The critical vulnerabilities patched in Firefox 11 are a crash when accessing keyframe cssText after dynamic modification, escalation of privilege with Javascript: URL as a home page, scalable vector graphics issues found with Address Sanitizer, use-after-free in shlwapi.dll, and miscellaneous memory safety hazards.
Moderate vulnerabilities fixed in Firefox 11 include window.fullScreen writeable by untrusted content, cross-site scripting with multiple content security policy headers, and cross-site scripting with drag and drop and Javascript: URL.
Mozilla fixed the same vulnerabilities in updates to its Thunderbird email client and its SeaMonkey browser, email, and news alert suite.
In addition to the security fixes, Firefox 11 adds new in-product developer tools and syncs add-ons across computers. “Firefox includes new developer tools that represent the structure of websites in a new way and make it easier to live-edit CSS code”, Mozilla explained in a blog.
With add-on sync, “users now have the option to sync add-ons between computers to allow for a seamless experience across Firefox at work and at home. Users can enable this feature in the Preferences window on the Sync tab”, the blog added.