Mozilla Firefox Version 23.0 Released with Critical Security Updates

Corrine · Aug 6, 2013

Mozilla sent Firefox Version 23.0 to the release channel. The current update includes thirteen security updates of which five are critical, six high, one moderate and one low.
Fixed in Firefox 23

MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Additional information in my blog post here.

Patrick · Aug 6, 2013

Thanks for the heads up, Corrine! Just updated : )

Corrine · Aug 6, 2013

This article explains about the "mixed content blocking" that was included in Version 23.0:

Mixed Content Blocking in Firefox Aurora | Mozilla Security Blog

x BlueRobot · Aug 7, 2013

I've just updated, I don't really like the new Firefox icon though.

Corrine · Aug 7, 2013

I agree. The new icon is flat. I don't see the purpose in change for the sake of change or because everyone else is doing it.

Corrine · Aug 17, 2013

Mozilla sent Firefox Version 23.0.1 to the release channel late yesterday. It appears that the released update was to fix the issues shown below and as of last night was only available via the internal updater.

What’s New

FIXED -- 23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
FIXED -- 23.0.1 - Spell checking broken with non-ASCII characters in profile path (902532)
FIXED -- 23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527)

x BlueRobot · Aug 17, 2013

Thanks for the update :thumbsup2:

Search

Search

Mozilla Firefox Version 23.0 Released with Critical Security Updates

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Patrick

Sysnative Staff

Corrine

Administrator,
Microsoft MVP,
Security Analyst

x BlueRobot

Administrator

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Corrine

Administrator,
Microsoft MVP,
Security Analyst

x BlueRobot

Administrator

Mozilla Firefox Version 23.0 Released with Critical Security Updates

Corrine

Administrator, Microsoft MVP, Security Analyst

Patrick

Sysnative Staff

Corrine

Administrator, Microsoft MVP, Security Analyst

x BlueRobot

Administrator

Corrine

Administrator, Microsoft MVP, Security Analyst

Corrine

Administrator, Microsoft MVP, Security Analyst

x BlueRobot

Administrator

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst