windows operating systems in the next version release of Firefox.

Second, after installing version 12, subsequent updates will no longer require approval of the User Account Control (UAC).  Instead, Firefox will automatically update (silent updates).  Note, however, the addition of the Update Tab to the Advanced panel of the Options settings.  The option is provided to "Check for updates, but let me choose whether to install them."

Edit Note:  The update to version 12 is the first step toward silent updates.  The addition included
the Mozilla Maintenance Service.  It is expected that silent updates will be in place no later than version 14.



Security Updates Fixed in Firefox 12

MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

What's New

The Release Notes include new and fixed features in version 12.  The numerous Bug Fixes are in the link available in References.


  • NEW -- Windows: Firefox is now easier to update with one less prompt (User Account Control)
  • NEW -- Page Source now has line numbers
  • CHANGED -- Line breaks are now supported in the title attribute
  • CHANGED -- Improvements to "Find in Page" to center search result
  • CHANGED -- URLs pasted into the download manager window are now automatically downloaded
  • DEVELOPER -- Support for the text-align-last CSS property has been added
  • DEVELOPER -- Experimental support for ECMAScript 6 Map and Set objects has been implemented
  • FIXED -- Various security fixes
  • FIXED -- Some TinyMCE-based editors failed to load (739141)
  • FIXED -- OS X: WebGL performance may be degraded on some hardware (713305)

      Known Issues

      • If you try to start Firefox using a locked profile, it will crash (see 573369)
      • For some users, scrolling in the main GMail window will be slower than usual (see 579260)
      • Some synaptic touch pads are unable to vertical scroll (see 622410)
      • Windows: The use of Microsoft's System Restore functionality shortly after updating Firefox may prevent future updates (see 730285)

      Update

      The upgrade to Firefox 12 will be offered through the browser update mechanism after any impacts related to the Microsoft Security Updates are analyzed.  To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      2 comments:

      Juisterr said...

      Nice information Corine.
      Regards
      Eric/Juisterr

      Corrine said...

      Hi, Eric. I hope all is well at Hijackthis.nl/