LANDesk Patch News Bulletin: Mozilla has Released Firefox Version 17.0 for Windows 21-NOV-2012

Version 1

    LANDesk Security and Patch News



    • (November 21, 2012) Mozilla has released Firefox version 17.0 for Windows. Fixed in Firefox version 17 are the following issues:

    MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer

    MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer

    MFSA 2012-104 CSS and HTML injection through Style Inspector

    MFSA 2012-103 Frames can shadow top.location

    MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges

    MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset

    MFSA 2012-100 Improper security filtering for cross-origin wrappers

    MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment

    MFSA 2012-98 Firefox installer DLL hijacking

    MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox

    MFSA 2012-96 Memory corruption in str_unescape

    MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page

    MFSA 2012-94 Crash when combining SVG text on path with CSS

    MFSA 2012-93 evalInSanbox location context incorrectly applied

    MFSA 2012-92 Buffer overflow while rendering GIF images

    MFSA 2012-91 Miscellaneous memory safety hazards



    New Vulnerabilities

    • Vulnerability ID – FIREFOXv17.0_ENU


    Changed Vulnerabilities

    • Vulnerability ID – FIREFOXv16.0.2_ENU (Added the replacement information.)



    New Patch Downloads

    • firefox_setup_17.0_enu.exe


    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.


    Best regards,

    LANDesk Product Support


    Copyright © 2012 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.


    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit