FYI...
Firefox 52.0 released
Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/
Release notes
- https://www.mozilla....0/releasenotes/
Mar 7, 2017
New:
- Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
- Enabled multi-process Firefox for Windows users with touch screens
- Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
- Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
- Enhanced Sync to allow users to send and open tabs from one device to another...
Changed:
- Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported:
> https://support.mozi...s-no/ta-p/31069
>> Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR*) version of Firefox...
[Corrections:
> https://www.mozilla....m-requirements/
... Windows
Operating Systems (32-bit and 64-bit)
Windows XP SP2
Windows Server 2003 SP1
Windows Vista
Windows 7
Windows 8
Windows 10
Please note that 64-bit builds of Firefox are only supported on Windows 7 and higher.
Windows XP/Vista/Server 2003 are no longer supported by regular Firefox releases.
These users should migrate to ESR 52..."
[Direct download for Firefox Extended Support Release]:
>> https://www.mozilla....anizations/all/
... which -is- the new -supported- version for for XP and Vista.]
Firefox ESR Overview
- https://www.mozilla....anizations/faq/
Security vulnerabilities fixed in Firefox 52
- https://www.mozilla....efox/#firefox52
Fixed in Firefox 52
- https://www.mozilla....es/mfsa2017-05/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5399: Memory safety bugs fixed in Firefox 52
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8
- http://www.securityt....com/id/1037966
CVE Reference: CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, CVE-2017-5410, CVE-2017-5411, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5425, CVE-2017-5426, CVE-2017-5427
Mar 8 2017
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A remote user can delete files on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix (52.0)...
* Firefox ESR 45.8: https://www.mozilla....#firefoxesr45.8
___
- https://www.us-cert....Security-Update
Mar 7, 2017
:ph34r: :ph34r:
Edited by AplusWebMaster, 09 March 2017 - 03:58 PM.