Jump to content


Photo

Firefox updated...


  • Please log in to reply
97 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 July 2008 - 01:21 AM

FYI...

Firefox v2.0.0.16 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.c.../all-older.html

What's New in Firefox 2.0.0.16:
- http://www.mozilla.c...6/releasenotes/
July 15, 2008

- http://www.mozilla.o.../firefox20.html

- http://nvd.nist.gov/...e=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)
- http://cve.mitre.org...e=CVE-2008-2933

//

Edited by apluswebmaster, 16 July 2008 - 06:59 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 July 2008 - 06:00 PM

FYI...

Firefox v3.0.1 released
- http://www.mozilla.com/firefox/
July 16, 2008

Upgrading Firefox
- http://support.mozil...grading Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."

If "Check for Updates is disabled", see:
- http://support.mozil...tes is disabled

Security Advisories
- http://www.mozilla.o...ml#firefox3.0.1

Known Issues
- http://www.mozilla.c...1/releasenotes/

Fixes in v3.0.1:
- http://www.mozilla.o...fsa2008-34.html
- http://www.mozilla.o...fsa2008-35.html
- http://www.mozilla.o...fsa2008-36.html

- http://secunia.com/advisories/31106/
Last Update: 2008-07-17
Critical: Highly critical
Impact: Security Bypass, Spoofing, System access
Where: From remote
...The vulnerabilities are reported in versions prior to 3.0.1.
Solution: Update to version 3.0.1 ...

- http://nvd.nist.gov/...e=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)

- http://nvd.nist.gov/...e=CVE-2008-2933

//

Edited by apluswebmaster, 17 July 2008 - 11:09 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 23 September 2008 - 08:41 PM

FYI...

Firefox v3.0.2 released
- http://www.mozilla.com/firefox/
Upgrading Firefox
- http://support.mozil...grading Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."
If "Check for Updates is disabled", see:
- http://support.mozil...tes is disabled
Security Advisories
- http://www.mozilla.o...ml#firefox3.0.2
Known Issues
- http://www.mozilla.c...2/releasenotes/
---

Firefox v2.0.0.17 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.c.../all-older.html
What's New in Firefox 2.0.0.17:
- http://www.mozilla.c...7/releasenotes/
September 23, 2008
- http://www.mozilla.o...firefox2.0.0.17
---

FF3: http://secunia.com/advisories/32011/
Software: Mozilla Firefox 3.x
CVE reference:
http://web.nvd.nist....d=CVE-2008-3837
http://web.nvd.nist....d=CVE-2008-4058
http://web.nvd.nist....d=CVE-2008-4060
http://web.nvd.nist....d=CVE-2008-4061
http://web.nvd.nist....d=CVE-2008-4062
http://web.nvd.nist....d=CVE-2008-4063
http://web.nvd.nist....d=CVE-2008-4064
http://web.nvd.nist....d=CVE-2008-4065
http://web.nvd.nist....d=CVE-2008-4067
http://web.nvd.nist....d=CVE-2008-4068

FF2: http://secunia.com/advisories/31984/
Software: Mozilla Firefox 2.0.x
CVE reference:
http://web.nvd.nist....d=CVE-2008-0016
http://web.nvd.nist....d=CVE-2008-3835
http://web.nvd.nist....d=CVE-2008-3836
http://web.nvd.nist....d=CVE-2008-3837
http://web.nvd.nist....d=CVE-2008-4058
http://web.nvd.nist....d=CVE-2008-4059
http://web.nvd.nist....d=CVE-2008-4060
http://web.nvd.nist....d=CVE-2008-4061
http://web.nvd.nist....d=CVE-2008-4062
http://web.nvd.nist....d=CVE-2008-4065
http://web.nvd.nist....d=CVE-2008-4066
http://web.nvd.nist....d=CVE-2008-4067
http://web.nvd.nist....d=CVE-2008-4068
http://web.nvd.nist....d=CVE-2008-4069

.

Edited by apluswebmaster, 26 September 2008 - 03:22 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 26 September 2008 - 07:01 PM

FYI...

Firefox v3.0.3 released
- http://en-us.www.moz...3/releasenotes/
September 26, 2008 - "Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708*)"
* https://bugzilla.moz...g.cgi?id=454708

- http://www.mozilla.c...irefox/all.html

:!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 12 November 2008 - 07:34 PM

FYI...

Firefox v3.0.4 - v2.0.0.18 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-


Download Firefox v3.0.4
- http://www.mozilla.c...irefox/all.html
Download Firefox v2.0.0.18
- http://www.mozilla.c.../all-older.html

Release Notes
- http://www.mozilla.c...4/releasenotes/
Also see "Known Issues..." for v3: All Systems - 9 items, Microsoft Windows - 2...

Security issues
- http://www.mozilla.o...ml#firefox3.0.4
___

Firefox 3
- http://secunia.com/advisories/32713/
Release Date: 2008-11-13
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...
Original Advisory:
http://www.mozilla.o...fsa2008-51.html
http://www.mozilla.o...fsa2008-52.html
http://www.mozilla.o...fsa2008-53.html
http://www.mozilla.o...fsa2008-54.html
http://www.mozilla.o...fsa2008-55.html
http://www.mozilla.o...fsa2008-56.html
http://www.mozilla.o...fsa2008-57.html
http://www.mozilla.o...fsa2008-58.html ...

Firefox 2
- http://secunia.com/advisories/32693/
Release Date: 2008-11-13
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...
Original Advisory:
http://www.mozilla.o...fsa2008-47.html
http://www.mozilla.o...fsa2008-48.html
http://www.mozilla.o...fsa2008-49.html
http://www.mozilla.o...fsa2008-50.html
http://www.mozilla.o...fsa2008-52.html
http://www.mozilla.o...fsa2008-53.html
http://www.mozilla.o...fsa2008-54.html
http://www.mozilla.o...fsa2008-55.html
http://www.mozilla.o...fsa2008-56.html
http://www.mozilla.o...fsa2008-57.html
http://www.mozilla.o...fsa2008-58.html ...

:!:

Edited by apluswebmaster, 17 November 2008 - 11:24 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 December 2008 - 06:21 PM

FYI...

Firefox v3.0.5 released
- http://www.mozilla.com/firefox/
Dec. 16, 2008

Release Notes
- http://www.mozilla.c...5/releasenotes/

Security Advisories
- http://www.mozilla.o...ml#firefox3.0.5
Fixed in Firefox 3.0.5
MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
___

Firefox v2.0.0.19 released
- http://www.mozilla.c.../all-older.html

- http://www.mozilla.c...9/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3.
Firefox 2.0.0.19 does -not- include Phishing Protection.
___

- http://secunia.com/advisories/33203/

- http://secunia.com/advisories/33184/

:ph34r:

Edited by apluswebmaster, 17 December 2008 - 06:23 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 19 December 2008 - 09:14 AM

FYI...

Firefox v2.0.0.20 released
- http://www.mozilla.c.../all-older.html
December 18, 2008

Release Notes:
- http://www.mozilla.c...0/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3. Firefox 2.0.0.20 does not include Phishing Protection.
- http://www.mozilla.c...senotes/#issues

Security Update:
- http://www.mozilla.c...0/releasenotes/
Firefox 2.0.0.20 includes an additional security fix over Firefox 2.0.0.19 for users of the Windows platform. The following security issue* was fixed.

* http://www.mozilla.o...firefox2.0.0.20
MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
- http://preview.tinyurl.com/3mvadg
"...Mozilla omitted one of the security patches that was supposed to be included in the Windows version of Tuesday's Firefox 2.0 .0.19 release..."

Firefox 3
- http://secunia.com/advisories/33203/
...Solution: Update to version 3.0.5.
http://www.mozilla.c...t=firefox-3.0.5

:ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 03 February 2009 - 07:55 PM

FYI...

Firefox v3.0.6 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.6
- http://www.mozilla.c...irefox/all.html

Security Advisories for Firefox v3.0.6
- http://www.mozilla.o...ml#firefox3.0.6
Fixed in Firefox 3.0.6
MFSA 2009-06 Directives to not cache pages ignored
MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
MFSA 2009-04 Chrome privilege escalation via local .desktop files
MFSA 2009-03 Local file stealing with SessionStore
MFSA 2009-02 XSS using a chrome XBL method and window.eval
MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

- http://secunia.com/advisories/33799/
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x...

- http://web.nvd.nist....d=CVE-2009-0352
- http://web.nvd.nist....d=CVE-2009-0353
- http://web.nvd.nist....d=CVE-2009-0354
- http://web.nvd.nist....d=CVE-2009-0355
- http://web.nvd.nist....d=CVE-2009-0356
- http://web.nvd.nist....d=CVE-2009-0357
- http://web.nvd.nist....d=CVE-2009-0358

:!:

Edited by apluswebmaster, 09 February 2009 - 12:26 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 04 March 2009 - 08:49 PM

FYI...

Firefox v3.0.7 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.7
- http://www.mozilla.c...irefox/all.html

Fixed in Firefox 3.0.7
- http://www.mozilla.o...ml#firefox3.0.7
MFSA 2009-11 URL spoofing with invisible control characters
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)

- http://nvd.nist.gov/...e=CVE-2009-0771
- http://nvd.nist.gov/...e=CVE-2009-0772
- http://nvd.nist.gov/...e=CVE-2009-0773
- http://nvd.nist.gov/...e=CVE-2009-0774
- http://nvd.nist.gov/...e=CVE-2009-0775
- http://nvd.nist.gov/...e=CVE-2009-0776

- http://secunia.com/advisories/34145/2/
Release Date: 2009-03-05
Critical: Highly critical
Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x ...
Solution: Update to version 3.0.7 ...

:!:

Edited by apluswebmaster, 09 March 2009 - 04:10 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 28 March 2009 - 05:19 AM

FYI...

Firefox v3.0.8 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.8
- http://www.mozilla.c...irefox/all.html

Fixed in Firefox 3.0.8
- http://www.mozilla.o...ml#firefox3.0.8
MFSA 2009-13 Arbitrary code execution through XUL <tree> element
MFSA 2009-12 XSL Transformation vulnerability

- http://secunia.com/advisories/34471/2/
Last Update: 2009-03-28
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x ...
Solution: Update to version 3.0.8...

- http://nvd.nist.gov/...e=CVE-2009-1044
- http://nvd.nist.gov/...e=CVE-2009-1169

:!:

Edited by apluswebmaster, 31 March 2009 - 03:53 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 21 April 2009 - 08:57 PM

FYI...

Firefox v3.0.9 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.9
- http://www.mozilla.c...irefox/all.html

Fixed in Firefox 3.0.9
- http://www.mozilla.o...ml#firefox3.0.9
MFSA 2009-22 Firefox allows Refresh header to redirect to java script: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
MFSA 2009-15 URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

- http://secunia.com/advisories/34758/2/
Release Date: 2009-04-22
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x ...
Solution: Update to version 3.0.9...
CVE reference:
http://web.nvd.nist....d=CVE-2009-1302
http://web.nvd.nist....d=CVE-2009-1303
http://web.nvd.nist....d=CVE-2009-1304
http://web.nvd.nist....d=CVE-2009-1305
http://web.nvd.nist....d=CVE-2009-1306
http://web.nvd.nist....d=CVE-2009-1307
http://web.nvd.nist....d=CVE-2009-1308
http://web.nvd.nist....d=CVE-2009-1309
http://web.nvd.nist....d=CVE-2009-1310
http://web.nvd.nist....d=CVE-2009-1311
http://web.nvd.nist....d=CVE-2009-1312

:!:

Edited by apluswebmaster, 22 April 2009 - 06:50 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 28 April 2009 - 05:10 AM

FYI...

Firefox v3.0.10 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.10
- http://www.mozilla.c...irefox/all.html

Fixed in Firefox 3.0.10
- http://www.mozilla.o...l#firefox3.0.10
MFSA 2009-23 Crash in nsTextFrame::ClearTextRun()

- http://cve.mitre.org...e=CVE-2009-1313

- http://secunia.com/advisories/34866/2/
Release Date: 2009-04-28
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x ...
Solution: Update to version 3.0.10...
Original Advisory: http://www.mozilla.o...fsa2009-23.html

:!:

Edited by apluswebmaster, 28 April 2009 - 06:57 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 11 June 2009 - 05:20 PM

FYI...

Firefox v3.0.11 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.11
- http://www.mozilla.c...irefox/all.html

Fixed in Firefox 3.0.11
- http://www.mozilla.o...l#firefox3.0.11
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-31 XUL scripts bypass content-policy checks
MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-25 URL spoofing with invalid unicode characters
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

:!:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 30 June 2009 - 05:21 PM

FYI...

- http://support.mozil...d...irefox 3·5
"... To upgrade from Firefox 3.0.x, open the Help menu (from an Admin account) and click Check for Updates..."
(NOTE: Some add-on's may not be compatible until they are updated*)

-OR-
Firefox v.3.5 released / Download
- http://www.mozilla.c...ox/firefox.html
June 30th, 2009

Release Notes / *Known issues
- http://www.mozilla.c...5/releasenotes/

Security & Privacy
- http://www.mozilla.c...tures/#security

Video
- http://www.mozilla.c...?video=security

- http://www.f-secure....s/00001712.html
July 1, 2009 - "... when I installed Firefox 3.5 the Private Browsing option was disabled. What?..."

Firefox v3.5.1 patch to be released...
- http://www.theregist..._firefox_3_5_1/
3 July 2009
___

- https://wiki.mozilla...derbird_2.0.0.x
Firefox 3.0.12
* Code frozen as of Thursday last week
* Targeting mid/late-July release ...

- http://www.computerw...ticleId=9135001
June 30, 2009 - "... the kill date for Version 3.0 will be Dec. 31, 2009..."

:ph34r:

Edited by apluswebmaster, 04 July 2009 - 12:55 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 14 July 2009 - 04:53 AM

FYI...

Firefox memory corruption vuln - unpatched
- http://secunia.com/advisories/35798/2/
Release Date: 2009-07-14
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 3.5.x
Solution: Do not browse untrusted websites or follow untrusted links...
Original Advisory: http://milw0rm.com/exploits/9137 ...

- http://www.us-cert.g...5_vulnerability
July 14, 2009

Per: http://voices.washin...ical_firef.html
July 14, 2009 - "... Fortunately, there is a relatively easy fix for this that can be reversed once Mozilla issues a patch. To disable the vulnerable component, open up a new Firefox window and type "about:config" (without the quotes) in the browser's address bar. In the "filter" box, type "jit" and you should see a setting called "javascript.options.jit.content". You should notice that beside that setting it reads "true," meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to "false." That's it. Note that making this change will slow down Javascript rendering in Firefox 3.5 to 3.0 speeds, but that may be a worthwhile trade-off for readers concerned about the availability of exploit code for this flaw."
... 'Glad that Brian Krebs guy is around. :-)
Edit/add: Also found (later) here:
- http://blog.mozilla....-in-firefox-35/

- https://isc.sans.org...ml?storyid=6796
Last Updated: 2009-07-16 17:54:23 UTC ...(Version: 4) - "... this exploit has been spotted in the wild. The attacked just used Metasploit to create it and put a PoisonIvy client as the payload. Unfortunately, the payload has been packed with a packer that prevented some AV vendors so the detection isn't all that great..."

:ph34r: :ph34r:

Edited by apluswebmaster, 17 July 2009 - 06:18 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 July 2009 - 09:29 PM

FYI...

Firefox v3.5.1 released

From an admin account, start Firefox, then >Help >Check for Updates
-OR-

Download Firefox v3.5.1
- http://www.mozilla.c...irefox/all.html

Complete list of changes in this version
- https://bugzilla.moz...verified1.9.1.1
> 22 bugs found.

- http://www.mozilla.o...fsa2009-41.html
July 16, 2009

- http://isc.sans.org/...ml?storyid=6817
Last Updated: 2009-07-17 07:17:02 UTC - "... if you applied the workaround by disabling the JIT in about:config, remember to turn it back on"

- http://www.mozilla.c...1/releasenotes/
Installing... Please note that installing Firefox 3.5 will overwrite your existing installation of Firefox. You won’t lose any of your bookmarks or browsing history, but some of your extensions and other add-ons might not work until updates for them are made available. You can reinstall an older version later if you wish to downgrade.
> http://www.mozilla.c.../all-older.html
___

> https://wiki.mozilla...derbird_2.0.0.x
2009-07-13
• Firefox 3.0.12 ...
* final ship next week

:!:

Edited by apluswebmaster, 17 July 2009 - 04:40 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 18 July 2009 - 11:48 AM

FYI...

NEW vuln - FireFox 3.5.1 confirmed, exploit PoC, no patch
- http://isc.sans.org/...ml?storyid=6829
Last Updated: 2009-07-18 15:04:23 UTC - "Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available."
Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability
> http://www.securityf....com/bid/35707/
CVE-2009-2479
> http://web.nvd.nist....d=CVE-2009-2479
Last revised: 07/16/2009
CVSS v2 Base Score: 10.0 (HIGH)
>> http://xforce.iss.ne...orce/xfdb/51729
Reported: July 15, 2009
>> http://www.milw0rm.com/exploits/9158
[2009-07-15]

milw0rm 9158 “stack overflow” crash not exploitable (CVE-2009-2479)
- http://blog.mozilla....-cve-2009-2479/
07.19.09 - "In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is -not-, and we have seen no example of exploitability... we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly."

:!: :ph34r:

Edited by apluswebmaster, 19 July 2009 - 07:50 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 21 July 2009 - 08:00 PM

FYI...

Firefox v3.0.12 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.12
- http://www.mozilla.c.../all-older.html

- http://www.mozilla.o...l#firefox3.0.12
Fixed in Firefox 3.0.12
MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__ on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-35 Crash and remote code execution during Flash player unloading
MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)

- http://secunia.com/advisories/35914/2/
Release Date: 2009-07-22
Critical: Highly critical
Impact: System access, Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x ...
Solution: Update to version 3.0.12 ...

:!:

Edited by apluswebmaster, 22 July 2009 - 05:40 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 08 August 2009 - 12:28 PM

FYI...

Firefox v3.5.2 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c...irefox/all.html
v.3.5.2, released August 3rd, 2009

Release Notes: http://www.mozilla.c...2/releasenotes/

- http://www.mozilla.o...ml#firefox3.5.2
Fixed in Firefox 3.5.2
MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
___

Firefox v3.0.13 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c.../all-older.html
v3.0.13, released August 3rd, 2009

Release Notes: http://www.mozilla.c...3/releasenotes/

- http://www.mozilla.o...l#firefox3.0.13
Fixed in Firefox 3.0.13
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
___

- http://secunia.com/advisories/36001/2/
Last Update: 2009-08-07
Critical: Highly critical
Impact: System access, Spoofing
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...
Solution: Update to version 3.5.2 or 3.0.13...

- http://secunia.com/advisories/36088/2/
Last Update: 2009-08-07
Critical: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x
Solution: Update to version 3.0.13...
___

* https://wiki.mozilla...derbird_2.0.0.x
• short cycle release to fix new issues announced at BlackHat and Defcon
___

- http://www.eset.com/...ty-less-privacy
August 6, 2009 - "... a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade the settings were reset to defaults. I simply happened to notice that I wasn’t prompted when I closed Firefox... This is not a behavior that should be happening. Perhaps my computer is an anomaly and there is a conflict... At any rate, it is always a good idea to check the settings of your programs periodically, and especially after an update..."

Edited by apluswebmaster, 16 August 2009 - 05:59 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 04 September 2009 - 05:43 PM

FYI...

Firefox will check Flash...
- http://blog.mozilla....lugins-updated/
September 04, 2009 - "Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plugin is out of date. Old versions of plugins can cause crashes and other stability problems, and can also be a significant security risk. For now our focus is on the Adobe Flash Player both because of its popularity and because some studies have shown that as many as 80% of users currently have an out of date version*..."
* http://blogs.zdnet.c...ecurity/?p=4097

- https://wiki.mozilla...derbird_2.0.0.x
WeeklyUpdates/2009-08-31
• Firefox 3.0.14 / Firefox 3.5.3
> on track for release next week

:thumbsup:

Edited by apluswebmaster, 06 September 2009 - 06:19 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 09 September 2009 - 08:13 PM

FYI...

Firefox v3.5.3 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c...irefox/all.html
v.3.5.3, released September 9, 2009

- http://www.mozilla.o...ml#firefox3.5.3
Fixed in Firefox 3.5.3
MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
MFSA 2009-49 TreeColumns dangling pointer vulnerability
MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)
___

Firefox v3.0.14 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c.../all-older.html
v3.0.14, released September 9, 2009

- http://www.mozilla.o...l#firefox3.0.14
Fixed in Firefox 3.0.14
MFSA 2009-51 Chrome privilege escalation with FeedWriter
MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters
MFSA 2009-49 TreeColumns dangling pointer vulnerability
MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal
MFSA 2009-47 Crashes with evidence of memory corruption (rv:1.9.1.3/1.9.0.14)
___

- http://secunia.com/advisories/36671/2/
Release Date: 2009-09-10
Critical: Highly critical
Impact: Security Bypass, Spoofing, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...
Solution: Update to version 3.0.14 or 3.5.3...

CVE reference:
http://web.nvd.nist....d=CVE-2009-3069
http://web.nvd.nist....d=CVE-2009-3070
http://web.nvd.nist....d=CVE-2009-3071
http://web.nvd.nist....d=CVE-2009-3072
http://web.nvd.nist....d=CVE-2009-3073
http://web.nvd.nist....d=CVE-2009-3074
http://web.nvd.nist....d=CVE-2009-3075
http://web.nvd.nist....d=CVE-2009-3076
http://web.nvd.nist....d=CVE-2009-3077
http://web.nvd.nist....d=CVE-2009-3078
http://web.nvd.nist....d=CVE-2009-3079

.

Edited by apluswebmaster, 10 September 2009 - 09:54 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 17 September 2009 - 06:02 AM

FYI...

- http://www.channelre...lnerable_flash/
17 September 2009 - "... Of the 6 million or so people who upgraded to either 3.5.3 or 3.0.14 of Firefox on its debut last Thursday, slightly more than 3 million of them were found to be running an outdated Flash version, according to Mozilla's Ken Kovash*. Sadly, only about 35 percent of those informed they had an insecure installation clicked on a link to upgrade to the latest version..."
* http://blog.mozilla....-upgrade-flash/

:scratchhead: :(

Edited by apluswebmaster, 17 September 2009 - 06:21 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 20 October 2009 - 08:47 AM

'Wish somebody would make up their mind!

- http://shaver.off.ne...port-unblocked/
18 October 2009 - "We received confirmation from Microsoft this evening that the Framework Assistant add-on is -not- a mechanism for exploiting the vulnerabilities detailed in the earlier post*, so we’ve removed it from the blocklist. As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.
We’re hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plugin before we remove it from the blocklist, and I’m working on a post to clarify the events of the past few days..."
* http://blog.mozilla....-vulnerability/
10.16.09

- http://www.theregist..._security_flap/
19 October 2009
- http://www.theinquir...-microsoft-plug
19 October 2009
- http://www.h-online....-on-832309.html
19 October 2009

- http://www.securityf....com/brief/1024
2009-10-20

- https://bugzilla.moz...g.cgi?id=522777
Last: 2009-10-20

:scratchhead:

Edited by apluswebmaster, 20 October 2009 - 01:25 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 21 October 2009 - 12:23 PM

FYI...

- http://www.java.com/...x_newplugin.xml
"In November 2009, the Mozilla Foundation will release version 3.6 of their popular internet browser, Firefox. Starting with Firefox 3.6, Java-based applications will NOT work unless you are running Java version 6 Update 10 or newer... Update your Java -before- updating to Firefox 3.6 and later versions..."

:blink:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 27 October 2009 - 09:06 PM

FYI...

Firefox v3.5.4 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c...irefox/all.html
v.3.5.4, released October 27, 2009

- http://www.mozilla.o...ml#firefox3.5.4
Fixed in Firefox 3.5.4
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
___

Firefox v3.0.15 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c.../all-older.html
v3.0.15, released October 27, 2009

- http://www.mozilla.o...l#firefox3.0.15
Fixed in Firefox 3.0.15
MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
___

- http://secunia.com/advisories/36711/2/
Release Date: 2009-10-28
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x
Solution: Update to version 3.0.15 or 3.5.4...
CVE reference:
CVE-2009-1563, CVE-2009-3370, CVE-2009-3371, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3377, CVE-2009-3378, CVE-2009-3379, CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383

//

Edited by apluswebmaster, 28 October 2009 - 04:41 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 06 November 2009 - 07:22 AM

FYI...

Firefox v3.5.5 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c...irefox/all.html
v.3.5.5, released Nov. 5, 2009

- http://www.mozilla.c...5/releasenotes/
"Firefox 3.5.5 fixes the following issues: Fixed several stability issues..."

Complete list of changes in this version
- https://bugzilla.moz...s1.9.1:.5-fixed
Thu Nov 5 2009 20:44:32 PST

//
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 December 2009 - 06:26 AM

FYI...

Firefox v3.5.6 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c...irefox/all.html
v.3.5.6, released December 15, 2009

- http://www.mozilla.o...ml#firefox3.5.6
Fixed in Firefox 3.5.6
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
___

Firefox v3.0.16 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c.../all-older.html
v3.0.16, released December 15, 2009

- http://www.mozilla.o...l#firefox3.0.16
Fixed in Firefox 3.0.16
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
___

- http://secunia.com/advisories/37699/2/
Release Date: 2009-12-16
Critical: Highly critical
Impact: Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...
Solution: Update to version 3.0.16 or 3.5.6...

- http://www.theregist...firefox_update/
16 December 2009

:ph34r:

Edited by apluswebmaster, 16 December 2009 - 10:05 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 06 January 2010 - 12:41 AM

FYI...

Firefox v3.5.7 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c...irefox/all.html
v.3.5.7, released January 5, 2010

- http://www.mozilla.c...7/releasenotes/
Firefox 3.5.7 fixes the following issues:
• Fixed a common stability issue.
• Fixed a problem with how updates were being presented to users.
Complete list of changes:
- https://bugzilla.moz...s1.9.1:.7-fixed

- http://web.nvd.nist....d=CVE-2010-0220
Last revised: 01/08/2010
CVSS v2 Base Score: 5.0 (MEDIUM)
___

Firefox v3.0.17 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.c.../all-older.html
v3.0.17, released January 5, 2010

- http://www.mozilla.c...7/releasenotes/
Firefox 3.0.17 fixes the following issue:
• Fixed a problem with how updates were being presented to users.
Complete list of changes:
- https://bugzilla.moz...erified1.9.0.17

:ph34r:

Edited by apluswebmaster, 11 January 2010 - 06:08 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 25 January 2010 - 09:47 PM

FYI...

Firefox v.3.6 released
- http://www.mozilla.c...6/releasenotes/
January 21, 2010 - "Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform, which has been under development since early 2009 and contains many improvements for web developers, add-on developers, and users. This version is also faster and more responsive than previous versions and has been optimized to run on small device operating systems such as Maemo..."
- Download: http://www.mozilla.c...irefox/all.html

WeeklyUpdates/2010-01-25
- https://wiki.mozilla...ates/2010-01-25
Schedule for Firefox 3.5.8 are... Final release: February 16 ...
Schedule for Firefox 3.0.18 are... Final release: February 16 ...

:scratchhead:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 18 February 2010 - 06:37 AM

FYI...

From an admin account, start Firefox, then > Help > Check for Updates

Firefox v3.0.18/v3.5.8 released
- http://secunia.com/advisories/37242/
Release Date: 2010-02-18
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x
Solution: Update to version 3.0.18 or 3.5.8.
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2010-01.html
http://www.mozilla.o...fsa2010-02.html
http://www.mozilla.o...fsa2010-03.html
http://www.mozilla.o...fsa2010-04.html
http://www.mozilla.o...fsa2010-05.html
Secunia Research:
http://secunia.com/s...search/2009-45/

Bug list:
- https://bugzilla.moz...s1.9.1:.8-fixed
63 bugs found.

Fixed in Firefox 3.5.8
- http://www.mozilla.o.../firefox35.html

Bug list:
- https://bugzilla.moz...erified1.9.0.18
19 bugs found.

Fixed in Firefox 3.0.18
- http://www.mozilla.o.../firefox30.html

- http://nvd.nist.gov/...e=CVE-2009-1571
- http://nvd.nist.gov/...e=CVE-2009-3988
- http://nvd.nist.gov/...e=CVE-2010-0159
- http://nvd.nist.gov/...e=CVE-2010-0160
- http://nvd.nist.gov/...e=CVE-2010-0162
___

Blocklisted add-ons that should no longer be used with Mozilla products.
- https://www.mozilla....n-US/blocklist/

:ph34r:

Edited by apluswebmaster, 08 March 2010 - 04:21 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 20 March 2010 - 06:41 AM

FYI...

Firefox v3.6.2
- http://secunia.com/advisories/38608/
Last Update: 2010-03-19
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Mozilla Firefox 3.6.x
Original Advisory: Mozilla:
- http://blog.mozilla....visory-sa38608/
03.18.10 - "Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience. Alternatively, users can download the current Beta build of Firefox 3.6.2, which contains the fix from here: https://ftp.mozilla....didates/build3/

- https://wiki.mozilla...underbird_3.0.x
WeeklyUpdates/2010-03-22 - "QA and release teams are quickly checking the risk of 1.9.2 patches, to see if we can get 3.6.2 out early this week."

:ph34r:

Edited by apluswebmaster, 22 March 2010 - 02:09 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 23 March 2010 - 12:19 AM

FYI...

Firefox v3.6.2 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html

• Critical: MFSA 2010-11 Crashes with evidence of memory corruption
- http://www.mozilla.o...fsa2010-11.html
• Critical: MFSA 2010-08 WOFF heap corruption due to integer overflow
- http://www.mozilla.o...fsa2010-08.html

Fixed in Firefox 3.6.2
- http://www.mozilla.o...ml#firefox3.6.2
MFSA 2010-15 Asynchronous Auth Prompt attaches to wrong window
MFSA 2010-14 Browser chrome defacement via cached XUL stylesheets
MFSA 2010-13 Content policy bypass with image preloading
MFSA 2010-12 XSS using addEventListener and setTimeout on a wrapped object
MFSA 2010-11 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18)
MFSA 2010-10 XSS via plugins and unprotected Location object
MFSA 2010-09 Deleted frame reuse in multipart/x-mixed-replace image
MFSA 2010-08 WOFF heap corruption due to integer overflow

What’s New in Firefox 3.6.2
- http://www.mozilla.c...2/releasenotes/
Firefox 3.6.2 fixes the following issues found in previous versions of Firefox 3.6:
* Fixed a critical security issue that could potentially allow remote code execution (see bug 552216).
* Fixed several additional security issues.
* Fixed several stability issues.
Please see the complete list of changes* in this version..."
* https://bugzilla.moz...s1.9.2:.2-fixed
118 bugs found.

- http://secunia.com/advisories/38608/
Last Update: 2010-03-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 3.6.2.

- http://nvd.nist.gov/...e=CVE-2010-0164
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-0165
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-0166
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-0169
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-0170
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-0171
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-0172
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-1028
... before 3.6.2...
- http://nvd.nist.gov/...e=CVE-2010-1122
Last revised: 03/26/2010 - ... Firefox 3.5.x through 3.5.8...
CVSS v2 Base Score: 10.0 (HIGH)...


- https://wiki.mozilla...underbird_3.0.x
WeeklyUpdates/2010-03-29 - "... 3.5.9, 3.0.19 on track for tomorrow..."

:ph34r:

Edited by apluswebmaster, 30 March 2010 - 10:05 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 30 March 2010 - 09:33 PM

FYI...

Firefox v3.5.9 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.c.../all-older.html

Release Notes
- http://www.mozilla.c...9/releasenotes/
v.3.5.9, released March 30, 2010

Security Advisories
- http://www.mozilla.o...ml#firefox3.5.9
Fixed in Firefox 3.5.9
MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
MFSA 2010-23 Image src redirect to mailto: URL opens email editor
MFSA 2010-22 Update NSS to support TLS renegotiation indication
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)

- https://developer.mo...-now-available/
March 30, 2010 - "... Firefox 3.5.9 and Firefox 3.0.19 are now available for Windows, Mac, and Linux for free download... Please note: This is the last planned security and stability release for Firefox 3.0..."
Use: >Help >Check for Updates

Firefox 3.0.19: http://www.mozilla.o...l#firefox3.0.19

13 bugs...
- https://bugzilla.moz...erified1.9.0.19

:ph34r:

Edited by apluswebmaster, 31 March 2010 - 03:13 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 01 April 2010 - 09:13 PM

FYI...

Firefox v3.6.3 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html

- http://www.mozilla.o...fsa2010-25.html
Title: Re-use of freed object due to scope confusion
Impact: Critical
Announced: April 1, 2010
Reporter: Nils (MWR InfoSecurity)
Products: Firefox
Fixed in: Firefox 3.6.3...

- http://web.nvd.nist....d=CVE-2010-1121
Last revised:03/26/2010
CVSS v2 Base Score: 10.0 (HIGH)
Overview: Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010...

- http://secunia.com/advisories/39175/
Release Date: 2010-04-02
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 3.6.3.
___

Due to some obscure moron a "security 'specialist'" hacking into a kludge of browsers "playing games" at a supposed security conference at CanSecWest with all the public media reports as a result of the "contest", this update became necessary wasting the time and effort of millions of end users and those who support them. More updates for other browsers will follow...

Responsible Disclosure Policy
- http://www.securewor...disclosure.html
As a managed security services provider, we are constantly researching new methods computer criminals could use to break into systems, steal information and cause harm to our clients or their clients. We must be ahead of the criminal – anticipating new threats and developing countermeasures to prevent those threats. In that process, we may discover a vulnerability or a class of vulnerabilities in a technology solution that could create risk for our clients or the general market. When we discover a vulnerability, we will follow SecureWorks’ Responsible Disclosure Policy.
The goals of our Disclosure Policy are as follows:
1. Minimize risks to our clients and to the market
2. Education
3. Contribution to the security community
4. Cooperation with vendor community to understand the vulnerability
SecureWorks believes that it is important to work with technology providers when we find vulnerabilities – giving them an opportunity to patch their systems prior to advising our clients and the public about the vulnerability. This reduces the opportunity for a computer criminal to use information we provide to the public to cause harm although it does not prevent the criminal from discovering the same vulnerability independently...

//

:techsupport: :( :ph34r:

Edited by apluswebmaster, 02 April 2010 - 11:22 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 22 June 2010 - 07:30 PM

FYI...

Firefox v3.6.4 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
June 22, 2010

What’s new
- http://www.mozilla.c...4/releasenotes/

- http://www.mozilla.o...ml#firefox3.6.4

- https://bugzilla.moz...s1.9.2:.4-fixed
226 bugs found/fixed

- http://secunia.com/advisories/40309/
Release Date: 2010-06-23
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 3.5.10 or 3.6.4...

:ph34r:

Edited by apluswebmaster, 23 June 2010 - 07:05 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 27 June 2010 - 04:19 PM

FYI...

Firefox v3.6.6 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
June 26, 2010

What’s new
- http://www.mozilla.c...6/releasenotes/
"Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated..."

- http://forums.mozill...?f=38&t=1929983
"Firefox 3.6.6 is a maintenance release to solve problems with Flash crashes. If you are having a number of flash crashes this should solve the issue. The fix increases the amount of time the before Firefox decides the plug-in has crashed. If you are curious why this release isn't number 3.6.5 see where's 3.6.5?* ..."
* http://christian.leg...ead-of-1-9-2-5/

- http://www.h-online....te-1030099.html
28 June 2010 - "... Norton Antivirus and Internet Security from Symantec both issued a security alert and pushed various files into quarantine after they installed the latest Firefox update which in turn caused Firefox to malfunction. In Symantec's support forums and elsewhere on the internet, further users have reported malware alerts after installing the Firefox 3.6.6 update. The affected files are reported to be:
* freebl3.dll
* softokn3.dll
* nssdbm3.dll
The name given by Symantec, WS.Reputation.1, points towards a detection by the cloud based functionality of Norton where the company evaluates the information transmitted by users' systems to assess files. Files that haven't been seen before are considered particularly suspicious. [?] If Norton then detects anything else that's unusual about the file, it will raise the alarm..."

:ph34r:

Edited by apluswebmaster, 02 July 2010 - 01:02 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 20 July 2010 - 05:14 PM

FYI...

Firefox v3.6.7 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
July 20, 2010

What’s new
- http://www.mozilla.c...7/releasenotes/

- http://www.mozilla.o...ml#firefox3.6.7

- http://preview.tinyurl.com/27d7foe
126 bugs found/fixed.

- http://securitytrack...ul/1024225.html
- http://securitytrack...ul/1024226.html

- http://web.nvd.nist....d=CVE-2010-0654
- http://web.nvd.nist....d=CVE-2010-1208
- http://web.nvd.nist....d=CVE-2010-1209
- http://web.nvd.nist....d=CVE-2010-1211
- http://web.nvd.nist....d=CVE-2010-1212
- http://web.nvd.nist....d=CVE-2010-1214
- http://web.nvd.nist....d=CVE-2010-2752
- http://web.nvd.nist....d=CVE-2010-2753
- http://web.nvd.nist....d=CVE-2010-2754

:!:

Edited by apluswebmaster, 09 August 2010 - 11:50 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 23 July 2010 - 10:05 PM

FYI...

Firefox v3.6.8 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
July 23, 2010

What’s new
- http://www.mozilla.c...8/releasenotes/
• Fixed a single stability issue affecting some pages containing plugins.
Regression: http://www.mozilla.o...fsa2010-48.html

- http://www.mozilla.o...ml#firefox3.6.8

- http://securitytrack...ul/1024243.html
Date: July 24, 2010

- http://web.nvd.nist....d=CVE-2010-2755
CVSS v2 Base Score: 10.0 (HIGH)

:ph34r:

Edited by apluswebmaster, 09 August 2010 - 11:50 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 08 September 2010 - 04:40 AM

FYI...

Firefox v3.6.9 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Sep. 7, 2010

What’s new
- http://www.mozilla.c...9/releasenotes/

- http://www.mozilla.o...ml#firefox3.6.9

67 bugs found:
- https://bugzilla.moz...s1.9.2:.9-fixed

- http://secunia.com/advisories/41297/
Release Date: 2010-09-08
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
Solution: Update to version 3.6.9 or 3.5.12.

- http://web.nvd.nist....d=CVE-2010-3171
- http://web.nvd.nist....d=CVE-2010-3399
- http://web.nvd.nist....d=CVE-2010-3400

- http://securitytrack...ep/1024401.html
- http://securitytrack...ep/1024406.html
Sep 8 2010

:!:

Edited by apluswebmaster, 21 September 2010 - 07:19 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 September 2010 - 01:24 AM

FYI...

Firefox v3.6.10 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Sep. 15, 2010

What’s new
- http://www.mozilla.c...0/releasenotes/
• Fixed a single stability issue affecting a limited number of users

2 bugs found.
- https://bugzilla.moz...1.9.2:.10-fixed

:mellow:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 20 October 2010 - 02:35 AM

FYI...

Firefox v3.6.11 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Oct. 19, 2010

What’s new
- http://www.mozilla.c...1/releasenotes/
• Fixed several security issues.
• Fixed several stability issues.

Fixed in Firefox 3.6.11
- http://www.mozilla.o...l#firefox3.6.11

Complete list of changes: 40 bugs found.
- https://bugzilla.moz...1.9.2:.11-fixed

- http://www.securityt....com/id?1024605
Oct 20 2010
CVE Reference: CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3181, CVE-2010-3182, CVE-2010-3183
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network ...
... prior to 3.6.11
Solution: The vendor has issued a fix (3.5.14, 3.6.11)...

:ph34r:

Edited by AplusWebMaster, 20 October 2010 - 03:42 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 27 October 2010 - 08:37 PM

FYI...

Firefox v3.6.12 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Oct. 27, 2010

Fixed in Firefox 3.6.12
- http://www.mozilla.o...l#firefox3.6.12

- http://www.mozilla.o...fsa2010-73.html
Critical: Heap buffer overflow mixing document.write and DOM insertion

:ph34r: :ph34r:
This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 09 December 2010 - 05:41 PM

FYI...

Firefox v3.6.13 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Dec. 9, 2010

Fixed in Firefox 3.6.13
- http://www.mozilla.o...l#firefox3.6.13
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

- https://bugzilla.moz...1.9.2:.13-fixed
68 bugs fixed...

- http://secunia.com/advisories/42517/
Release Date: 2010-12-10
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 3.6.13 or 3.5.16.

- http://www.securityt....com/id?1024848
- http://www.securityt....com/id?1024850
- http://www.securityt....com/id?1024851
Dec 10 2010

:ph34r:

Edited by AplusWebMaster, 10 December 2010 - 07:54 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 01 March 2011 - 05:25 PM

FYI...

Firefox v.3.6.14 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-

Download:
- http://www.mozilla.c...irefox/all.html
March 1st, 2011

Fixed in Firefox 3.6.14
- http://www.mozilla.o...l#firefox3.6.14
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-09 Crash caused by corrupted JPEG image
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

Bug fixes:
- https://bugzilla.moz...1.9.2:.14-fixed
41 bugs found.
___

- http://secunia.com/advisories/43550/
Release Date: 2011-03-02
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution: Update to Mozilla Firefox version 3.5.17 or 3.6.14

- http://www.securityt....com/id/1025134
Mar 2 2011

:!:

Edited by AplusWebMaster, 02 March 2011 - 07:17 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 04 March 2011 - 01:28 PM

FYI...

Firefox v.3.6.15 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
March 4, 2011

- http://www.mozilla.c...5/releasenotes/
• Fixed an issue where some Java applets would fail to load in Firefox 3.6.14

- https://bugzilla.moz...1.9.2:.15-fixed
24 bugs found.
___

- https://wiki.mozilla...fox_3.6_and_3.5
WeeklyUpdates/2011-03-07
Shipped 3.6.15 on Friday, fixing an issue where Firefox 3.6.14 would fail to load certain Java applets
Bugs will be adjusted to reflect the current state of branch fixes ...

:!:

Edited by AplusWebMaster, 08 March 2011 - 12:57 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 18 March 2011 - 12:45 PM

FYI...

Firefox 4 next week ...
- http://www.informati...cleID=229301231
March 18, 2011 - "Firefox 4... will be officially released on March 22, 2011..."

- http://blogs.compute..._install_it_yet
March 16, 2011 - "... Firefox version 4.. give it a couple months before installing it; not only to let the browser get battle tested but also to give authors of extensions more time to get the kinks out..."

- https://wiki.mozilla...rities_for_2011

:ph34r: :!:

Edited by AplusWebMaster, 18 March 2011 - 01:04 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 22 March 2011 - 01:05 PM

FYI...

Firefox v4.0 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
March 22, 2011

- http://www.mozilla.c...0/releasenotes/

- http://www.mozilla.c...m-requirements/
"... Please note that while the 32-bit and 64-bit versions of Windows Vista and Windows 7 can be used to run Firefox 4, only 32-bit builds of Firefox 4 are supported at this time..."
___

What happened to the Status Bar?
- http://support.mozil...-new-status-bar

Where are my Add-ons?
- http://support.mozil...-are-my-add-ons
"... Status-4-Evar** is an Add-on that recreates all of the features of the old Status Bar and lets you put them in the new Add-on Bar*..."
* http://support.mozil...kb/what-add-bar
"... The Add-on Bar is a toolbar that holds all of your add-on shortcuts, giving you quick and easy access to their features. This article shows you how to use and customize the Add-on Bar... How do I show or hide the Add-on Bar?
If you don't have any add-ons that use the Add-on Bar, it won't be shown by default but you can easily show or hide it whenever you want.
> To show or hide the Add-on Bar, right-click on an empty section of the Tab Strip and check or uncheck it in the pop-up menu.
You can also use the keyboard shortcut Ctrl + / .

** https://addons.mozil...x/addon/235283/

How do I put tabs back on bottom like they used to be?
- http://support.mozil...they-used-to-be
"At the top of the Firefox window, click on the Firefox button, go over to the Options... arrow and uncheck Tabs on Top".
-or-
"... By default, the Tab Strip is above the Navigation Toolbar. If you want it below, right-click on an empty section of the Tab Strip and uncheck 'Tabs on Top'..."
___

Adblock Plus v1.3.5
- http://adblockplus.o...us-135-released

- http://adblockplus.o...changelog-1.3.5
___

:!:

Edited by AplusWebMaster, 27 March 2011 - 12:29 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 23 March 2011 - 08:20 AM

FYI...

Firefox v3.6.16 and 3.5.18...
- http://isc.sans.edu/...extension/10597
Last Updated: 2011-03-23 13:01:43 UTC - "At the heels of yesterday's Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. If you are not planning to update to Firefox 4 soon, you should update to the newest 3.x version..."
>> http://www.mozilla.c.../all-older.html
('Should also be available thru the 'Help > Check for Updates' function.)

- http://www.mozilla.o...fsa2011-11.html
March 22, 2011

- http://www.securityt....com/id/1025243
Mar 23 2011

What’s New in Firefox 3.6.16...
- http://www.mozilla.c...6/releasenotes/
v.3.6.16, released March 22nd, 2011 - "... blacklists a few invalid HTTPS certificates."

- https://bugzilla.moz...1.9.2:.16-fixed
One bug found... bogus certs issued by Comodo partner.

- http://isc.sans.edu/...l?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC

;)

Edited by AplusWebMaster, 24 March 2011 - 05:50 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 28 April 2011 - 05:54 PM

FYI...

Firefox v4.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
April 28, 2011
> Release notes
- http://www.mozilla.c...1/releasenotes/
> Security Advisories
- http://www.mozilla.o...ml#firefox4.0.1
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-17 WebGLES vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.moz...tus2.0:.1-fixed
55 bugs found.
___

v3.6.17
- http://www.mozilla.c...7/releasenotes/
April 28, 2011
>Help >Check for Updates
-or-
- http://www.mozilla.c.../all-older.html
> Security Advisories
- http://www.mozilla.o...l#firefox3.6.17
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-14 Information stealing via form history
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.moz...1.9.2:.17-fixed
59 bugs found
___

- http://www.securityt....com/id/1025456
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
CVE Reference:
- http://nvd.nist.gov/...e=CVE-2011-0065 - 10.0
- http://nvd.nist.gov/...e=CVE-2011-0066 - "
- http://nvd.nist.gov/...e=CVE-2011-0069 - "
- http://nvd.nist.gov/...e=CVE-2011-0070 - "
- http://nvd.nist.gov/...e=CVE-2011-0072 - "
- http://nvd.nist.gov/...e=CVE-2011-0073 - "
- http://nvd.nist.gov/...e=CVE-2011-0074 - "
- http://nvd.nist.gov/...e=CVE-2011-0075 - "
- http://nvd.nist.gov/...e=CVE-2011-0076 - 7.5
- http://nvd.nist.gov/...e=CVE-2011-0077 - 10.0
- http://nvd.nist.gov/...e=CVE-2011-0078 - "
- http://nvd.nist.gov/...e=CVE-2011-0079 - "
- http://nvd.nist.gov/...e=CVE-2011-0080 - "
- http://nvd.nist.gov/...e=CVE-2011-0081 - "
Version(s): -prior- to 3.5.19, 3.6.17, 4.0.1
Apr 29 2011
___

- https://developer.mo...-now-available/
April 28, 2011 - "... This is the last planned security and stability release for Firefox 3.5. All users are encouraged to upgrade..."

:!:

Edited by AplusWebMaster, 10 May 2011 - 11:57 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,702 posts

Posted 16 May 2011 - 05:55 PM

FYI...

Firefox 5 ...
- http://www.h-online....te-1261711.html
16 June 2011 - "... the final version of Firefox 5 will be released on Tuesday 21 June alongside Firefox 3.6.18 and Thunderbird 3.1.11..."
- https://wiki.mozilla...eases#Firefox_5

- http://secunia.com/advisories/44972/
... The weakness is reported in version 4.0.1. Other versions may also be affected.
Solution: The vendor recommends to disable WebGL. The vendor has scheduled a fix for 2011-06-21...
Original Advisory: Mozilla:
http://blog.mozilla....stealing-issue/

- http://www.securityt....com/id/1025676
Jun 17 2011 ... fix, tentatively scheduled for June 21, 2011...
___

Firefox v3.5 forced upgrade...
- http://isc.sans.org/...l?storyid=10885
Last Updated: 2011-05-16 21:39:57 UTC - "With Firefox 4 released not too long ago and Firefox 5 supposed to be released on June 21st... seems to be 12 million users still on Firefox 3.5... Firefox will start issuing warning on Google's default pages for users of version 3.5 and planning to push out 3.6.18 as an update (if auto update is enabled) once Firefox 5 is out... More info*..."
* http://www.theregist...forced_upgrade/

- https://wiki.mozilla...EOL#Assumptions
11 May 2011

:ph34r: :blink:

Edited by AplusWebMaster, 17 June 2011 - 04:08 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button