Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Firefox 13.0.1 Update SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox 13.0.1 Update

A new version of Firefox, 13.0.1, was released today. Although the official release notes say that various security issues have been fixed in this version, by looking at the official security advisories for Firefox I couldn't find any new advisories specifically for 13.0.1, as all them (from MFSA 2012-34 to 2012-40) were fixed in version 13.0 (although unfortunately, the official release notes for Firefox 13.0 do not include the security fixes reference). We already announced these a couple of weeks ago.

In any case, be sure you get the update (via the automatic method or manually) and that it is properly applied (it includes a few functional fixes).

If you have more specific security details regarding 13.0.1 (if any), please share them through our contact page.

----
Raul Siles
Founder and Senior Security Analyst with Taddong
www.taddong.com

Raul Siles

152 Posts
The release notes are a little confusing, as you say, but the changes between 13.0 and 13.0.1 are indeed only the three changes marked "fixed in 13.0.1".

Being open source, this can be verified by looking at the push log ( http://hg.mozilla.org/releases/mozilla-release/pushloghtml?startdate=2012-06-01&enddate=2012-06-15 ) which just shows those 3 fixes and a couple of other testing/infrastructure changes which aren't part of the Firefox code.

But everyone should update anyway.
Anonymous
The patch and a new full version of 13.01 were actually available since last friday. I installed it then and it has been working ok on my systems.

Apparently it was mainly to fix a bug with the latest update of flash player, as some ppl were having crash issues with FF 13 and the new flash updates. You'll notice on adobe's page for troubleshooting flash problems was updated and mentions this as well as how to disable the new protected mode for flash.

http://forums.adobe.com/message/4481693

http://forums.adobe.com/thread/1018071

Anonymous
Any news regarding Firefox ESR? It looks like ESR 10.0.5 is still current. I believe ESR 10.0.5 shipped at the same time as 13.0. Perhaps these are 13.x-only issues?
Anonymous
I'd meant to post the ESR Security page:
<a href="https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html">https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html</a>
Anonymous

Sign Up for Free or Log In to start participating in the conversation!