FYI...

Firefox v3.0 released
- http://www.mozilla.com/firefox/

Release notes:
- http://www.mozilla.com/firefox/3.0/releasenotes/

Download:
- http://www.mozilla.com/firefox/all.html
(over 45 languages)

---
Suggested reading prior to install:

Release notes / Known Issues:
- http://www.mozilla.com/firefox/3.0/releasenotes/
(Includes)...known problems with Firefox 3...

FYI...

Firefox vuln - unpatched
- http://secunia.com/advisories/30761/
Release Date: 2008-06-19
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 2.0.x, Mozilla Firefox 3.x...
The vulnerability is reported in versions 3.0 and 2.0.x. Other versions may also be affected.
Solution: Do not follow untrusted links nor browse untrusted web sites...
Original Advisory:
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
"...Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page. While Mozilla is working on a fix, we wont be divulging anything else until a patch is available..."
- http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2786
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785

:fear:

- http://preview.tinyurl.com/47o8yg
June 26, 2008 (arstechnica.com) - "...Mozilla told us that they have not finalized the schedule for when Firefox 3 will be made available to Firefox 2 users through the update channel, but they suspect that it will happen within the next two or three months..."

FYI...

Firefox v2.0.0.15 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.15:
- http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
July 1, 2008

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

- http://secunia.com/advisories/30911/
Last Update: 2008-07-03
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information,
Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.15...

:fear:

FYI...

Firefox v2.0.0.16 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.16:
- http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
July 15, 2008

- http://www.mozilla.org/security/known-vulnerabilities/firefox20.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933

:fear:

FYI...

Firefox v3.0.1 released
- http://www.mozilla.com/firefox/
July 16, 2008

Upgrading Firefox
- http://support.mozilla.com/en-US/kb/Upgrading+Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."

If "Check for Updates is disabled", see:
- http://support.mozilla.com/en-US/kb/Check+for+Updates+is+disabled

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

Known Issues
- http://www.mozilla.com/en-US/firefox/3.0.1/releasenotes/

Fixes in v3.0.1:
- http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

- http://secunia.com/advisories/31106/
Last Update: 2008-07-17
Critical: Highly critical
Impact: Security Bypass, Spoofing, System access
Where: From remote
...The vulnerabilities are reported in versions prior to 3.0.1.
Solution: Update to version 3.0.1 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2933

:fear:

FYI...

Firefox v3.0.2 released
- http://www.mozilla.com/firefox/
Upgrading Firefox
- http://support.mozilla.com/en-US/kb/Upgrading+Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."
If "Check for Updates is disabled", see:
- http://support.mozilla.com/en-US/kb/Check+for+Updates+is+disabled
Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2
Known Issues
- http://www.mozilla.com/en-US/firefox/3.0.2/releasenotes/
---

Firefox v2.0.0.17 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.com/en-US/firefox/all-older.html
What's New in Firefox 2.0.0.17:
- http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
September 23, 2008
- http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.17
---

FF3: http://secunia.com/advisories/32011/
Software: Mozilla Firefox 3.x
CVE reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3837
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4058
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4060
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4061
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4062
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4063
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4064
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4068

FF2: http://secunia.com/advisories/31984/
Software: Mozilla Firefox 2.0.x
CVE reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0016
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3835
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3836
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3837
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4058
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4059
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4060
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4061
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4062
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4069

.

FYI...

Firefox v3.0.3 released
- http://en-us.www.mozilla.com/firefox/3.0.3/releasenotes/
September 26, 2008 - "Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708*)"
* https://bugzilla.mozilla.org/show_bug.cgi?id=454708

- http://www.mozilla.com/firefox/all.html

:rolleyes:

FYI...

Firefox v3.0.4 - v2.0.0.18 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.4
- http://www.mozilla.com/firefox/all.html
Download Firefox v2.0.0.18
- http://www.mozilla.com/firefox/all-older.html

Release Notes
- http://www.mozilla.com/firefox/3.0.4/releasenotes/
Also see "Known Issues..." for v3: All Systems - 9 items, Microsoft Windows - 2...

Security issues
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4
___

Firefox 3
- http://secunia.com/advisories/32713/
Release Date: 2008-11-13
Critical: Highly critical...

Firefox 2
- http://secunia.com/advisories/32693/
Release Date: 2008-11-13
Critical: Highly critical...

FYI...

Firefox v3.0.5 released
- http://www.mozilla.com/firefox/
Dec. 16, 2008

Release Notes
- http://www.mozilla.com/firefox/3.0.5/releasenotes/

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.5
Fixed in Firefox 3.0.5
MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
___

Firefox v2.0.0.19 released
- http://www.mozilla.com/en-US/firefox/all-older.html

- http://www.mozilla.com/en-US/firefox/2.0.0.19/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3.
Firefox 2.0.0.19 does -not- include Phishing Protection.
___

- http://secunia.com/advisories/33203/

- http://secunia.com/advisories/33184/

:fear:

FYI...

Firefox v2.0.0.20 released
- http://www.mozilla.com/en-US/firefox/all-older.html
December 18, 2008

Release Notes:
- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3. Firefox 2.0.0.20 does not include Phishing Protection.
- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/#issues

Security Update:
- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/
Firefox 2.0.0.20 includes an additional security fix over Firefox 2.0.0.19 for users of the Windows platform. The following security issue* was fixed.

* http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.20
MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
- http://preview.tinyurl.com/3mvadg
"...Mozilla omitted one of the security patches that was supposed to be included in the Windows version of Tuesday's Firefox 2.0 .0.19 release..."

Firefox 3
- http://secunia.com/advisories/33203/
...Solution: Update to version 3.0.5.
http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.5

:fear: