LANDESK Security and Patch News
Headlines
- (March 19, 2014) Mozilla has released Firefox version 28.0. The following issues are fixed in this release of Firefox 28:
- MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
- MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
- MFSA 2014-30 Use-after-free in TypeObject
- MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
- MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
- MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
- MFSA 2014-26 Information disclosure through polygon rendering in MathML
- MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
- MFSA 2014-24 Android Crash Reporter open to manipulation
- MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
- MFSA 2014-22 WebGL content injection from one domain to rendering in another
- MFSA 2014-21 Local file access via Open Link in new tab
- MFSA 2014-20 onbeforeunload and Javascript navigation DOS
- MFSA 2014-19 Spoofing attack on WebRTC permission prompt
- MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
- MFSA 2014-17 Out of bounds read during WAV file decoding
- MFSA 2014-16 Files extracted during updates are not always read only
- MFSA 2014-15 Miscellaneous memory safety hazards
Please visit the following page for more details: http://www.mozilla.org/security/known-vulnerabilities/firefox.html
New Vulnerabilities
- Vulnerability ID – FIREFOXv28.0_ENU
Changed Vulnerabilities
- Vulnerability ID – FIREFOXv27.0.1_ENU (Added the replacement information.)
New Patch Downloads
- firefox_setup_28.0_enu.exe
Where to Send Feedback
At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.
Best regards,
LANDESK Product Support
Copyright © 2014 LANDESK Software. All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.
Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.LANDESK.com.