Jump to content


Photo

Firefox updated...


  • Please log in to reply
101 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 21 June 2011 - 12:07 PM

FYI...

Firefox v5.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
June 21, 2011
> Release notes
- http://www.mozilla.c...0/releasenotes/
> Security Advisories
- http://www.mozilla.o...x.html#firefox5
Bug list
- http://www.mozilla.c...es/buglist.html
... -long- list...

- http://blog.mozilla....iple-platforms/
June 21, 2011 - "... The latest version of Firefox includes more than 1,000 improvements and performance enhancements..."

- http://secunia.com/advisories/44972/
2011-06-21
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Solution: Upgrade to version 5.0.

- http://www.securityt....com/id/1025684
CVE Reference: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2367, CVE-2011-2368, CVE-2011-2369, CVE-2011-2370, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
Updated: Jun 22 2011
Version(s): prior to 3.6.18, prior to 5...
___

v3.6.18
- http://www.mozilla.c...8/releasenotes/
June 21, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
- http://www.mozilla.c.../all-older.html
> Security Advisories
- http://www.mozilla.o...l#firefox3.6.18
Bug list
- https://bugzilla.moz...1.9.2:.18-fixed
19 bugs found.

- http://secunia.com/advisories/44982/
2011-06-21
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to Firefox version 3.6.18...
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2011-19.html
http://www.mozilla.o...fsa2011-20.html
http://www.mozilla.o...fsa2011-21.html
http://www.mozilla.o...fsa2011-22.html
http://www.mozilla.o...fsa2011-23.html
http://www.mozilla.o...fsa2011-24.html

:!: :ph34r:

Edited by AplusWebMaster, 30 June 2011 - 06:15 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 16 July 2011 - 08:30 PM

FYI...

Firefox v5.0.1 released for Mac OS/X...
- http://www.mozilla.o...x.html#firefox5
June 12, 2011 - "Fixed in Firefox 5.0.1:
Firefox 5.0.1 addresses promblems with recent Mac OS X releases*. It does -not- contain security fixes."
* http://www.mozilla.c...otes/#whatsnew2
• Worked around an issue in Mac OS X 10.7 that could cause Firefox to crash
• Worked around an issue caused by Apple's "Java for Mac OS X 10.6 Update 5" where the Java plugin would not be loaded

.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 16 August 2011 - 12:45 PM

FYI...

Firefox v6.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
August 16, 2011
> Release notes
- https://www.mozilla....0/releasenotes/
What's New...
> https://hacks.mozill...11/08/firefox6/
Security Advisories
- https://www.mozilla....x.html#firefox6
MFSA 2011-29 Security issues addressed in Firefox 6
- https://www.mozilla....fsa2011-29.html
... 8 critical and 2 high severity issues
Bug list
- https://www.mozilla....es/buglist.html
___

Firefox v3.6.20 released
August 16, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
- https://www.mozilla..../all-older.html
> Security Advisories
- https://www.mozilla....l#firefox3.6.20
MFSA2011-30 Security issues addressed in Firefox 3.6.20
- https://www.mozilla....fsa2011-30.html
Bug list
- https://bugzilla.moz...1.9.2:.20-fixed
5 bugs found
___

- http://www.securityt....com/id/1025938
Aug 16 2011
CVE Reference: CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2990, CVE-2011-2991, CVE-2011-2992, CVE-2011-2993
Version(s): 3.6.x prior to 3.6.20; 4.x and 5.x prior to 6
Solution: The vendor has issued a fix (3.6.20, 6)...
- http://www.mozilla.o...fsa2011-29.html
- http://www.mozilla.o...fsa2011-30.html

- https://www.us-cert....s_firefox_6_and
August 17, 2011

:!:

Edited by AplusWebMaster, 17 August 2011 - 07:58 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 31 August 2011 - 07:39 AM

FYI...

- https://blog.mozilla...oval-follow-up/
09.02.11
___

Firefox v6.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
August 30, 2011
> Release notes
- https://www.mozilla....1/releasenotes/
Security Advisories
- https://www.mozilla....ml#firefox6.0.1
MFSA 2011-34 Protection against fraudulent DigiNotar certificates
- https://www.mozilla....fsa2011-34.html
___

Firefox v3.6.21 released
August 30, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
> Security Advisories
- https://www.mozilla....l#firefox3.6.21
MFSA 2011-34 Protection against fraudulent DigiNotar certificates
- https://www.mozilla....fsa2011-34.html

:!:

Edited by AplusWebMaster, 03 September 2011 - 03:37 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 06 September 2011 - 04:44 PM

FYI...

Firefox v6.0.2 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
September 6, 2011
> Release notes
- https://www.mozilla....2/releasenotes/
Security Advisories
- https://www.mozilla....ml#firefox6.0.2
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificates
- https://www.mozilla....fsa2011-35.html
___

Firefox v3.6.22 released
September 6, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
> Security Advisories
- https://www.mozilla....l#firefox3.6.22
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificates
- https://www.mozilla....fsa2011-35.html

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 27 September 2011 - 03:56 PM

FYI...

Firefox v7.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
September 27, 2011
> Release notes
- https://www.mozilla....0/releasenotes/
Security Advisories - Fixed in Firefox 7
- https://www.mozilla....x.html#firefox7
Bugs fixed
- https://www.mozilla....es/buglist.html

- https://blog.mozilla...rowsing-faster/
September 27, 2011

- https://secunia.com/advisories/46171/
Release Date: 2011-09-28
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
Solution: Upgrade to version 7.0.

- http://www.securityt....com/id/1026121
CVE Reference: CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3002, CVE-2011-3003, CVE-2011-3004, CVE-2011-3005, CVE-2011-3232
... prior to 3.6.23; 6.x
Updated: Sep 29 2011

- http://h-online.com/-1350870
28 September 2011
___

Firefox v3.6.23 released
September 27, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
Security Advisories- Fixed in Firefox 3.6.23
- https://www.mozilla....l#firefox3.6.23
Bugs fixed
- https://bugzilla.moz...1.9.2:.23-fixed

- https://secunia.com/advisories/46203/
Release Date: 2011-09-28
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
Solution: Update to version 3.6.23.

:!:

Edited by AplusWebMaster, 30 September 2011 - 09:37 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 30 September 2011 - 08:46 AM

FYI...

Firefox v7.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
September 29, 2011
Issue discovered with Firefox add-on upgrades
- https://blog.mozilla...dd-on-upgrades/
"... some users may have one or more of their add-ons hidden after upgrading to the latest Firefox version, affecting both desktop and mobile. These add-ons and their data are still intact and haven’t actually been removed... update to Firefox will fix this and restore any hidden add-ons..."
> https://support.mozi...ating-firefox-7
> https://addons.mozil...n/fx7-recovery/

Release notes
- https://www.mozilla....1/releasenotes/

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 08 November 2011 - 03:50 PM

FYI...

Firefox v8.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
November 8, 2011

- https://www.mozilla....0/releasenotes/
Security Advisories:
- https://www.mozilla....x.html#firefox8
Fixed in Firefox 8:
MFSA 2011-52 Code execution via NoWaiverWrapper
MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS
- http://web.nvd.nist....d=CVE-2011-3649 - 2.6
- http://web.nvd.nist....d=CVE-2011-3653 - 5.0
- http://web.nvd.nist....d=CVE-2011-3650 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3655 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3651 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3652 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3654 - 10.0 (HIGH)
CVSS v2 Base Score: 10.0 (HIGH)
"... Firefox before 8.0..."

Bugs fixed
- https://www.mozilla....es/buglist.html
___

Firefox v3.6.24 released
November 8, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
Security Advisories:
- https://www.mozilla....l#firefox3.6.24
Fixed in Firefox 3.6.24:
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-47 Potential XSS against sites using Shift-JIS
MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)
- http://web.nvd.nist....d=CVE-2011-3648 - 4.3
- http://web.nvd.nist....d=CVE-2011-3647 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3650 - 9.3 (HIGH)
CVSS v2 Base Score: 9.3 (HIGH)
"... Firefox before 3.6.24..."

Bugs fixed
- https://bugzilla.moz...1.9.2:.24-fixed
___

- https://secunia.com/advisories/46773/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Solution: Upgrade to version 8.0...

- https://secunia.com/advisories/46757/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to Firefox version 3.6.24 ...

- http://www.securityt....com/id/1026298
Date: Nov 9 2011
CVE Reference: CVE-2011-3647, CVE-2011-3648, CVE-2011-3649, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3653, CVE-2011-3654, CVE-2011-3655
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network...
Solution: The vendor has issued a fix (3.6.24, 8.0)...

:!: :ph34r:

Edited by AplusWebMaster, 15 November 2011 - 10:00 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 20 December 2011 - 07:58 PM

FYI...

Firefox v9.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
December 20, 2011

- https://www.mozilla....0/releasenotes/
Security Advisories:
- https://www.mozilla....x.html#firefox9
Fixed in Firefox 9:
MFSA 2011-58 Crash scaling <video> to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

Bugs fixed
- https://www.mozilla....es/buglist.html

- https://secunia.com/advisories/47302/
Release Date: 2011-12-21
Criticality level: Highly critical
Impact: Unknown, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3658 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3660 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3661 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3663 - 4.3
- http://web.nvd.nist....d=CVE-2011-3664 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3665 - 7.5 (HIGH)
Last revised: 12/21/2011
... exploitation of vulnerabilities... may allow execution of arbitrary code.
Solution: Upgrade to version 9.0.

- http://www.securityt....com/id/1026445
Dec 21 2011
___

Firefox v3.6.25 released
December 20, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
Security Advisories:
- https://www.mozilla....l#firefox3.6.25
Fixed in Firefox 3.6.25:
MFSA 2011-59 .jar not treated as executable in Firefox 3.6 on Mac

- http://web.nvd.nist....d=CVE-2011-3666
Last revised: 12/21/2011
CVSS v2 Base Score: 6.8 (MEDIUM)
"... Firefox before 3.6.25..."

Bugs fixed
- https://bugzilla.moz...1.9.2:.25-fixed

:!:

Edited by AplusWebMaster, 23 December 2011 - 10:46 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 21 December 2011 - 11:26 PM

FYI...

- https://wiki.mozilla...ases#Firefox_10
"... Firefox 10... January 31, 2012..."
___

Firefox v9.0.1 ?
- https://www.mozilla....es/buglist.html
December 21st, 2011

- http://forums.mozill...p?f=7&t=2391989
Dec. 21 4:51 pm - "... 9.0.1 the next day?... Apparently Mac users were experiencing crashes on startup..."

- https://ftp.mozilla....didates/build1/
Index of /pub/mozilla.org/firefox/nightly/9.0.1-candidates/build1

- https://bugzilla.moz...i?id=711794#c96
2011-12-21 19:17:51 PST
___

Mozilla and Google Sign New Agreement for Default Search in Firefox
- https://blog.mozilla...rch-in-firefox/
December 20, 2011 - "... we have negotiated a significant and mutually beneficial revenue agreement with Google. This new agreement extends our long term search relationship with Google for at least three additional years..."

- http://h-online.com/-1400943
23 December 2011

:blink: :question:

Edited by AplusWebMaster, 27 January 2012 - 04:36 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 31 January 2012 - 01:43 PM

FYI...

Firefox v10.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
Jan 31, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Release Notes/Bug fixes ... complete list of changes in this release.
- https://www.mozilla....es/buglist.html
Security Advisories:
- https://www.mozilla.....html#firefox10
Fixed in Firefox 10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)

- http://www.securityt....com/id/1026605
Updated: Feb 1 2012
CVE Reference:
- http://web.nvd.nist....d=CVE-2011-3659 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0442 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0443 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0444 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0445 - 5.0
- http://web.nvd.nist....d=CVE-2012-0446 - 4.3
- http://web.nvd.nist....d=CVE-2012-0447 - 5.0
- http://web.nvd.nist....d=CVE-2012-0449 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0450 - 2.1
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 3.2.26; prior to 10.0

- http://www.securityt....com/id/1026608
Date: Feb 1 2012
CVE Reference: http://web.nvd.nist....d=CVE-2011-3670 - 5.0
Impact: Disclosure of system information, Disclosure of user information
Version(s): prior to 3.6.26, prior to 7.0

- https://secunia.com/advisories/47816/
Release Date: 2012-02-01
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 10.0...

- https://secunia.com/advisories/47839/
Release Date: 2012-02-01
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote...
Solution: Update to Firefox version 3.6.26...

- http://h-online.com/-1425611
31 January 2012
___

Firefox v3.6.26 released
Jan 31, 2012

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
Security Advisories:
- https://www.mozilla....l#firefox3.6.26
Fixed in Firefox 3.6.26:
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-02 Overly permissive IPv6 literal syntax
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)

Bugs fixed
- https://bugzilla.moz...1.9.2:.26-fixed

:!:

Edited by AplusWebMaster, 03 February 2012 - 07:35 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 10 February 2012 - 07:15 PM

FYI...

Firefox v10.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html

- https://www.mozilla....l#firefox10.0.1
Impact: Critical
Feb 10, 2012
Fixed in Firefox 10.0.1:
MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings

- https://www.mozilla....fsa2012-10.html
References:
. use after free in nsXBLDocumentInfo::ReadPrototypeBindings
. http://web.nvd.nist....d=CVE-2012-0452 - 7.5 (HIGH)
Last revised: 02/13/2012 - "... allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code..."
__

- https://secunia.com/advisories/48008/
Release Date: 2012-02-13
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2012-0452
Solution:
Update Firefox and Thunderbird to version 10.0.1 and SeaMonkey to version 2.7.1

- http://www.securityt....com/id/1026663
Date: Feb 13 2012
CVE Reference: CVE-2012-0452
Impact: Execution of arbitrary code via network, User access via network
Solution: The vendor has issued a fix (10.0.1).

:!:

Edited by AplusWebMaster, 15 February 2012 - 08:10 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 17 February 2012 - 01:08 PM

FYI...

Firefox v10.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html

- https://www.mozilla....fsa2012-11.html
Impact:Critical
Fixed in: Firefox 10.0.2 or 3.6.27**, Thunderbird 10.0.2 or 3.1.19, or SeaMonkey 2.7.2...
** https://www.mozilla..../all-older.html

Mozilla release to address CVE-2011-3026
- https://blog.mozilla...-cve-2011-3026/
2.17.12 - Issue: The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.
Impact to users: This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.
Status: Mozilla is aware of this bug and has issued a fix that will be released today for Firefox -and- Thunderbird*.
Credit: The bug was reported by RedHat representatives..."

> http://web.nvd.nist....d=CVE-2011-3026 - 7.5 (HIGH)
Last revised: 02/17/2012 - "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation..."

* https://www.mozilla....2/releasenotes/
v. 10.0.2, released: Feb 16, 2012
___

Firefox...
- http://www.securityt....com/id/1026707
Date: Feb 18 2012
CVE Reference: CVE-2011-3026
Version(s): ... prior to 3.6.27; prior to 10.0.2...
Impact: A remote user can create a PNG image that, when loaded by the target user, will execute arbitrary code on the target user's system...

Thunderbird...
- http://www.securityt....com/id/1026706
Date: Feb 18 2012
CVE Reference: CVE-2011-3026
Version(s): ... prior to 3.1.19; prior to 10.0.2
Impact: A remote user can create a PNG image that, when loaded by the target user, will execute arbitrary code on the target user's system...

- https://secunia.com/advisories/48089/
Release Date: 2012-02-17
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to Firefox 10.0.2 or 3.6.27, Thunderbird 10.0.2 or 3.1.19, or SeaMonkey 2.7.2.
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2012-11.html
http://blog.mozilla....-cve-2011-3026/

Vuln in libpng ...
- http://h-online.com/-1436810
17 Feb 2012

>> https://secunia.com/advisories/48026/

:ph34r:

Edited by AplusWebMaster, 19 February 2012 - 07:27 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 13 March 2012 - 07:48 PM

FYI...

Firefox v11.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla....irefox/all.html
March 13, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
- https://www.mozilla....es/buglist.html
Security Advisories:
- https://www.mozilla.....html#firefox11
Fixed in Firefox 11
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll

- https://secunia.com/advisories/48402/
Release Date: 2012-03-14
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2012-0451, CVE-2012-0454, CVE-2012-0455, CVE-2012-0456 CVSS, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464
Solution: Update or upgrade to Firefox versions 11.0 or 10.0.3, Thunderbird versions 11.0 or 10.0.3, and SeaMonkey version 2.8.

- http://www.securityt....com/id/1026801
Date: Mar 14 2012
CVE Reference: CVE-2012-0451, CVE-2012-0454, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 11
Solution: The vendor has issued a fix (3.6.28, ESR 10.0.3, 11.0)...
___

Firefox v3.6.28 released
March 13, 2012

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download: https://www.mozilla..../all-older.html

- https://www.mozilla....l#firefox3.6.28
Fixed in Firefox 3.6.28

- https://secunia.com/advisories/48414/
Release Date: 2012-03-14
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
CVE Reference(s): CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
Original Advisory:
http://www.mozilla.o...fsa2012-13.html
http://www.mozilla.o...fsa2012-14.html
http://www.mozilla.o...fsa2012-16.html
http://www.mozilla.o...fsa2012-19.html
Solution: Update to Firefox version 3.6.28 and Thunderbird version 3.1.20.

:!: :!:

Edited by AplusWebMaster, 19 March 2012 - 04:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 27 March 2012 - 03:12 AM

FYI...

Firefox 3.6.x EOL
- http://h-online.com/-1479643
26 March 2012 - "The Mozilla Project has announced* that... the 3.6.x branch of its open source Firefox web browser will reach its end of life on Tuesday 24 April... from that date onwards, no new updates, including security updates and critical fixes, will be released for Firefox 3.6.x... version 3.6.28 from earlier this month will be the final 3.6.x release of Firefox... All Firefox 3.6.x users are strongly advised to upgrade..."
* http://blog.mozilla....upport-changes/

- https://wiki.mozilla...coming_Releases
"Firefox 12... Moves to RELEASED on April 24, 2012..."

:ph34r: :!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 03 April 2012 - 01:39 PM

FYI...

Firefox blocklist now includes vulnerable Java versions...
- https://www.computer...refox_blocklist
April 3, 2012 - "Mozilla has blacklisted* unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. Mozilla can add extensions or plug-ins to the Firefox add-on blocklist if they cause significant security or performance issues. Firefox installations automatically query the blocklist and notify users before disabling the targeted add-ons..."
* https://blog.mozilla.../blocking-java/
"... vulnerability - present in the older versions of the JDK and JRE - is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist**. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms..."
** https://addons.mozil...fox/blocked/p80

- https://bugzilla.moz...g.cgi?id=739955

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 24 April 2012 - 03:58 PM

FYI...

Firefox v12.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla....irefox/all.html
April 24, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
- https://www.mozilla....es/buglist.html
Security Advisories:
- https://www.mozilla.....html#firefox12
Fixed in Firefox 12
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
___

- http://h-online.com/-1546370
24 April 2012
> http://www.h-online....iew=zoom;zoom=3
___

- https://secunia.com/advisories/48932/
Release Date: 2012-04-25
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 12.0 and Thunderbird version 12.0...

- http://www.securityt....com/id/1026971
Date: Apr 24 2012
CVE Reference::
- http://web.nvd.nist....d=CVE-2011-1187 - 5.0
- http://web.nvd.nist....d=CVE-2012-0467 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0468 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0469 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0470 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0471 - 4.3
- http://web.nvd.nist....d=CVE-2012-0472 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0473 - 5.0
- http://web.nvd.nist....d=CVE-2012-0474 - 4.3
- http://web.nvd.nist....d=CVE-2012-0475 - 2.6
- http://web.nvd.nist....d=CVE-2012-0477 - 4.3
- http://web.nvd.nist....d=CVE-2012-0478 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0479 - 4.3
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Version(s): prior to 12.0...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with a target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can spoof certain web sites.
A remote user can obtain potentially sensitive information...

.

Edited by AplusWebMaster, 27 April 2012 - 09:31 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 02 May 2012 - 11:06 AM

FYI...

Firefox add-on ShowIP - privacy concerns
- http://nakedsecurity...firefox-add-on/
May 1, 2012 - "A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security... What the add-on's description doesn't say is that since version 1.3 (released on April 19th 2012) it has also sent - unencrypted - the full URL of sites visited using HTTPS, and sites viewed in Private Browsing mode, to a site called ip2info .org. The user never realises that the data has been shared with a third-party, unless they use special tools to monitor what data is being sent from their computer... The full URL of every webpage visited is sent to the Germany-based ip2info .org website, using unencrypted connections. In addition, the add-on has no warning that sites you visit might be disclosed, no privacy policy small print explaining its behaviour, and no apparent way to opt-out of the data-sharing... And who appears to have registered the domain? A Berlin-based link marketing firm. Hmm...
Update: Mozilla has rolled the version of ShowIP they make available on their add-on site back to 1.0. They say they are working with the developer on correcting the issue. Hopefully in future their review process will flag privacy issues like this one to prevent users' data being potentially exposed."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 05 June 2012 - 10:33 AM

FYI...

Firefox v13 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla....irefox/all.html
June 5, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
- https://www.mozilla....es/buglist.html
Security Advisories:
- https://www.mozilla.....html#firefox13
Fixed in Firefox 13
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
___

- http://www.securityt....com/id/1027120
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-0441 - 5.0
- http://web.nvd.nist....d=CVE-2012-1937 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1938 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1939 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1940 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1941 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1942 - 7.2 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1943 - 6.9
- http://web.nvd.nist....d=CVE-2012-1944 - 4.3
- http://web.nvd.nist....d=CVE-2012-1945 - 2.9
- http://web.nvd.nist....d=CVE-2012-1946 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1947 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-3105 - 9.3 (HIGH)
Jun 6 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 13.0

- https://secunia.com/advisories/49368/
Release Date: 2012-06-06
Criticality level: Highly critical
Impact: Unknown, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Upgrade to Firefox version 13.0...

:!: :ph34r:

Edited by AplusWebMaster, 07 June 2012 - 12:43 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 16 June 2012 - 10:12 AM

FYI...

Firefox v13.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla....irefox/all.html
June 15, 2012

What's new...
- https://www.mozilla....1/releasenotes/
Flash 11.3 sometimes caused a crash on quit (747683*, fixed in 13.0.1)...
* https://bugzilla.moz...g.cgi?id=747683

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 25 June 2012 - 01:18 PM

FYI...

Firefox "new tab" thumbnail feature - disable

- http://h-online.com/-1625761
25 June 2012 - "... users can completely disable the new tab page feature in Firefox by changing some advanced preferences under "about:config" ..."

- http://www.h-online....iew=zoom;zoom=1

- http://www.theregist...urity_concerns/
22 June 2012

:( :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 17 July 2012 - 10:48 AM

FYI...

Firefox v14.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla....irefox/all.html
July 17, 2012

What's new...
- https://www.mozilla....1/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v14.0.01:
- https://www.mozilla.....html#firefox14
Fixed in Firefox 14
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-55 feed: URLs with an innerURI inherit security context of page
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-46 XSS through data: URLs
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
___

- http://www.securityt....com/id/1027256
CVE Reference: CVE-2012-1948, CVE-2012-1949, CVE-2012-1950, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1965, CVE-2012-1966, CVE-2012-1967
Jul 17 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14...

- https://secunia.com/advisories/49965/
Release Date: 2012-07-18
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14...

- http://h-online.com/-1644530
18 July 2012

:!: :ph34r:

Edited by AplusWebMaster, 18 July 2012 - 09:11 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 28 August 2012 - 03:16 PM

FYI...

Firefox v15.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla....irefox/all.html
August 28, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v15.0:
- https://www.mozilla.....html#firefox15
Fixed in Firefox 15
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-71 Insecure use of __android_log_print
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-60 Escalation of privilege through about:newtab
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
___

- http://www.securityt....com/id/1027450
CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3979, CVE-2012-3980
Aug 29 2012
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): prior to 15.0 ...

- https://secunia.com/advisories/50088/
Release Date: 2012-08-29
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 15.

:!:

Edited by AplusWebMaster, 29 August 2012 - 07:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 07 September 2012 - 07:23 AM

FYI...

Firefox v15.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla....irefox/all.html
September 6, 2012

What's new...
- https://www.mozilla....1/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

- http://www.ghacks.ne...tribution-soon/
Sep 6, 2012 - "... unfortunate bug in Mozilla Firefox 15 stable that is preventing the browser’s private browsing mode from working correctly. The bug was discovered shortly after Firefox 15 was distributed to users of the stable channel of the browser, and Mozilla has been working diligently ever since to resolve the issue... It is a issue of trust for Mozilla mainly, which can easily be lost if sensitive features are not working like they should. For users the situation may have been even more precarious as it may have forced them to explain their browsing activities to third parties..."
- http://cdn.ghacks.ne...efox-15.0.1.jpg
___

- http://h-online.com/-1702798
7 Sep 2012

:( :ph34r:

Edited by AplusWebMaster, 07 September 2012 - 10:02 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 09 October 2012 - 05:51 PM

FYI...

Firefox v16.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla....irefox/all.html
Oct 9, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v16.0:
- https://www.mozilla.....html#firefox16
Fixed in Firefox 16
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-78 Reader Mode pages have chrome privileges
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards ...
___

- https://secunia.com/advisories/50856/
Release Date: 2012-10-10
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote...
Solution: Upgrade to version 16...

- http://www.securityt....com/id/1027631
CVE Reference: CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3987, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188
Oct 10 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network...
Solution: The vendor has issued a fix (ESR 10.0.8; 16.0).

:!:

Edited by AplusWebMaster, 10 October 2012 - 07:19 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 11 October 2012 - 01:57 PM

FYI...

Firefox v16.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla....irefox/all.html
Oct 11, 2012

What's new...
- https://www.mozilla....1/releasenotes/

- https://blog.mozilla...-in-firefox-16/
"Impact: The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters..."

Security Advisories for v16.0.1:
- https://www.mozilla....l#firefox16.0.1
Fixed in Firefox 16.0.1
MFSA 2012-89 defaultValue security checks not applied
"... regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object... CVE-2012-4192, CVE-2012-4193..."
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
"... bugs showed evidence of memory corruption under certain circumstances... some of these could be exploited to run arbitrary code... websockets crash affecting Firefox 16... CVE-2012-4190, CVE-2012-4191..."

- https://web.nvd.nist...d=CVE-2012-4190 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2012-4191 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2012-4192 - 4.3
- https://web.nvd.nist...d=CVE-2012-4193 - 9.3 (HIGH)
12 Oct 2012
___

- http://www.securityt....com/id/1027653
CVE Reference: CVE-2012-4190, CVE-2012-4191
Oct 12 2012
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.1).

- https://secunia.com/advisories/50932/
Last Update: 2012-10-12
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

- http://h-online.com/-1728382
12 Oct 2012

:!: :ph34r:

Edited by AplusWebMaster, 15 October 2012 - 07:45 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 26 October 2012 - 09:31 PM

FYI...

Firefox v16.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla....irefox/all.html
Oct 26, 2012

What's new...
- https://www.mozilla....2/releasenotes/

Security Advisories for v16.0.2:
- https://www.mozilla....l#firefox16.0.2
MFSA 2012-90 Fixes for Location object issues
- https://web.nvd.nist...d=CVE-2012-4194 - 4.3
- https://web.nvd.nist...d=CVE-2012-4195 - 5.1
- https://web.nvd.nist...d=CVE-2012-4196 - 5.0
... before 16.0.2...
___

- http://www.securityt....com/id/1027701
CVE Reference: CVE-2012-4194, CVE-2012-4195, CVE-2012-4196
Oct 27 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Solution: The vendor has issued a fix (16.0.2, ESR 10.0.10).

- https://secunia.com/advisories/51144/
Release Date: 2012-10-29
Impact: Security Bypass, Cross Site Scripting
Where: From remote
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2012-90.html

:!: :ph34r:

Edited by AplusWebMaster, 30 October 2012 - 04:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 20 November 2012 - 12:39 PM

FYI...

Firefox v17.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Nov 20, 2012

What's new...
- https://www.mozilla....0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v17.0:
- https://www.mozilla.....html#firefox17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) ...
___

- http://www.securityt....com/id/1027791
CVE Reference: CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4206, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4210, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5837, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843
Nov 21 2012
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (17.0)...

- https://secunia.com/advisories/51358/
Release Date: 2012-11-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote...
Solution: Upgrade to version 17.0...
___

- http://h-online.com/-1754171
21 Nov 2012

:!: :ph34r:

Edited by AplusWebMaster, 21 November 2012 - 08:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 01 December 2012 - 12:05 AM

FYI...

Firefox v17.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Nov 30, 2012

What's new...
- https://www.mozilla....1/releasenotes/

Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v17.0.1:
- https://www.mozilla....l#firefox17.0.1
Not available as date/time of this post

:question:

Edited by AplusWebMaster, 01 December 2012 - 09:10 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 08 January 2013 - 11:02 AM

FYI...

Firefox v18.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Jan 8, 2013

What's new...
- https://www.mozilla....0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v18.0:
- https://www.mozilla.....html#firefox18

Fixed in Firefox 18
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
MFSA 2012-98 Firefox installer DLL hijacking
___

- http://www.securityt....com/id/1027955
CVE Reference: CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0751, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756, CVE-2013-0757, CVE-2013-0758, CVE-2013-0759, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0764, CVE-2013-0766, CVE-2013-0767, CVE-2013-0768, CVE-2013-0769, CVE-2013-0770, CVE-2013-0771
Jan 9 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 18.0
Solution: The vendor has issued a fix (ESR 10.0.12, ESR 17.0.2, 18.0)...

- http://h-online.com/-1780088
9 Jan 2013 - "Mozilla has fixed 20 security holes with the release... 12 of these vulnerabilities have been rated critical by the organisation, the rest are classified as having high impact..."

:ph34r: :ph34r:


Edited by AplusWebMaster, 09 January 2013 - 09:07 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 19 January 2013 - 12:07 PM

FYI...

Firefox v18.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

What's new...
- https://www.mozilla....1/releasenotes/
Jan 18, 2013
18.0.1: Problems involving HTTP Proxy Transactions (Associated bugs)
18.0.1: Unity player crashes on Mac OS X (bug 828954)
18.0.1: Disabled HIDPI support on external monitors to avoid rendering glitches (bug 814434)
FIXED
___

- http://h-online.com/-1787497
19 Jan 2013

:ph34r: :ph34r:


Edited by AplusWebMaster, 26 January 2013 - 09:35 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 06 February 2013 - 02:35 AM

FYI...

Firefox v18.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

- https://www.mozilla....2/releasenotes/
Feb 5, 2013 - 18.0.2: Fix JavaScript related stability issues
___

- https://wiki.mozilla...coming_Releases
Firefox 19 - Week of 2013-02-18

:ph34r:


Edited by AplusWebMaster, 06 February 2013 - 02:42 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 19 February 2013 - 11:36 AM

FYI...

Firefox v19.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Feb 19, 2013

What's new...
- https://www.mozilla....0/releasenotes/
... NEW: Built-in PDF viewer*...
CHANGED, DEVELOPER, HTML5, FIXED, Known Issues...

Complete list of Bug fixes:
- https://www.mozilla....es/buglist.html

Security Advisories for v19.0:
- https://www.mozilla.....html#firefox19
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
___

- http://www.securityt....com/id/1028162
CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
Feb 20 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 19.0...

- http://h-online.com/-1806437
19 Feb 2013
___

* How to disable pdf viewer?
     Type about:config in the address bar and press Enter.
    Press the big button to bypass the warning.
    In the Filter bar, paste pdfjs.disabled
    In the search results, double-click pdfjs.disabled to set its value to -true-
    Restart Firefox for the changes to take effect.

- https://github.com/m...rning-Resources

:ph34r:


Edited by AplusWebMaster, 21 February 2013 - 08:08 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 08 March 2013 - 07:39 AM

FYI...

Firefox v19.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Mar 7, 2013

Security Advisories for v19.0.2:
- https://www.mozilla....l#firefox19.0.2
Fixed in Firefox 19.0.2
MFSA 2013-29 Use-after-free in HTML Editor CVE-2013-0787

- https://www.mozilla....2/releasenotes/

- https://secunia.com/advisories/52538/
Release Date: 2013-03-08
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to a fixed version.
Original Advisory: MFSA 2013-29:
- http://www.mozilla.o...fsa2013-29.html

:ph34r:


Edited by AplusWebMaster, 08 March 2013 - 07:51 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 02 April 2013 - 10:56 AM

FYI...

Firefox v20.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
April 2, 2013

Security Advisories for v20.0:
- https://www.mozilla.....html#firefox20
Fixed in Firefox 20
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

- https://www.mozilla....0/releasenotes/
FIXED 20.0: Security fixes ...
NEW Per-window Private Browsing...
NEW New download experience...
NEW Ability to close hanging plugins, without the browser hanging
___

- http://h-online.com/-1833854
2 April 2013

- http://www.theinquir...rivate-browsing
Apr 03 2013

- http://www.securityt....com/id/1028379
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0798, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 20.0 ...
 

:ph34r:


Edited by AplusWebMaster, 03 April 2013 - 09:30 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 12 April 2013 - 08:20 AM

FYI...

Firefox v20.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
April 11, 2013

- https://www.mozilla....1/releasenotes/
FIXED: 20.0.1 - Windows-only update to handle issues around handling UNC paths...

- https://en.wikipedia...ming_Convention
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#87 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 14 May 2013 - 10:59 AM

FYI...

Firefox v21.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
May 14, 2013

Security Advisories for v21.0:
* https://www.mozilla.....html#firefox21
Fixed in Firefox 21
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Release notes
- https://www.mozilla....0/releasenotes/
NEW The Social API now supports multiple providers
NEW Enhanced three-state UI for Do Not Track (DNT)
NEW Firefox will suggest how to improve your application startup time if needed
NEW Preliminary implementation of Firefox Health Report
CHANGED Ability to restore removed thumbnails on New Tab Page
CHANGED CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
CHANGED Graphics related performance improvements (bug 809821)
CHANGED Removed E4X support from Spidermonkey
DEVELOPER Implemented Remote Profiling
DEVELOPER Integrated add-on SDK loader and API libraries into Firefox
HTML5 Added support for <main> element
HTML5 Implemented scoped stylesheets
FIXED Some function keys may not work when pressed (833719)
FIXED Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627)
FIXED 21.0: Security fixes can be found here* ...

- https://secunia.com/advisories/53400/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to version 21.0.

- http://www.securityt....com/id/1028555
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1672, CVE-2013-1673, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 17.0.6 and 21.0...
 

:ph34r:


Edited by AplusWebMaster, 15 May 2013 - 04:46 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#88 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 25 June 2013 - 10:39 AM

FYI...

Firefox v22.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
June 25, 2013

Security Advisories for v22.0:
* https://www.mozilla.....html#firefox22
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Release notes
- https://www.mozilla....0/releasenotes/

... complete list of changes in this release... 510 bugs found.
___

- https://secunia.com/advisories/53970/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 22.0.
Solution: Upgrade to version 22.0.

- http://www.securityt....com/id/1028702
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699, CVE-2013-1700
Jun 26 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to ESR 17.0.7; prior to 22.0 ...
 

:ph34r:


Edited by AplusWebMaster, 26 June 2013 - 09:59 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#89 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 11 August 2013 - 07:15 AM

FYI...

Firefox v23.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
August 6, 2013

Security Advisories for v23.0:
* https://www.mozilla.....html#firefox23
Fixed in Firefox 23
MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

Release notes
- https://www.mozilla....0/releasenotes/

... complete list of changes in this release... 606 bugs found..
___

- https://secunia.com/advisories/54418/
Release Date: 2013-08-07
Criticality level: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access
For more information: https://secunia.com/SA54413/
... vulnerabilities are reported in versions prior to 23.0.
Solution: Upgrade to version 23.0.

- http://www.securityt....com/id/1028885
CVE Reference: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1706, CVE-2013-1707, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1715, CVE-2013-1717
Aug 6 2013
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 23.0; prior to ESR 17.0.8..
 

:ph34r: :!:


Edited by AplusWebMaster, 11 August 2013 - 07:16 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#90 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 17 August 2013 - 06:59 AM

FYI...

Firefox v23.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

- https://www.mozilla....1/releasenotes/
August 16, 2013
FIXED 23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
FIXED 23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532)
FIXED 23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527) ...
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#91 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 17 September 2013 - 11:56 AM

FYI...

Firefox v24.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Sep 17, 2013

Security Advisories for v24.0:
* https://www.mozilla.....html#firefox24
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

Release notes
- https://www.mozilla....0/releasenotes/

... complete list of changes in this release... 543 bugs found.
___

- http://www.securityt....com/id/1029042
CVE Reference: CVE-2013-1718, CVE-2013-1719, CVE-2013-1720, CVE-2013-1721, CVE-2013-1722, CVE-2013-1723, CVE-2013-1724, CVE-2013-1725, CVE-2013-1726, CVE-2013-1727, CVE-2013-1728, CVE-2013-1729, CVE-2013-1730, CVE-2013-1731, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738
Sep 17 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 24.0; prior to ESR 17.0.9 ...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 18 September 2013 - 04:42 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#92 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 29 October 2013 - 09:09 AM

FYI...

Firefox v25.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Oct 29, 2013

Security Advisories for v25.0:
- https://www.mozilla.....html#firefox25
Fixed in Firefox 25
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

Release notes
- https://www.mozilla....0/releasenotes/

... complete list of changes in this release... 565 bugs found.
___

- https://secunia.com/advisories/55520/
Release Date: 2013-10-30
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, Spoofing, System access
... vulnerabilities are reported in versions prior to 25.
Solution: Upgrade to version 25.

- http://www.securityt....com/id/1029270
CVE Reference: CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
Oct 30 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 25.0 ...
Solution: The vendor has issued a fix (25.0)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 30 October 2013 - 07:50 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#93 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 16 November 2013 - 06:58 AM

FYI...

Firefox v25.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html
Nov 15, 2013

Release notes
- https://www.mozilla....1/releasenotes/
25.0.1: New security fixes... (list not available as of date/time of this post)
25.0.1: Pages sometimes wouldn't load without first moving the cursor
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#94 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 19 November 2013 - 07:29 AM

FYI...

Firefox v25.0.1 ...

From an admin. account, start Firefox, then >Help >About >Check for Updates ...

- https://www.mozilla....l#firefox25.0.1
Fixed in Firefox 25.0.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
- https://www.mozilla....sa2013-103.html
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2013-1741 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-2566 - 2.6
- https://web.nvd.nist...d=CVE-2013-5605 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-5606 - 6.4
- https://web.nvd.nist...d=CVE-2013-5607 - 7.5 (HIGH)

- https://secunia.com/advisories/55732/
Release Date: 2013-11-19
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, System access
Solution Status: Vendor Patch...
For more information: https://secunia.com/SA55557/
Solution: Update to a fixed version.
Original Advisory: Mozilla:
https://www.mozilla....sa2013-103.html
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 November 2013 - 06:05 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#95 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 10 December 2013 - 10:08 AM

FYI...

Firefox v26.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for v26.0:
- https://www.mozilla.....html#firefox26

Fixed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

 

Release notes
- https://www.mozilla....0/releasenotes/
Dec 10, 2013

... complete list of changes in this release... 676 bugs found.
___

- https://secunia.com/advisories/56005/
Release Date: 2013-12-10
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
CVE Reference(s): CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
... security issue and the vulnerabilities are reported in versions prior to 26.
Solution: Upgrade to version 26.
 

:ph34r:


Edited by AplusWebMaster, 10 December 2013 - 07:46 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#96 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 04 February 2014 - 09:57 AM

FYI...

Firefox v27.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for v27.0:
- https://www.mozilla.....html#firefox27
MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
MFSA 2014-12 NSS ticket handling issues
MFSA 2014-11 Crash when using web workers with asm.js
MFSA 2014-10 Firefox default start page UI content invokable by script
MFSA 2014-09 Cross-origin information leak through web workers
MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
MFSA 2014-06 Profile path leaks to Android system log
MFSA 2014-05 Information disclosure with *FromPoint on iframes
MFSA 2014-04 Incorrect use of discarded images by RasterImage
MFSA 2014-03 UI selection timeout missing on download prompts
MFSA 2014-02 Clone protected content with XBL scopes
MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

Release notes
- https://www.mozilla....0/releasenotes/
Feb 4, 2014

... complete list of changes in this release... 659 bugs found.
___

- http://www.securityt....com/id/1029717
CVE Reference: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491
Feb 5 2014
Impact: Denial of service via network, Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 27.0 ...
Solution: The vendor has issued a fix (27.0)...

- https://secunia.com/advisories/56787/
Release Date: 2014-02-05
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, System access
For more information: https://secunia.com/SA56767/
Solution: Upgrade to version 27.
 

:ph34r:


Edited by AplusWebMaster, 05 February 2014 - 07:11 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#97 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 14 February 2014 - 04:17 PM

FYI...

Firefox v27.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes:
- https://www.mozilla....1/releasenotes/
FIXED: 27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
FIXED: 27.0.1 - JS math correctness issue (bug 941381)
 

:mellow:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#98 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 18 March 2014 - 08:39 AM

FYI...

Firefox 28.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 28.0:
- https://www.mozilla.....html#firefox28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

Release notes
- https://www.mozilla....0/releasenotes/
Mar 18, 2014

... complete list of changes in this release... 865 bugs found.
___

- http://www.securityt....com/id/1029928
CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
Mar 19 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 28.0 ...
Solution: The vendor has issued a fix (28.0)...
___

- https://www.computer...s_Pwn2Own_holes
Mar 19, 2014 - "... Firefox 28 was primarily a security update, patching the five Pwn2Own flaws and 15 others..."
___

Firefox 28.0.1 for Android
- https://www.mozilla....l#firefox28.0.1

- https://www.mozilla....fsa2014-33.html

- https://web.nvd.nist...d=CVE-2014-1515
"... Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application..."
 

:ph34r:


Edited by AplusWebMaster, 21 April 2014 - 06:50 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#99 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 29 April 2014 - 07:10 PM

FYI...

Firefox 29.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 29.0:
- https://www.mozilla.....html#firefox29
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

Release notes
- https://www.mozilla....0/releasenotes/
Apr 29, 2014

... complete list of changes in this release... 3892 bugs found.
___

- https://addons.mozil...-evar/versions/
April 27, 2014
___

- http://www.securityt....com/id/1030163
CVE Reference: CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1527, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
Apr 30 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 29.0 ...
Solution: The vendor has issued a fix (29.0)...
 

:ph34r:


Edited by AplusWebMaster, 30 April 2014 - 04:11 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#100 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,973 posts

Posted 09 May 2014 - 07:33 PM

FYI...

Firefox 29.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....1/releasenotes/
May 9, 2014
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button