14 DAY TRIAL // Even though initially Mozilla revealed that Firefox 11’s release might be delayed due to some security concerns, the company managed to keep on schedule. The latest variant of the popular web browser comes with 5 critical and 3 moderate severity security improvements.
The critical vulnerabilities could be leveraged by an attacker to execute arbitrary code and install software without the necessity of user interaction.
These flaws include miscellaneous memory safety hazards, crashes when accessing the cssText keyframe after dynamic modifications have been made, a privilege escalation issue with JavaScript, some SVG problems, and a use-after-free in shlwapi.dll.
The moderate severity weaknesses may be just as dangerous as the critical ones, except for the fact that they work only in non-default configurations.
The ones addressed in Firefox 11 include cross-site scripting (XSS) with multiple Content Security Policy headers and XSS with Drag and Drop and JavaScript.
The last security hole refers to the fact that window.fullScreen is writeable by untrusted content because the DOM full screen API is active.
Firefox 11 for Windows is available for download here Firefox 11 for Mac is available for download here Firefox 11 for Linux is available for download here Firefox 11 for Android is available for download here