MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues.

Following security issues were fixed:
MFSA 2012-42:
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to
run arbitrary code.

CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman,
Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey reported memory safety
problems and crashes that affect Firefox 13.

CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill
McCloskey reported memory safety problems and crashes that affect Firefox ESR
10 and Firefox 13.

MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm
Code Audit Labs reported a mechanism to short-circuit page loads through drag
and drop to the addressbar by canceling the page load. This causes the address
of the previously site entered to be displayed in the addressbar instead of the
currently loaded page. This could lead to potential phishing attacks on users.

MFSA 2012-44
Google security researcher Abhishek Arya used the Address Sanitizer tool to
uncover four issues: two use-after-free problems, one out of bounds read bug,
and a bad cast. The first use-after-free problem is caused when an array of
nsSMILTimeValueSpec objects is destroyed but attempts are made to call into
objects in this array later. The second use-after-free problem is in
nsDocument::AdoptNode when it adopts into an empty document and then adopts
into another document, emptying the first one. The heap buffer overflow is in
ElementAnimations when data is read off of end of an array and then pointers
are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is
called with frames in aFrameList that are a mix of row group frames and column
group frames. AppendFrames is not able to handle this mix.

All four of these issues are potentially exploitable.
CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased
CVE-2012-1954: Heap-use-after-free in nsDocument::AdoptNode
CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor
CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames

MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an
issue with spoofing of the location property. In this issue, calls to
history.forward and history.back are used to navigate to a site while
displaying the previous site in the addressbar but changing the baseURI to the
newer site. This can be used for phishing by allowing the user input form or
other data on the newer, attacking, site while appearing to be on the older,
displayed site.

MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported
a cross-site scripting (XSS) attack through the context menu using a data: URL.
In this issue, context menu functionality ("View Image", "Show only this
frame", and "View background image") are disallowed in a javascript: URL but
allowed in a data: URL, allowing for XSS. This can lead to arbitrary code
execution.

MFSA 2012-47 / CVE-2012-1957: Security researcher Mario Heiderich reported that
javascript could be executed in the HTML feed-view using tag within the
RSS . This problem is due to tags not being filtered out
during parsing and can lead to a potential cross-site scripting (XSS) attack.
The flaw existed in a parser utility class and could affect other parts of the
browser or add-ons which rely on that class to sanitize untrusted input.

MFSA 2012-48 / CVE-2012-1958: Security researcher Arthur Gerkis used the
Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden
when mFocusedContent is released and oldFocusedContent is used afterwards. This
use-after-free could possibly allow for remote code execution.

MFSA 2012-49 / CVE-2012-1959: Mozilla developer Bobby Holley found that
same-compartment security wrappers (SCSW) can be bypassed by passing them to
another compartment. Cross-compartment wrappers often do not go through SCSW,
but have a filtering policy built into them. When an object is wrapped
cross-compartment, the SCSW is stripped off and, when the object is read read
back, it is not known that SCSW was previously present, resulting in a
bypassing of SCSW. This could result in untrusted content having access to the
XBL that implements browser functionality.

MFSA 2012-50 / CVE-2012-1960: Google developer Tony Payne reported an out of
bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully
crafted color profile portions of a user's memory could be incorporated into a
transformed image and possibly deciphered.

MFSA 2012-51 / CVE-2012-1961: Bugzilla developer Frédéric Buclin reported that
the "X-Frame-Options header is ignored when the value is duplicated, for
example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for
unknown reasons on some websites and when it occurs results in Mozilla browsers
not being protected against possible clickjacking attacks on those pages.

MFSA 2012-52 / CVE-2012-1962: Security researcher Bill Keese reported a memory
corruption. This is caused by JSDependentString::undepend changing a dependent
string into a fixed string when there are additional dependent strings relying
on the same base. When the undepend occurs during conversion, the base data is
freed, leaving other dependent strings with dangling pointers. This can lead to
a potentially exploitable crash.

MFSA 2012-53 / CVE-2012-1963: Security researcher Karthikeyan Bhargavan of
Prosecco at INRIA reported Content Security Policy (CSP) 1.0 implementation
errors. CSP violation reports generated by Firefox and sent to the "report-uri"
location include sensitive data within the "blocked-uri" parameter. These
include fragment components and query strings even if the "blocked-uri"
parameter has a different origin than the protected resource. This can be used
to retrieve a user's OAuth 2.0 access tokens and OpenID credentials by
malicious sites.

MFSA 2012-54 / CVE-2012-1964: Security Researcher Matt McCutchen reported that
a clickjacking attack using the certificate warning page. A man-in-the-middle
(MITM) attacker can use an iframe to display its own certificate error warning
page (about:certerror) with the "Add Exception" button of a real warning page
from a malicious site. This can mislead users to adding a certificate exception
for a different site than the perceived one. This can lead to compromised
communications with the user perceived site through the MITM attack once the
certificate exception has been added.

MFSA 2012-55 / CVE-2012-1965: Security researchers Mario Gomes and Soroush
Dalili reported that since Mozilla allows the pseudo-protocol feed: to prefix
any valid URL, it is possible to construct feed:javascript: URLs that will
execute scripts in some contexts. On some sites it may be possible to use this
to evade output filtering that would otherwise strip javascript: URLs and thus
contribute to cross-site scripting (XSS) problems on these sites.

MFSA 2012-56 / CVE-2012-1967: Mozilla security researcher moz_bug_r_a4 reported
a arbitrary code execution attack using a javascript: URL. The Gecko engine
features a JavaScript sandbox utility that allows the browser or add-ons to
safely execute script in the context of a web page. In certain cases,
javascript: URLs are executed in such a sandbox with insufficient context that
can allow those scripts to escape from the sandbox and run with elevated
privilege. This can lead to arbitrary code execution.