FYI...

- http://www.mozilla.com/firefox/

Release Notes:
- http://www.mozilla.com/firefox/2.0/releasenotes/

Features:
- http://www.mozilla.com/firefox/features.html


:bigthumb: :spider:

"Will v.1.5.0.7 update itself to v.2":

- http://forums.mozillazine.org/viewtopic.php?t=478805
Posted: Oct Wed 25th 2006 5:16am
...I am still with 1.5.0.7 and I want to ask you If it will update itself to version 2 or I have to download it?
Posted: Oct Wed 25th 2006 5:25am
In a few days 1.5.0.8 will be released that will let you have the choice of either staying with 1.5 or Updating to 2.0 see http://forums.mozillazine.org/viewtopic.php?t=476975 ..."

- http://forums.mozillazine.org/viewtopic.php?t=477283
"What's fixed?
-Memory leaks
-Searching a page now searches within text fields
Questions...
-Does Firefox 2.0 still support Windows 98?
Yes. Firefox 3.0 is the release that is planned to drop support for Windows 98..."

Firefox Product Release Roadmap
- http://wiki.mozilla.org/ReleaseRoadmap

.

FYI...

- http://www.infoworld.com/article/06/11/02/HNmozillatofixbug_1.html
November 02, 2006
"A second minor bug found in the Firefox 2.0 Web browser will be fixed, but users shouldn't encounter much of a problem in the mean time, a Mozilla official said Thursday. The browser will crash if it visits a Web page that been intentionally coded with JavaScript in such a way as to target the bug, said Tristan Nitot, director of European operations for Mozilla. "It's very unlikely that anyone would have put a similar page on any ordinary Web page," so users shouldn't be affected, Nitot said. The problem can't be used to steal data from a computer, he added. It's the second bug that's been found in Firefox 2.0 since its release on Oct. 24. The first bug also causes the browser to hang or crash when a very large document is loaded into an iframe -- an HTML (Hypertext Markup Language) element -- using JavaScript. The new bug will eventually be fixed. "We will fix it because we need reliability," Nitot said..."
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5633
Last revised: 11/2/2006
"...NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference..."

:blink:

FYI...

> http://forums.spybot.info/showthread.php?p=58933


:spider:

FYI...

v2.0.0.2
- http://en-us.www.mozilla.com/en-US/firefox/all.html

v1.5.0.10
- http://en-us.www.mozilla.com/en-US/firefox/all-older.html

What's New
- http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/

Security Updates
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

("Auto-update/Check for update" are currently unavailable but will be soon.)

The "Check for updates" feature is now working (did mine minutes ago - YMMV):

While in the browser, go to >Help >Check for updates

...and that's about it! You're done!


:cool:

FYI...

- http://secunia.com/advisories/24205/
Release Date: 2007-02-24
Last Update: 2007-02-26
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 1.x, Mozilla Firefox 2.0.x ...
Solution: Update to version 2.0.0.2 or 1.5.0.10..."

v2.0.0.2
- http://en-us.www.mozilla.com/en-US/firefox/all.html

v1.5.0.10
- http://en-us.www.mozilla.com/en-US/firefox/all-older.html

:fear:

Opps... they "forgot" to include this one on their original list of "fixed" vulns:

Mozilla Foundation Security Advisory 2007-08
- http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
"Title: onUnload + document.write() memory corruption
Impact: Critical
Announced: February 25, 2007 ...
Fixed in:
Firefox 2.0.0.2
Firefox 1.5.0.10
SeaMonkey 1.0.8 ..."

(Also now listed here):
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.2

:oops:

Another fix not previously listed:

Mozilla Foundation Security Advisory 2007-09
- http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
Title: Privilege escalation by setting img.src to javascript: URI
Impact: Critical
Announced: March 5, 2007 ...
Fixed in:
Firefox 2.0.0.2
Firefox 1.5.0.10
SeaMonkey 1.1.1
SeaMonkey 1.0.8
Description: ...The fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI. The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences... Thunderbird is not affected by this flaw as it will not execute javascript: URIs in IMG tags.
Workaround: Upgrade to a version containing the fix. Disabling JavaScript does not protect against this flaw..."

.

FYI...

"Check for Updates" (now available):
From an admin account, open the Firefox browser, go to >Help >Check for Updates ...

Download sites:
v2.0.0.3
- http://en-us.www.mozilla.com/en-US/firefox/all.html
v1.5.0.11
- http://en-us.www.mozilla.com/en-US/firefox/all-older.html
What's New
- http://www.mozilla.com/en-US/firefox/2.0.0.3/releasenotes/

Description of Release
- http://wiki.mozilla.org/Firefox:1.5.0.11-2.0.0.3:Test_Plan#Description_of_Release
"This release is to address several regressions that were discovered in the Firefox 2.0.0.2/1.5.0.10 release."

.

FYI...

- http://preview.tinyurl.com/2mfox3
May 29, 2007 (Computerworld) - "Mozilla Corp. will issue the last security update for its open-source Firefox 1.5 browser today (Wednesday). It will include an automatic update mechanism to give users the option of upgrading to the newer Firefox 2.0... Today's Firefox 1.5.0.12 will be the final security patch for the 18-month-old browser. Also due for delivery is Firefox 2.0.0.4... Firefox 2.0.0.4 will be posted here*, while Firefox 1.5.0.12 will be available from this page** of the Mozilla site. A list of the vulnerabilities*** patched by both updates will be posted sometime after 2.0.0.4 and 1.5.0.12 go live..."

* http://www.mozilla.com/en-US/firefox/all.html

** http://www.mozilla.com/en-US/firefox/all-older.html

*** http://www.mozilla.org/projects/security/known-vulnerabilities.html

.

FYI - Firefox updates released...

Use "Check for Updates" from an Admin account (>Help >Check for Updates... )
-or-

Download v2.0.0.4:
- http://www.mozilla.com/en-US/firefox/all.html
Download v1.5.0.12:
- http://www.mozilla.com/en-US/firefox/all-older.html

Fixes:
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

-------------------------------------------------------------------
Support for Mozilla Firefox 1.5 Extended Until Mid-May
- http://www.mozillazine.org/talkback.html?article=21543
April 24th, 2007

Release Schedule
> http://wiki.mozilla.org/Firefox:1.5.0.12-2.0.0.4#Release_Schedule
22 May 2007

.

FYI...

- http://blog.mozilla.com/webdev/
"June 30, 2007 - The download controller was modified on Thursday to prepare for the release of the 1.5.0.12 -> 2.0.0.4 major update..."

...which was made available Sunday 7.1.2007.


.

FYI...

- http://isc.sans.org/diary.html?storyid=3161
Last Updated: 2007-07-18 05:46:09 UTC - "Earlier today, Mozilla Firefox 2.0.0.5 was released which has a number of bug fixes including a couple of privacy related bugs and a few security related ones. Mozilla's Forum* show many of the details of these fixes for those that would like to peruse until the release notes** are updated. You can download the newest version from mozilla.com or through its automated update facility."

* http://forums.mozillazine.org/viewtopic.php?p=2965188&sid=9470fada0720570af2cc87b842eccaae

Fixed in Firefox 2.0.0.5
** http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5

Download:
> http://www.mozilla.com/en-US/firefox/all.html

------------------------------

- http://secunia.com/advisories/26095/
Release Date: 2007-07-18
Critical: Highly critical
Impact: Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.5...

- http://secunia.com/advisories/25984/

.

> http://www.mozilla.org/security/announce/2007/mfsa2007-23.html
"...Note: Other Windows applications can be called in this way and also manipulated to execute malicious code. This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer."
------------------------------

- http://www.us-cert.gov/current/#multiple_vulnerabilities_in_mozilla_firefox
July 18, 2007

:fear:

FYI...

- http://preview.tinyurl.com/ytjep2
July 18, 2007 - (Mozilla Security Blog) - "Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue... We warned that other Windows applications may be vulnerable to this Internet Explorer issue, and on Sunday Nate Mcfeters, Billy Rios, and Raghav Dube posted a proof of concept that demonstrates the same attack through Internet Explorer to execute code in Trillian. Additionally, Thor Larholm says*..."

* http://larholm.com/2007/07/18/firefox-fixes-internet-explorer-flaw/
July 18, 2007 - "... I can still automatically launch a wide range of external applications from Internet Explorer and provide them with arbitrary command line arguments. AcroRd32.exe (Adobe Acrobat PDF Reader), aim.exe (AOL Instant Messenger), Outlook.exe, msimn.exe (Outlook Express), netmeeting.exe, HelpCtr.exe (Windows Help Center), mirc.exe, Skype.exe, wab.exe (Windows Address Book) and wmplayer.exe (Windows Media Player) - just to name a few. I can categorically deny that this flaw has been fixed in Internet Explorer. Nicolas Robillard even detailed this flaw back in 2004 and it has remained unpatched since long before then..."

.

FYI...

Firefox v2.0.0.6 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
> http://www.mozilla.com/firefox/all.html

Release Notes
> http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/
Release Date: July 30, 2007
-------------------------------

- http://blog.mozilla.com/security/2007/07/30/firefox-2.0.0.6-now-available/
30 July 2007 - "We’ve just released Firefox 2.0.0.6... The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous behavior..."

.

Thanks for the heads-up.

Silj

FYI...

Firefox v2.0.0.7 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
> http://www.mozilla.com/firefox/all.html

Release Notes
> http://www.mozilla.com/en-US/firefox/2.0.0.7/releasenotes/
Release Date: September 18, 2007


.

FYI...

Firefox v2.0.0.8 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
> http://www.mozilla.com/firefox/all.html

Release Notes
> http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
Release Date: October 18, 2007

- http://secunia.com/advisories/27311
Release Date: 2007-10-19
Critical: Highly critical
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access...
Solution: Update to version 2.0.0.8.

:fear:

FYI...

- http://developer.mozilla.org/devnews/index.php/2007/10/22/firefox-2008-update-to-be-updated/
October 22nd, 2007 at 9:47 pm - "...The 2.0.0.8 release fixed some 200 issues, but accidentally regressed a few things. Most users won’t see any difference or experience any problems, and those 200 fixes make the 2.0.0.8 update very valuable, but you should never have to choose functionality over security. So we’re working fast to understand and fix these problems, and will shortly be issuing a 2.0.0.9 update to address them..."

:oops:

Thanks for the FYI Jack :bigthumb:

Silj

HI,
its cool, conveying such information is a good professional service, Keep up the good work!

FYI...

Firefox v2.0.0.9 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html

Release notes:
- http://www.mozilla.com/en-US/firefox/2.0.0.9/releasenotes/

.

FYI...

Firefox v2.0.0.10 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html

Fixed in Firefox 2.0.0.10:
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.10

.

FYI...

Firefox v2.0.0.11 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html

What's New in Firefox 2.0.0.11
- http://www.mozilla.com/en-US/firefox/2.0.0.11/releasenotes/
Release Date:
November 30, 2007
Stability Update:
This release corrects a compatibility issue with some websites and extensions discovered in Firefox 2.0.0.10.

Two bugs fixed in 2.0.0.11:
- http://preview.tinyurl.com/3djrk3

:eek:

FYI...

Firefox v2.0.0.12 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all.html

What's New in Firefox 2.0.0.12
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Release Date: February 7, 2008
-------------------------------

- http://secunia.com/advisories/28758/
Release Date: 2008-02-08
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information,
DoS, System access
Where: From remote...
Solution: Update to version 2.0.0.12.
-------------------------------

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0419
Last revised: 2/11/2008 - "...Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via a crafted page that uses designMode frames, which triggers memory corruption...
Impact: ...CVSS v2 Base score: 10.0 (High)..."

> http://www.mozilla.org/security/announce/2008/mfsa2008-06.html
Fixed in: Firefox 2.0.0.12, SeaMonkey 1.1.8...

> http://www.mozilla.org/download.html

:fear:

FYI...

Firefox v2.0.0.13 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/firefox/

What's new:
- http://www.mozilla.com/en-US/firefox/2.0.0.13/releasenotes/

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

- http://secunia.com/advisories/29526/
Release Date: 2008-03-26
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.13...

:fear:

FYI...

Firefox v2.0.0.14 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/firefox/

What's new:
- http://www.mozilla.com/en-US/firefox/2.0.0.14/releasenotes/
April 16, 2008

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.14

- http://secunia.com/advisories/29787/
Release Date: 2008-04-17
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.14.

:fear:

Hi. Not so long ago, Firefox came highly recommended by a friend and writer who switched from IE to Firefox with great results and resolve to numerous complaints.

This morning, I am so happy about installing Firefox, which I use at local public libraries and really like.

Unless this is not recommended, I am considering downloading Bugzilla, for added security.

Just want to thank you.
Rhonda


"When learning, there are no dull moments so long as there is interest, resource, and effort there is potential for growth and progress. Thanks for your help and contribution to this humble learning process which somehow blesses my life with a feeling of purpose."