Firefox 24 available now! 17 fixes, 7 critical

Filed Under: Featured, Firefox, Podcast, Vulnerability

firefox-170Sometimes I wonder if the folks over at Mozilla Security are trying to embarrass me.

When I wrote about the new zero-day in Internet Explorer yesterday, I recommended IE users consider using Firefox as an alternative until a patch is available.

Today Mozilla has released Firefox 24.0 (as well as SeaMonkey and Thunderbird 24.0) fixing 17 vulnerabilities.

The bad news? Seven of these vulnerabilities are rated critical, four moderate and six low.

The good news? Mozilla has already released the fixes, so there is no reason to worry about mitigation techniques and "Fix its".

Firefox 24.0 isn't just a security roll-up. Mozilla has improved the performance, added more modern scrollbars on OS X and numerous other changes.

Reading through the security fixes it does not appear that any of these flaws are being actively exploited in the wild.

That could change at a moment's notice.

Once the bugs are publicly known malicious coders will often look to see which of them may be easily exploited to use against people who fall behind on their patching.

If you want to learn more about remote code execution, information disclosure, denial of service and elevation of privilege flaws, why not give the latest Sophos Techknow a listen?

In 15 minutes Paul Ducklin and I try to explain what all of this vulnerability jargon means in a useful manner to IT administrators.

Play now:


(18 September 2013, duration 15'08", size 9.1MB)

Download for later:

Sophos Techknow - Understanding Vulnerabilities (MP3)

, , ,

You might like

3 Responses to Firefox 24 available now! 17 fixes, 7 critical

  1. Wolf_Star · 212 days ago

    Gee...another...update.

    It's not difficult to understand how Sysiphus must feel.

  2. Nigel · 212 days ago

    Thanks Chet! SeaMonkey, Firefox, and Thunderbird now updated.

  3. Glen · 212 days ago

    I have been using Firefox for quite a while now. What I would like to know, " Do I have to retain all their applications or can I delete them whenever I update?"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.