A number of six critical-, nine high- and one moderate-impact vulnerabilities have been fixed by Mozilla with the release of Firefox 17.The critical flaws, which can be leveraged by an attacker to run arbitrary code and install malicious software without any user interaction, refer to use-after-free, buffer overflow and memory corruption issues identified with the aid of Address Sanitizer.
Other critical security holes include a CSS and HTML injection issue through Style Inspector, miscellaneous memory safety hazards, a buffer overflow when rendering GIF images, and a crash when combining SVG text on path with CSS.
The high-impact vulnerabilities addressed in Firefox 17 were caused by the improper security filtering for cross-origin wrappers, installer DLL hijacking, the fact that the evalInSanbox location context was incorrectly applied, and a memory corruption issue in str_unescape.
Firefox 17 for Windows is available for download here
Firefox 17 for Mac is available for download here
Firefox 17 for Linux is available for download here
Firefox 17 for Android is available for download here