• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
AplusWebMaster

Firefox updated...

155 posts in this topic

FYI...

 

Firefox v2.0.0.16 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download

- http://www.mozilla.com/en-US/firefox/all-older.html

 

What's New in Firefox 2.0.0.16:

- http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/

July 15, 2008

 

- http://www.mozilla.org/security/known-vuln.../firefox20.html

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785

CVSS v2 Base score: 9.3 (High)

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933

 

//

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.1 released

- http://www.mozilla.com/firefox/

July 16, 2008

 

Upgrading Firefox

- http://support.mozilla.com/en-US/kb/Upgrading+Firefox

"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."

 

If "Check for Updates is disabled", see:

- http://support.mozilla.com/en-US/kb/Check+...tes+is+disabled

 

Security Advisories

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.1

 

Known Issues

- http://www.mozilla.com/en-US/firefox/3.0.1/releasenotes/

 

Fixes in v3.0.1:

- http://www.mozilla.org/security/announce/2...fsa2008-34.html

- http://www.mozilla.org/security/announce/2...fsa2008-35.html

- http://www.mozilla.org/security/announce/2...fsa2008-36.html

 

- http://secunia.com/advisories/31106/

Last Update: 2008-07-17

Critical: Highly critical

Impact: Security Bypass, Spoofing, System access

Where: From remote

...The vulnerabilities are reported in versions prior to 3.0.1.

Solution: Update to version 3.0.1 ...

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785

CVSS v2 Base score: 9.3 (High)

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2933

 

//

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.2 released

- http://www.mozilla.com/firefox/

Upgrading Firefox

- http://support.mozilla.com/en-US/kb/Upgrading+Firefox

"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."

If "Check for Updates is disabled", see:

- http://support.mozilla.com/en-US/kb/Check+...tes+is+disabled

Security Advisories

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.2

Known Issues

- http://www.mozilla.com/en-US/firefox/3.0.2/releasenotes/

---

 

Firefox v2.0.0.17 released

From an admin account, start Firefox, then >Help >Check for Updates

-or-

Download

- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.17:

- http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/

September 23, 2008

- http://www.mozilla.org/security/known-vuln...firefox2.0.0.17

---

 

FF3: http://secunia.com/advisories/32011/

Software: Mozilla Firefox 3.x

CVE reference:

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3837

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4058

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4060

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4061

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4062

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4063

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4064

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4065

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4067

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4068

 

FF2: http://secunia.com/advisories/31984/

Software: Mozilla Firefox 2.0.x

CVE reference:

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-0016

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3835

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3836

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-3837

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4058

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4059

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4060

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4061

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4062

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4065

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4066

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4067

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4068

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-4069

 

.

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.3 released

- http://en-us.www.mozilla.com/firefox/3.0.3/releasenotes/

September 26, 2008 - "Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708*)"

* https://bugzilla.mozilla.org/show_bug.cgi?id=454708

 

- http://www.mozilla.com/firefox/all.html

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.4 - v2.0.0.18 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.4

- http://www.mozilla.com/firefox/all.html

Download Firefox v2.0.0.18

- http://www.mozilla.com/firefox/all-older.html

 

Release Notes

- http://www.mozilla.com/firefox/3.0.4/releasenotes/

Also see "Known Issues..." for v3: All Systems - 9 items, Microsoft Windows - 2...

 

Security issues

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.4

___

 

Firefox 3

- http://secunia.com/advisories/32713/

Release Date: 2008-11-13

Critical: Highly critical

Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch...

Original Advisory:

http://www.mozilla.org/security/announce/2...fsa2008-51.html

http://www.mozilla.org/security/announce/2...fsa2008-52.html

http://www.mozilla.org/security/announce/2...fsa2008-53.html

http://www.mozilla.org/security/announce/2...fsa2008-54.html

http://www.mozilla.org/security/announce/2...fsa2008-55.html

http://www.mozilla.org/security/announce/2...fsa2008-56.html

http://www.mozilla.org/security/announce/2...fsa2008-57.html

http://www.mozilla.org/security/announce/2...fsa2008-58.html ...

 

Firefox 2

- http://secunia.com/advisories/32693/

Release Date: 2008-11-13

Critical: Highly critical

Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch...

Original Advisory:

http://www.mozilla.org/security/announce/2...fsa2008-47.html

http://www.mozilla.org/security/announce/2...fsa2008-48.html

http://www.mozilla.org/security/announce/2...fsa2008-49.html

http://www.mozilla.org/security/announce/2...fsa2008-50.html

http://www.mozilla.org/security/announce/2...fsa2008-52.html

http://www.mozilla.org/security/announce/2...fsa2008-53.html

http://www.mozilla.org/security/announce/2...fsa2008-54.html

http://www.mozilla.org/security/announce/2...fsa2008-55.html

http://www.mozilla.org/security/announce/2...fsa2008-56.html

http://www.mozilla.org/security/announce/2...fsa2008-57.html

http://www.mozilla.org/security/announce/2...fsa2008-58.html ...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.5 released

- http://www.mozilla.com/firefox/

Dec. 16, 2008

 

Release Notes

- http://www.mozilla.com/firefox/3.0.5/releasenotes/

 

Security Advisories

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.5

Fixed in Firefox 3.0.5

MFSA 2008-69 XSS vulnerabilities in SessionStore

MFSA 2008-68 XSS and JavaScript privilege escalation

MFSA 2008-67 Escaped null characters ignored by CSS parser

MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters

MFSA 2008-65 Cross-domain data theft via script redirect error message

MFSA 2008-64 XMLHttpRequest 302 response disclosure

MFSA 2008-63 User tracking via XUL persist attribute

MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

___

 

Firefox v2.0.0.19 released

- http://www.mozilla.com/firefox/all-older.html

 

- http://www.mozilla.com/firefox/2.0.0.19/releasenotes/

Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3.

Firefox 2.0.0.19 does -not- include Phishing Protection.

___

 

- http://secunia.com/advisories/33203/

 

- http://secunia.com/advisories/33184/

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v2.0.0.20 released

- http://www.mozilla.com/en-US/firefox/all-older.html

December 18, 2008

 

Release Notes:

- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/

Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3. Firefox 2.0.0.20 does not include Phishing Protection.

- http://www.mozilla.com/en-US/firefox/2.0.0...senotes/#issues

 

Security Update:

- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/

Firefox 2.0.0.20 includes an additional security fix over Firefox 2.0.0.19 for users of the Windows platform. The following security issue* was fixed.

 

* http://www.mozilla.org/security/known-vuln...firefox2.0.0.20

MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)

- http://preview.tinyurl.com/3mvadg

"...Mozilla omitted one of the security patches that was supposed to be included in the Windows version of Tuesday's Firefox 2.0 .0.19 release..."

 

Firefox 3

- http://secunia.com/advisories/33203/

...Solution: Update to version 3.0.5.

http://www.mozilla.com/en-US/products/down...t=firefox-3.0.5

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.6 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.6

- http://www.mozilla.com/firefox/all.html

 

Security Advisories for Firefox v3.0.6

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.6

Fixed in Firefox 3.0.6

MFSA 2009-06 Directives to not cache pages ignored

MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies

MFSA 2009-04 Chrome privilege escalation via local .desktop files

MFSA 2009-03 Local file stealing with SessionStore

MFSA 2009-02 XSS using a chrome XBL method and window.eval

MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

 

- http://secunia.com/advisories/33799/

Critical: Highly critical

Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.x...

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0352

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0353

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0354

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0355

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0356

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0357

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0358

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.7 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.7

- http://www.mozilla.com/firefox/all.html

 

Fixed in Firefox 3.0.7

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.7

MFSA 2009-11 URL spoofing with invisible control characters

MFSA 2009-10 Upgrade PNG library to fix memory safety hazards

MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect

MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability

MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776

 

- http://secunia.com/advisories/34145/2/

Release Date: 2009-03-05

Critical: Highly critical

Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.x ...

Solution: Update to version 3.0.7 ...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.8 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.8

- http://www.mozilla.com/firefox/all.html

 

Fixed in Firefox 3.0.8

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.8

MFSA 2009-13 Arbitrary code execution through XUL <tree> element

MFSA 2009-12 XSL Transformation vulnerability

 

- http://secunia.com/advisories/34471/2/

Last Update: 2009-03-28

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.x ...

Solution: Update to version 3.0.8...

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.9 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.9

- http://www.mozilla.com/firefox/all.html

 

Fixed in Firefox 3.0.9

- http://www.mozilla.org/security/known-vuln...ml#firefox3.0.9

MFSA 2009-22 Firefox allows Refresh header to redirect to java script: URIs

MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame

MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites

MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings

MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme

MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI

MFSA 2009-15 URL spoofing with box drawing character

MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

 

- http://secunia.com/advisories/34758/2/

Release Date: 2009-04-22

Critical: Highly critical

Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.x ...

Solution: Update to version 3.0.9...

CVE reference:

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1302

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1303

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1304

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1305

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1306

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1307

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1308

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1309

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1310

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1311

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1312

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.10 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.10

- http://www.mozilla.com/firefox/all.html

 

Fixed in Firefox 3.0.10

- http://www.mozilla.org/security/known-vuln...l#firefox3.0.10

MFSA 2009-23 Crash in nsTextFrame::ClearTextRun()

 

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313

 

- http://secunia.com/advisories/34866/2/

Release Date: 2009-04-28

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.x ...

Solution: Update to version 3.0.10...

Original Advisory: http://www.mozilla.org/security/announce/2...fsa2009-23.html

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.11 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.11

- http://www.mozilla.com/firefox/all.html

 

Fixed in Firefox 3.0.11

- http://www.mozilla.org/security/known-vuln...l#firefox3.0.11

MFSA 2009-32 JavaScript chrome privilege escalation

MFSA 2009-31 XUL scripts bypass content-policy checks

MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar

MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null

MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object

MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests

MFSA 2009-26 Arbitrary domain cookie access by local file: resources

MFSA 2009-25 URL spoofing with invalid unicode characters

MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

- http://support.mozilla.com/en-US/kb/Upgrad...irefox+3%C2%B75

"... To upgrade from Firefox 3.0.x, open the Help menu (from an Admin account) and click Check for Updates..."

(NOTE: Some add-on's may not be compatible until they are updated*)

-OR-

Firefox v.3.5 released / Download

- http://www.mozilla.com/firefox/firefox.html

June 30th, 2009

 

Release Notes / *Known issues

- http://www.mozilla.com/firefox/3.5/releasenotes/

 

Security & Privacy

- http://www.mozilla.com/firefox/features/#security

 

Video

- http://www.mozilla.com/firefox/video/?video=security

 

- http://www.f-secure.com/weblog/archives/00001712.html

July 1, 2009 - "... when I installed Firefox 3.5 the Private Browsing option was disabled. What?..."

 

Firefox v3.5.1 patch to be released...

- http://www.theregister.co.uk/2009/07/03/mo..._firefox_3_5_1/

3 July 2009

___

 

- https://wiki.mozilla.org/WeeklyUpdates/2009...derbird_2.0.0.x

Firefox 3.0.12

* Code frozen as of Thursday last week

* Targeting mid/late-July release ...

 

- http://www.computerworld.com/action/articl...ticleId=9135001

June 30, 2009 - "... the kill date for Version 3.0 will be Dec. 31, 2009..."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox memory corruption vuln - unpatched

- http://secunia.com/advisories/35798/2/

Release Date: 2009-07-14

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched

Software: Mozilla Firefox 3.5.x

Solution: Do not browse untrusted websites or follow untrusted links...

Original Advisory: http://milw0rm.com/exploits/9137 ...

 

- http://www.us-cert.gov/current/#mozilla_fi...5_vulnerability

July 14, 2009

 

Per: http://voices.washingtonpost.com/securityf...ical_firef.html

July 14, 2009 - "... Fortunately, there is a relatively easy fix for this that can be reversed once Mozilla issues a patch. To disable the vulnerable component, open up a new Firefox window and type "about:config" (without the quotes) in the browser's address bar. In the "filter" box, type "jit" and you should see a setting called "javascript.options.jit.content". You should notice that beside that setting it reads "true," meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to "false." That's it. Note that making this change will slow down Javascript rendering in Firefox 3.5 to 3.0 speeds, but that may be a worthwhile trade-off for readers concerned about the availability of exploit code for this flaw."

... 'Glad that Brian Krebs guy is around. :-)

Edit/add: Also found (later) here:

- http://blog.mozilla.com/security/2009/07/1...-in-firefox-35/

 

- https://isc.sans.org/diary.html?storyid=6796

Last Updated: 2009-07-16 17:54:23 UTC ...(Version: 4) - "... this exploit has been spotted in the wild. The attacked just used Metasploit to create it and put a PoisonIvy client as the payload. Unfortunately, the payload has been packed with a packer that prevented some AV vendors so the detection isn't all that great..."

 

:ph34r: :ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.1 released

 

From an admin account, start Firefox, then >Help >Check for Updates

-OR-

 

Download Firefox v3.5.1

- http://www.mozilla.com/firefox/all.html

 

Complete list of changes in this version

- https://bugzilla.mozilla.org/buglist.cgi?ke...verified1.9.1.1

> 22 bugs found.

 

- http://www.mozilla.org/security/announce/2...fsa2009-41.html

July 16, 2009

 

- http://isc.sans.org/diary.html?storyid=6817

Last Updated: 2009-07-17 07:17:02 UTC - "... if you applied the workaround by disabling the JIT in about:config, remember to turn it back on"

 

- http://www.mozilla.com/en-US/firefox/3.5.1/releasenotes/

Installing... Please note that installing Firefox 3.5 will overwrite your existing installation of Firefox. You won’t lose any of your bookmarks or browsing history, but some of your extensions and other add-ons might not work until updates for them are made available. You can reinstall an older version later if you wish to downgrade.

> http://www.mozilla.com/firefox/all-older.html

___

 

> https://wiki.mozilla.org/WeeklyUpdates/2009...derbird_2.0.0.x

2009-07-13

• Firefox 3.0.12 ...

* final ship next week

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

NEW vuln - FireFox 3.5.1 confirmed, exploit PoC, no patch

- http://isc.sans.org/diary.html?storyid=6829

Last Updated: 2009-07-18 15:04:23 UTC - "Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available."

Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability

> http://www.securityfocus.com/bid/35707/

CVE-2009-2479

> http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-2479

Last revised: 07/16/2009

CVSS v2 Base Score: 10.0 (HIGH)

>> http://xforce.iss.net/xforce/xfdb/51729

Reported: July 15, 2009

>> http://www.milw0rm.com/exploits/9158

[2009-07-15]

 

milw0rm 9158 “stack overflow” crash not exploitable (CVE-2009-2479)

- http://blog.mozilla.com/security/2009/07/1...-cve-2009-2479/

07.19.09 - "In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is -not-, and we have seen no example of exploitability... we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly."

 

:!: :ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.0.12 released

From an admin account, start Firefox, then >Help >Check for Updates

-or-

 

Download Firefox v3.0.12

- http://www.mozilla.com/firefox/all-older.html

 

- http://www.mozilla.org/security/known-vuln...l#firefox3.0.12

Fixed in Firefox 3.0.12

MFSA 2009-40 Multiple cross origin wrapper bypasses

MFSA 2009-39 setTimeout loses XPCNativeWrappers

MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__ on SVG element

MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries

MFSA 2009-35 Crash and remote code execution during Flash player unloading

MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)

 

- http://secunia.com/advisories/35914/2/

Release Date: 2009-07-22

Critical: Highly critical

Impact: System access, Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x ...

Solution: Update to version 3.0.12 ...

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.2 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/en-US/firefox/all.html

v.3.5.2, released August 3rd, 2009

 

Release Notes: http://www.mozilla.com/en-US/firefox/3.5.2/releasenotes/

 

- http://www.mozilla.org/security/known-vuln...ml#firefox3.5.2

Fixed in Firefox 3.5.2

MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper

MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)

MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL

MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

___

 

Firefox v3.0.13 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/en-US/firefox/all-older.html

v3.0.13, released August 3rd, 2009

 

Release Notes: http://www.mozilla.com/en-US/firefox/3.0.13/releasenotes/

 

- http://www.mozilla.org/security/known-vuln...l#firefox3.0.13

Fixed in Firefox 3.0.13

MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL

MFSA 2009-43 Heap overflow in certificate regexp parsing

MFSA 2009-42 Compromise of SSL-protected communication

___

 

- http://secunia.com/advisories/36001/2/

Last Update: 2009-08-07

Critical: Highly critical

Impact: System access, Spoofing

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...

Solution: Update to version 3.5.2 or 3.0.13...

 

- http://secunia.com/advisories/36088/2/

Last Update: 2009-08-07

Critical: Highly critical

Impact: Security Bypass, DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x

Solution: Update to version 3.0.13...

___

 

* https://wiki.mozilla.org/WeeklyUpdates/2009...derbird_2.0.0.x

• short cycle release to fix new issues announced at BlackHat and Defcon

___

 

- http://www.eset.com/threat-center/blog/200...ty-less-privacy

August 6, 2009 - "... a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade the settings were reset to defaults. I simply happened to notice that I wasn’t prompted when I closed Firefox... This is not a behavior that should be happening. Perhaps my computer is an anomaly and there is a conflict... At any rate, it is always a good idea to check the settings of your programs periodically, and especially after an update..."

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox will check Flash...

- http://blog.mozilla.com/security/2009/09/0...lugins-updated/

September 04, 2009 - "Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk. For now our focus is on the Adobe Flash Player both because of its popularity and because some studies have shown that as many as 80% of users currently have an out of date version*..."

* http://blogs.zdnet.com/security/?p=4097

 

- https://wiki.mozilla.org/WeeklyUpdates/2009...derbird_2.0.0.x

WeeklyUpdates/2009-08-31

• Firefox 3.0.14 / Firefox 3.5.3

> on track for release next week

 

:thumbsup:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.3 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all.html

v.3.5.3, released September 9, 2009

 

- http://www.mozilla.org/security/known-vuln...ml#firefox3.5.3

Fixed in Firefox 3.5.3

MFSA 2009-51 Chrome privilege escalation with FeedWriter

MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters

MFSA 2009-49 TreeColumns dangling pointer vulnerability

MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)

___

 

Firefox v3.0.14 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all-older.html

v3.0.14, released September 9, 2009

 

- http://www.mozilla.org/security/known-vuln...l#firefox3.0.14

Fixed in Firefox 3.0.14

MFSA 2009-51 Chrome privilege escalation with FeedWriter

MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters

MFSA 2009-49 TreeColumns dangling pointer vulnerability

MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal

MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)

___

 

- http://secunia.com/advisories/36671/2/

Release Date: 2009-09-10

Critical: Highly critical

Impact: Security Bypass, Spoofing, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...

Solution: Update to version 3.0.14 or 3.5.3...

 

CVE reference:

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3069

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3070

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3071

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3072

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3073

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3074

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3075

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3076

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3077

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3078

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3079

 

.

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.channelregister.co.uk/2009/09/1...lnerable_flash/

17 September 2009 - "... Of the 6 million or so people who upgraded to either 3.5.3 or 3.0.14 of Firefox on its debut last Thursday, slightly more than 3 million of them were found to be running an outdated Flash version, according to Mozilla's Ken Kovash*. Sadly, only about 35 percent of those informed they had an insecure installation clicked on a link to upgrade to the latest version..."

* http://blog.mozilla.com/metrics/2009/09/16...-upgrade-flash/

 

:scratchhead::(

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

'Wish somebody would make up their mind!

 

- http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked/

18 October 2009 - "We received confirmation from Microsoft this evening that the Framework Assistant add-on is -not- a mechanism for exploiting the vulnerabilities detailed in the earlier post*, so we’ve removed it from the blocklist. As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.

We’re hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plugin before we remove it from the blocklist, and I’m working on a post to clarify the events of the past few days..."

* http://blog.mozilla.com/security/2009/10/16/net-framework-assistant-blocked-to-disarm-security-vulnerability/

10.16.09

 

- http://www.theregister.co.uk/2009/10/19/firefox_plug_in_security_flap/

19 October 2009

- http://www.theinquirer.net/inquirer/news/1558953/mozilla-shoots-microsoft-plug

19 October 2009

- http://www.h-online.com/security/news/item/Firefox-blocks-then-unblocks-Microsoft-add-on-832309.html

19 October 2009

 

- http://www.securityfocus.com/brief/1024

2009-10-20

 

- https://bugzilla.mozilla.org/show_bug.cgi?id=522777

Last: 2009-10-20

 

:scratchhead:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.java.com/en/download/faq/firefox_newplugin.xml

"In November 2009, the Mozilla Foundation will release version 3.6 of their popular internet browser, Firefox. Starting with Firefox 3.6, Java-based applications will NOT work unless you are running Java version 6 Update 10 or newer... Update your Java -before- updating to Firefox 3.6 and later versions..."

 

:blink:

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.4 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all.html

v.3.5.4, released October 27, 2009

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4

Fixed in Firefox 3.5.4

MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)

MFSA 2009-63 Upgrade media libraries to fix memory safety bugs

MFSA 2009-62 Download filename spoofing with RTL override

MFSA 2009-61 Cross-origin data theft through document.getSelection()

MFSA 2009-59 Heap buffer overflow in string to number conversion

MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()

MFSA 2009-56 Heap buffer overflow in GIF color map parser

MFSA 2009-55 Crash in proxy auto-configuration regexp parsing

MFSA 2009-54 Crash with recursive web-worker calls

MFSA 2009-53 Local downloaded file tampering

MFSA 2009-52 Form history vulnerable to stealing

___

 

Firefox v3.0.15 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all-older.html

v3.0.15, released October 27, 2009

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15

Fixed in Firefox 3.0.15

MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)

MFSA 2009-63 Upgrade media libraries to fix memory safety bugs

MFSA 2009-62 Download filename spoofing with RTL override

MFSA 2009-61 Cross-origin data theft through document.getSelection()

MFSA 2009-59 Heap buffer overflow in string to number conversion

MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()

MFSA 2009-56 Heap buffer overflow in GIF color map parser

MFSA 2009-55 Crash in proxy auto-configuration regexp parsing

MFSA 2009-53 Local downloaded file tampering

MFSA 2009-52 Form history vulnerable to stealing

___

 

- http://secunia.com/advisories/36711/2/

Release Date: 2009-10-28

Critical: Highly critical

Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x

Solution: Update to version 3.0.15 or 3.5.4...

CVE reference:

CVE-2009-1563, CVE-2009-3370, CVE-2009-3371, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3377, CVE-2009-3378, CVE-2009-3379, CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383

 

//

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.5 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all.html

v.3.5.5, released Nov. 5, 2009

 

- http://www.mozilla.com/en-US/firefox/3.5.5/releasenotes/

"Firefox 3.5.5 fixes the following issues: Fixed several stability issues..."

 

Complete list of changes in this version

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.1%3A.5-fixed

Thu Nov 5 2009 20:44:32 PST

 

//

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.6 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all.html

v.3.5.6, released December 15, 2009

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.6

Fixed in Firefox 3.5.6

MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects

MFSA 2009-70 Privilege escalation via chrome window.opener

MFSA 2009-69 Location bar spoofing vulnerabilities

MFSA 2009-68 NTLM reflection vulnerability

MFSA 2009-67 Integer overflow, crash in libtheora video library

MFSA 2009-66 Memory safety fixes in liboggplay media library

MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)

___

 

Firefox v3.0.16 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all-older.html

v3.0.16, released December 15, 2009

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.16

Fixed in Firefox 3.0.16

MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects

MFSA 2009-70 Privilege escalation via chrome window.opener

MFSA 2009-69 Location bar spoofing vulnerabilities

MFSA 2009-68 NTLM reflection vulnerability

MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)

___

 

- http://secunia.com/advisories/37699/2/

Release Date: 2009-12-16

Critical: Highly critical

Impact: Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...

Solution: Update to version 3.0.16 or 3.5.6...

 

- http://www.theregister.co.uk/2009/12/16/firefox_update/

16 December 2009

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.7 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all.html

v.3.5.7, released January 5, 2010

 

- http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes/

Firefox 3.5.7 fixes the following issues:

• Fixed a common stability issue.

• Fixed a problem with how updates were being presented to users.

Complete list of changes:

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.1%3A.7-fixed

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0220

Last revised: 01/08/2010

CVSS v2 Base Score: 5.0 (MEDIUM)

___

 

Firefox v3.0.17 released

 

From an admin account, start Firefox, then > Help > Check for Updates

-or-

Download: http://www.mozilla.com/firefox/all-older.html

v3.0.17, released January 5, 2010

 

- http://www.mozilla.com/en-US/firefox/3.0.17/releasenotes/

Firefox 3.0.17 fixes the following issue:

• Fixed a problem with how updates were being presented to users.

Complete list of changes:

- https://bugzilla.mozilla.org/buglist.cgi?keywords_type=anywords&keywords=fixed1.9.0.17+verified1.9.0.17

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v.3.6 released

- http://www.mozilla.com/en-US/firefox/3.6/releasenotes/

January 21, 2010 - "Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform, which has been under development since early 2009 and contains many improvements for web developers, add-on developers, and users. This version is also faster and more responsive than previous versions and has been optimized to run on small device operating systems such as Maemo..."

- Download: http://www.mozilla.com/firefox/all.html

 

WeeklyUpdates/2010-01-25

- https://wiki.mozilla.org/WeeklyUpdates/2010-01-25

Schedule for Firefox 3.5.8 are... Final release: February 16 ...

Schedule for Firefox 3.0.18 are... Final release: February 16 ...

 

:scratchhead:

Share this post


Link to post
Share on other sites

FYI...

 

From an admin account, start Firefox, then > Help > Check for Updates

 

Firefox v3.0.18/v3.5.8 released

- http://secunia.com/advisories/37242/

Release Date: 2010-02-18

Criticality level: Highly critical

Impact: Cross Site Scripting, System access

Where: From remote

Solution Status: Vendor Patch

Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x

Solution: Update to version 3.0.18 or 3.5.8.

Original Advisory: Mozilla:

http://www.mozilla.org/security/announce/2010/mfsa2010-01.html

http://www.mozilla.org/security/announce/2010/mfsa2010-02.html

http://www.mozilla.org/security/announce/2010/mfsa2010-03.html

http://www.mozilla.org/security/announce/2010/mfsa2010-04.html

http://www.mozilla.org/security/announce/2010/mfsa2010-05.html

Secunia Research:

http://secunia.com/secunia_research/2009-45/

 

Bug list:

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.1%3A.8-fixed

63 bugs found.

 

Fixed in Firefox 3.5.8

- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html

 

Bug list:

- https://bugzilla.mozilla.org/buglist.cgi?keywords_type=anywords&keywords=fixed1.9.0.18+verified1.9.0.18

19 bugs found.

 

Fixed in Firefox 3.0.18

- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162

___

 

Blocklisted add-ons that should no longer be used with Mozilla products.

- https://www.mozilla.com/en-US/blocklist/

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.2

- http://secunia.com/advisories/38608/

Last Update: 2010-03-19

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Workaround

Software: Mozilla Firefox 3.6.x

Original Advisory: Mozilla:

- http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

03.18.10 - "Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience. Alternatively, users can download the current Beta build of Firefox 3.6.2, which contains the fix from here: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.2-candidates/build3/

 

- https://wiki.mozilla.org/WeeklyUpdates/2010-03-22#Branch_work:_Firefox_3.5.x_.2F_Firefox_3.6.x_.2F_Thunderbird_3.0.x

WeeklyUpdates/2010-03-22 - "QA and release teams are quickly checking the risk of 1.9.2 patches, to see if we can get 3.6.2 out early this week."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.2 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

 

• Critical: MFSA 2010-11 Crashes with evidence of memory corruption

- http://www.mozilla.org/security/announce/2010/mfsa2010-11.html

• Critical: MFSA 2010-08 WOFF heap corruption due to integer overflow

- http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

 

Fixed in Firefox 3.6.2

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.2

MFSA 2010-15 Asynchronous Auth Prompt attaches to wrong window

MFSA 2010-14 Browser chrome defacement via cached XUL stylesheets

MFSA 2010-13 Content policy bypass with image preloading

MFSA 2010-12 XSS using addEventListener and setTimeout on a wrapped object

MFSA 2010-11 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18)

MFSA 2010-10 XSS via plugins and unprotected Location object

MFSA 2010-09 Deleted frame reuse in multipart/x-mixed-replace image

MFSA 2010-08 WOFF heap corruption due to integer overflow

 

What’s New in Firefox 3.6.2

- http://www.mozilla.com/en-US/firefox/3.6.2/releasenotes/

Firefox 3.6.2 fixes the following issues found in previous versions of Firefox 3.6:

* Fixed a critical security issue that could potentially allow remote code execution (see bug 552216).

* Fixed several additional security issues.

* Fixed several stability issues.

Please see the complete list of changes* in this version..."

* https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2%3A.2-fixed

118 bugs found.

 

- http://secunia.com/advisories/38608/

Last Update: 2010-03-23

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution: Update to version 3.6.2.

 

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028

... before 3.6.2...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1122

Last revised: 03/26/2010 - ... Firefox 3.5.x through 3.5.8...

CVSS v2 Base Score: 10.0 (HIGH)...

 

- https://wiki.mozilla.org/WeeklyUpdates/2010-03-29#Branch_work:_Firefox_3.5.x_.2F_Firefox_3.6.x_.2F_Thunderbird_3.0.x

WeeklyUpdates/2010-03-29 - "... 3.5.9, 3.0.19 on track for tomorrow..."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.5.9 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download

- http://www.mozilla.com/firefox/all-older.html

 

Release Notes

- http://www.mozilla.com/firefox/3.5.9/releasenotes/

v.3.5.9, released March 30, 2010

 

Security Advisories

- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.9

Fixed in Firefox 3.5.9

MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy

MFSA 2010-23 Image src redirect to mailto: URL opens email editor

MFSA 2010-22 Update NSS to support TLS renegotiation indication

MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop

MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray

MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection

MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)

 

- https://developer.mozilla.org/devnews/index.php/2010/03/30/firefox-3-5-9-and-3-0-19-security-updates-now-available/

March 30, 2010 - "... Firefox 3.5.9 and Firefox 3.0.19 are now available for Windows, Mac, and Linux for free download... Please note: This is the last planned security and stability release for Firefox 3.0..."

Use: >Help >Check for Updates

 

Firefox 3.0.19: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.19

 

13 bugs...

- https://bugzilla.mozilla.org/buglist.cgi?keywords_type=anywords&keywords=fixed1.9.0.19+verified1.9.0.19

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.3 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

 

- http://www.mozilla.org/security/announce/2010/mfsa2010-25.html

Title: Re-use of freed object due to scope confusion

Impact: Critical

Announced: April 1, 2010

Reporter: Nils (MWR InfoSecurity)

Products: Firefox

Fixed in: Firefox 3.6.3...

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1121

Last revised:03/26/2010

CVSS v2 Base Score: 10.0 (HIGH)

Overview: Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010...

 

- http://secunia.com/advisories/39175/

Release Date: 2010-04-02

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution: Update to version 3.6.3.

___

 

Due to some obscure moron a "security 'specialist'" hacking into a kludge of browsers "playing games" at a supposed security conference at CanSecWest with all the public media reports as a result of the "contest", this update became necessary wasting the time and effort of millions of end users and those who support them. More updates for other browsers will follow...

 

Responsible Disclosure Policy

- http://www.secureworks.com/research/disclosure.html

As a managed security services provider, we are constantly researching new methods computer criminals could use to break into systems, steal information and cause harm to our clients or their clients. We must be ahead of the criminal – anticipating new threats and developing countermeasures to prevent those threats. In that process, we may discover a vulnerability or a class of vulnerabilities in a technology solution that could create risk for our clients or the general market. When we discover a vulnerability, we will follow SecureWorks’ Responsible Disclosure Policy.

The goals of our Disclosure Policy are as follows:

1. Minimize risks to our clients and to the market

2. Education

3. Contribution to the security community

4. Cooperation with vendor community to understand the vulnerability

SecureWorks believes that it is important to work with technology providers when we find vulnerabilities – giving them an opportunity to patch their systems prior to advising our clients and the public about the vulnerability. This reduces the opportunity for a computer criminal to use information we provide to the public to cause harm although it does not prevent the criminal from discovering the same vulnerability independently...

 

//

 

:techsupport::(:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.4 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

June 22, 2010

 

What’s new

- http://www.mozilla.com/en-US/firefox/3.6.4/releasenotes/

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4

 

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2%3A.4-fixed

226 bugs found/fixed

 

- http://secunia.com/advisories/40309/

Release Date: 2010-06-23

Criticality level: Highly critical

Impact: Security Bypass, Exposure of sensitive information, System access

Where: From remote

Solution: Update to version 3.5.10 or 3.6.4...

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.6 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

June 26, 2010

 

What’s new

- http://www.mozilla.com/en-US/firefox/3.6.6/releasenotes/

"Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated..."

 

- http://forums.mozillazine.org/viewtopic.php?f=38&t=1929983

"Firefox 3.6.6 is a maintenance release to solve problems with Flash crashes. If you are having a number of flash crashes this should solve the issue. The fix increases the amount of time the before Firefox decides the plug-in has crashed. If you are curious why this release isn't number 3.6.5 see where's 3.6.5?* ..."

* http://christian.legnitto.com/blog/2010/06/09/heads-up-the-next-firefox-platform-version-is-1-9-2-6-instead-of-1-9-2-5/

 

- http://www.h-online.com/security/news/item/Norton-produces-false-alarm-after-Firefox-update-1030099.html

28 June 2010 - "... Norton Antivirus and Internet Security from Symantec both issued a security alert and pushed various files into quarantine after they installed the latest Firefox update which in turn caused Firefox to malfunction. In Symantec's support forums and elsewhere on the internet, further users have reported malware alerts after installing the Firefox 3.6.6 update. The affected files are reported to be:

* freebl3.dll

* softokn3.dll

* nssdbm3.dll

The name given by Symantec, WS.Reputation.1, points towards a detection by the cloud based functionality of Norton where the company evaluates the information transmitted by users' systems to assess files. Files that haven't been seen before are considered particularly suspicious. [?] If Norton then detects anything else that's unusual about the file, it will raise the alarm..."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.8 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

July 23, 2010

 

What’s new

- http://www.mozilla.com/en-US/firefox/3.6.8/releasenotes/

• Fixed a single stability issue affecting some pages containing plugins.

Regression: http://www.mozilla.org/security/announce/2010/mfsa2010-48.html

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.8

 

- http://securitytracker.com/alerts/2010/Jul/1024243.html

Date: July 24, 2010

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2755

CVSS v2 Base Score: 10.0 (HIGH)

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.9 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

Sep. 7, 2010

 

What’s new

- http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/

 

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9

 

67 bugs found:

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.9-fixed

 

- http://secunia.com/advisories/41297/

Release Date: 2010-09-08

Criticality level: Highly critical

Impact: Cross Site Scripting, Exposure of sensitive information, System access

Where: From remote

CVE Reference(s): CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169

Solution: Update to version 3.6.9 or 3.5.12.

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3171

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3399

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3400

 

- http://securitytracker.com/alerts/2010/Sep/1024401.html

- http://securitytracker.com/alerts/2010/Sep/1024406.html

Sep 8 2010

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.10 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

Sep. 15, 2010

 

What’s new

- http://www.mozilla.com/en-US/firefox/3.6.10/releasenotes/

• Fixed a single stability issue affecting a limited number of users

 

2 bugs found.

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2%3A.10-fixed

 

:mellow:

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.11 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

Oct. 19, 2010

 

What’s new

- http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/

• Fixed several security issues.

• Fixed several stability issues.

 

Fixed in Firefox 3.6.11

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

 

Complete list of changes: 40 bugs found.

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2%3A.11-fixed

 

- http://www.securitytracker.com/id?1024605

Oct 20 2010

CVE Reference: CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3181, CVE-2010-3182, CVE-2010-3183

Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network ...

... prior to 3.6.11

Solution: The vendor has issued a fix (3.5.14, 3.6.11)...

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.12 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

Oct. 27, 2010

 

Fixed in Firefox 3.6.12

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12

 

- http://www.mozilla.org/security/announce/2010/mfsa2010-73.html

Critical: Heap buffer overflow mixing document.write and DOM insertion

 

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.13 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

Dec. 9, 2010

 

Fixed in Firefox 3.6.13

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13

MFSA 2010-84 XSS hazard in multiple character encodings

MFSA 2010-83 Location bar SSL spoofing using network error page

MFSA 2010-82 Incomplete fix for CVE-2010-0179

MFSA 2010-81 Integer overflow vulnerability in NewIdArray

MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver

MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh

MFSA 2010-78 Add support for OTS font sanitizer

MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree

MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element

MFSA 2010-75 Buffer overflow while line breaking after document.write with long string

MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

 

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.13-fixed

68 bugs fixed...

 

- http://secunia.com/advisories/42517/

Release Date: 2010-12-10

Criticality level: Highly critical

Impact: Security Bypass, Cross Site Scripting, Spoofing, System access

Where: From remote

Solution Status: Vendor Patch...

Solution: Update to version 3.6.13 or 3.5.16.

 

- http://www.securitytracker.com/id?1024848

- http://www.securitytracker.com/id?1024850

- http://www.securitytracker.com/id?1024851

Dec 10 2010

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v.3.6.14 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

March 1st, 2011

 

Fixed in Firefox 3.6.14

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14

MFSA 2011-10 CSRF risk with plugins and 307 redirects

MFSA 2011-09 Crash caused by corrupted JPEG image

MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents

MFSA 2011-07 Memory corruption during text run construction (Windows)

MFSA 2011-06 Use-after-free error using Web Workers

MFSA 2011-05 Buffer overflow in JavaScript atom map

MFSA 2011-04 Buffer overflow in JavaScript upvarMap

MFSA 2011-03 Use-after-free error in JSON.stringify

MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true

MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

 

Bug fixes:

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.14-fixed

41 bugs found.

___

 

- http://secunia.com/advisories/43550/

Release Date: 2011-03-02

Criticality level: Highly critical

Impact: Cross Site Scripting, Spoofing, DoS, System access

Where: From remote

Solution: Update to Mozilla Firefox version 3.5.17 or 3.6.14

 

- http://www.securitytracker.com/id/1025134

Mar 2 2011

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v.3.6.15 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

March 4, 2011

 

- http://www.mozilla.com/en-US/firefox/3.6.15/releasenotes/

• Fixed an issue where some Java applets would fail to load in Firefox 3.6.14

 

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.15-fixed

24 bugs found.

___

 

- https://wiki.mozilla.org/WeeklyUpdates/2011-03-07#Firefox_3.6_and_3.5

WeeklyUpdates/2011-03-07

Shipped 3.6.15 on Friday, fixing an issue where Firefox 3.6.14 would fail to load certain Java applets

Bugs will be adjusted to reflect the current state of branch fixes ...

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox 4 next week ...

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=229301231

March 18, 2011 - "Firefox 4... will be officially released on March 22, 2011..."

 

- http://blogs.computerworld.com/17982/windows_7_service_pack_1_dont_install_it_yet

March 16, 2011 - "... Firefox version 4.. give it a couple months before installing it; not only to let the browser get battle tested but also to give authors of extensions more time to get the kinks out..."

 

- https://wiki.mozilla.org/Firefox/Roadmap#Product_Priorities_for_2011

 

:ph34r: :!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v4.0 released

 

From an admin. account, start Firefox, then >Help >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

March 22, 2011

 

- http://www.mozilla.com/en-US/firefox/4.0/releasenotes/

 

- http://www.mozilla.com/en-US/firefox/4.0/system-requirements/

"... Please note that while the 32-bit and 64-bit versions of Windows Vista and Windows 7 can be used to run Firefox 4, only 32-bit builds of Firefox 4 are supported at this time..."

___

 

What happened to the Status Bar?

- http://support.mozilla.com/en-US/kb/what-happened-status-bar?s=show+status+bar&as=s#w_the-new-status-bar

 

Where are my Add-ons?

- http://support.mozilla.com/en-US/kb/what-happened-status-bar?s=show+status+bar&as=s#w_where-are-my-add-ons

"... Status-4-Evar** is an Add-on that recreates all of the features of the old Status Bar and lets you put them in the new Add-on Bar*..."

* http://support.mozilla.com/en-US/kb/what-add-bar

"... The Add-on Bar is a toolbar that holds all of your add-on shortcuts, giving you quick and easy access to their features. This article shows you how to use and customize the Add-on Bar... How do I show or hide the Add-on Bar?

If you don't have any add-ons that use the Add-on Bar, it won't be shown by default but you can easily show or hide it whenever you want.

> To show or hide the Add-on Bar, right-click on an empty section of the Tab Strip and check or uncheck it in the pop-up menu.

You can also use the keyboard shortcut Ctrl + / .

 

** https://addons.mozilla.org/en-US/firefox/addon/235283/

 

How do I put tabs back on bottom like they used to be?

- http://support.mozilla.com/en-US/kb/why-are-tabs-top#w_how-do-i-put-tabs-back-on-bottom-like-they-used-to-be

"At the top of the Firefox window, click on the Firefox button, go over to the Options... arrow and uncheck Tabs on Top".

-or-

"... By default, the Tab Strip is above the Navigation Toolbar. If you want it below, right-click on an empty section of the Tab Strip and uncheck 'Tabs on Top'..."

___

 

Adblock Plus v1.3.5

- http://adblockplus.org/releases/adblock-plus-135-released

 

- http://adblockplus.org/en/changelog-1.3.5

___

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v3.6.16 and 3.5.18...

- http://isc.sans.edu/diary/Firefox+3+Updates+and+SSL+Blacklist+extension/10597

Last Updated: 2011-03-23 13:01:43 UTC - "At the heels of yesterday's Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. If you are not planning to update to Firefox 4 soon, you should update to the newest 3.x version..."

>> http://www.mozilla.com/en-US/firefox/all-older.html

('Should also be available thru the 'Help > Check for Updates' function.)

 

- http://www.mozilla.org/security/announce/2011/mfsa2011-11.html

March 22, 2011

 

- http://www.securitytracker.com/id/1025243

Mar 23 2011

 

What’s New in Firefox 3.6.16...

- http://www.mozilla.com/en-US/firefox/3.6.16/releasenotes/

v.3.6.16, released March 22nd, 2011 - "... blacklists a few invalid HTTPS certificates."

 

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.16-fixed

One bug found... bogus certs issued by Comodo partner.

 

- http://isc.sans.edu/diary.html?storyid=10603

Last Updated: 2011-03-23 18:11:20 UTC

 

;)

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox v4.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates

-or-

Download:

- http://www.mozilla.com/firefox/all.html

April 28, 2011

> Release notes

- http://www.mozilla.com/en-US/firefox/4.0.1/releasenotes/

> Security Advisories

- http://www.mozilla.org/security/known-vulnerabilities/firefox40.html#firefox4.0.1

MFSA 2011-18 XSLT generate-id() function heap address leak

MFSA 2011-17 WebGLES vulnerabilities

MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status2.0%3A.1-fixed

55 bugs found.

___

 

v3.6.17

- http://www.mozilla.com/en-US/firefox/3.6.17/releasenotes/

April 28, 2011

>Help >Check for Updates

-or-

- http://www.mozilla.com/en-US/firefox/all-older.html

> Security Advisories

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17

MFSA 2011-18 XSLT generate-id() function heap address leak

MFSA 2011-16 Directory traversal in resource: protocol

MFSA 2011-15 Escalation of privilege through Java Embedding Plugin

MFSA 2011-14 Information stealing via form history

MFSA 2011-13 Multiple dangling pointer vulnerabilities

MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2%3A.17-fixed

59 bugs found

___

 

- http://www.securitytracker.com/id/1025456

Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

CVE Reference:

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 - 10.0

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 - 7.5

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 - 10.0

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 - "

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 - "

Version(s): -prior- to 3.5.19, 3.6.17, 4.0.1

Apr 29 2011

___

 

- https://developer.mozilla.org/devnews/index.php/2011/04/28/firefox-4-0-1-3-6-17-and-3-5-19-security-updates-now-available/

April 28, 2011 - "... This is the last planned security and stability release for Firefox 3.5. All users are encouraged to upgrade..."

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Firefox 5 ...

- http://www.h-online.com/open/news/item/Firefox-5-nears-with-release-candidate-1261711.html

16 June 2011 - "... the final version of Firefox 5 will be released on Tuesday 21 June alongside Firefox 3.6.18 and Thunderbird 3.1.11..."

- https://wiki.mozilla.org/Releases#Firefox_5

 

- http://secunia.com/advisories/44972/

... The weakness is reported in version 4.0.1. Other versions may also be affected.

Solution: The vendor recommends to disable WebGL. The vendor has scheduled a fix for 2011-06-21...

Original Advisory: Mozilla:

http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/

 

- http://www.securitytracker.com/id/1025676

Jun 17 2011 ... fix, tentatively scheduled for June 21, 2011...

___

 

Firefox v3.5 forced upgrade...

- http://isc.sans.org/diary.html?storyid=10885

Last Updated: 2011-05-16 21:39:57 UTC - "With Firefox 4 released not too long ago and Firefox 5 supposed to be released on June 21st... seems to be 12 million users still on Firefox 3.5... Firefox will start issuing warning on Google's default pages for users of version 3.5 and planning to push out 3.6.18 as an update (if auto update is enabled) once Firefox 5 is out... More info*..."

* http://www.theregister.co.uk/2011/05/16/mozilla_firefox_3_5_forced_upgrade/

 

- https://wiki.mozilla.org/Releases/3.5_EOL#Assumptions

11 May 2011

 

:ph34r::blink:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now