The fixes, which also affect Mozilla's Thunderbird and SeaMonkey, correct two issues with Mozilla updater and updater service introduced in Firefox 12 for Windows, the company explained in a security advisory.
“The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the updater service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable”, the advisory explained.
Mozilla credited security researcher James Forshaw of Context Information Security with finding the flaws.
In addition, Firefox 13 includes a redesigned home page and new tab experience. The home page now includes icons at the bottom of the page to give the user easier access to bookmarks, history, settings, add-ons, downloads, and sync preferences with one-click shortcuts. When a user opens a new tab, thumbnails of the most recently and frequently visited sites are displayed.