Firefox 23.0

Firefox v.23.0 was offered to release channel users on August 06, 2013.


Fixed in Firefox 23.0 [4]
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Vulnerability ratings: 4 Critical, 7 High , 1 Moderate, 1 Low
Evaluation: Test and update.

Mixed Active Content
Firefox 23 introduces “mixed active content” blocking, ie. pages that mix and match SSL and non SSL content;

❝For the last few months, I’ve been working on the Mixed Content Blocker for Firefox. I’ve been landing patches since Firefox 18 in hope of reaching this day. Mixed Active Content is now blocked by default in Firefox 23!❞ [5]

❝Firefox 23 refined how it deals with “mixed ACTIVE content”. If an HTML page that was loaded via HTTPS includes active content, like javascript, via HTTP, then Firefox will block the execution of the active content.❞ [6]

[1] Firefox Updated: Firefox 23.0 (2013-Aug-06) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 23.0 Release Notes (2013-Aug-06) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]
[5] Mixed Content Blocking Enabled in Firefox 23! (2013-Apr-10) [Mozilla]
[6] Firefox 23 and Mixed Active Content (2013-Aug-07) [SANS]
This entry was posted in firefox, patch, security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.