Investigating Security Vulnerability Report

mcoates

8

Update – August 5, 2013

Issue
Mozilla was notified on August 4, 2013 of a potential security vulnerability with Firefox 17 (current general release is Firefox 22). Upon investigation we confirmed the vulnerability and determined the root of the issue was related to MFSA 2013-53. This vulnerability was fixed in Firefox versions 17.0.7 and 22, which were released on June 25, 2013.

Impact
Users who are on the latest version of Firefox (version 22) or Firefox ESR (version 17.0.7) are not at risk. If a user is running an outdated version of Firefox, then this vulnerability could be used by an attacker to execute malicious software on a victim’s machine. Mozilla has been alerted that this issue is being actively exploited in the wild and urges all users to make sure their Firefox is up to date.

Status
This vulnerability was fixed in Firefox versions 17.0.7 and 22, which were released on June 25, 2013. Firefox users should follow these instructions to confirm they are running the latest version of Firefox (currently version 22 and 17.0.7 for ESR) which contains the fixes for this vulnerability.

Original Post

Mozilla has been notified of a potential security vulnerability in Firefox 17. Firefox 17 is currently the extended support release version.

We are actively investigating this information and we will provide additional information when it becomes available.

 

Michael Coates
Director of Security Assurance