Firefox v3.6.16 and 3.5.18...
FYI...
Firefox v3.6.16 and 3.5.18...
- http://isc.sans.edu/diary/Firefox+3+...xtension/10597
Last Updated: 2011-03-23 13:01:43 UTC - "At the heels of yesterday's Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. If you are not planning to update to Firefox 4 soon, you should update to the newest 3.x version..."
>> http://www.mozilla.com/en-US/firefox/all-older.html
('Should also be available thru the 'Help > Check for Updates' function.)
- http://www.mozilla.org/security/anno...sa2011-11.html
March 22, 2011
- http://www.securitytracker.com/id/1025243
Mar 23 2011
What’s New in Firefox 3.6.16...
- http://www.mozilla.com/en-US/firefox.../releasenotes/
v.3.6.16, released March 22nd, 2011 - "... blacklists a few invalid HTTPS certificates."
- https://bugzilla.mozilla.org/buglist....9.2:.16-fixed
One bug found... bogus certs issued by Comodo partner.
- http://isc.sans.edu/diary.html?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC
:spider:
Firefox v4.0.1/3.6.17 released ...
FYI...
Firefox v4.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
April 28, 2011
>Release notes
- http://www.mozilla.com/en-US/firefox.../releasenotes/
> Security Advisories
- http://www.mozilla.org/security/know...l#firefox4.0.1
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-17 WebGLES vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.mozilla.org/buglist...2.0%3A.1-fixed
55 bugs found.
___
v3.6.17
- http://www.mozilla.com/en-US/firefox.../releasenotes/
April 28, 2011
>Help >Check for Updates
-or-
- http://www.mozilla.com/en-US/firefox/all-older.html
> Security Advisories
- http://www.mozilla.org/security/know...#firefox3.6.17
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-14 Information stealing via form history
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.mozilla.org/buglist....2%3A.17-fixed
59 bugs found
___
- http://www.securitytracker.com/id/1025456
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
CVE Reference:
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 - 10.0
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 - 7.5
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 - 10.0
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 - "
Version(s): -prior- to 3.5.19, 3.6.17, 4.0.1
Apr 29 2011
___
- https://developer.mozilla.org/devnew...now-available/
April 28, 2011 - "... This is the last planned security and stability release for Firefox 3.5. All users are encouraged to upgrade..."
:fear:
Firefox v3.5 forced upgrade ...
FYI...
Firefox 5 ...
- http://www.h-online.com/open/news/it...e-1261711.html
16 June 2011 - "... the final version of Firefox 5 will be released on Tuesday 21 June alongside Firefox 3.6.18 and Thunderbird 3.1.11..."
- https://wiki.mozilla.org/Releases#Firefox_5
- http://secunia.com/advisories/44972/
... The weakness is reported in version 4.0.1. Other versions may also be affected.
Solution: The vendor recommends to disable WebGL. The vendor has scheduled a fix for 2011-06-21...
Original Advisory: Mozilla:
http://blog.mozilla.com/security/201...tealing-issue/
- http://www.securitytracker.com/id/1025676
Jun 17 2011 ... fix, tentatively scheduled for June 21, 2011...
___
Firefox v3.5 forced upgrade...
- http://isc.sans.org/diary.html?storyid=10885
Last Updated: 2011-05-16 21:39:57 UTC - "With Firefox 4 released not too long ago and Firefox 5 supposed to be released on June 21st... seems to be 12 million users still on Firefox 3.5... Firefox will start issuing warning on Google's default pages for users of version 3.5 and planning to push out 3.6.18 as an update (if auto update is enabled) once Firefox 5 is out... More info*..."
* http://www.theregister.co.uk/2011/05...orced_upgrade/
- https://wiki.mozilla.org/Releases/3.5_EOL#Assumptions
11 May 2011
:fear::spider:
Firefox v5.0.1 released for Mac OS-X bug...
FYI...
Firefox v5.0.1 released for Mac OS/X...
- http://www.mozilla.org/security/know....html#firefox5
June 12, 2011 - "Fixed in Firefox 5.0.1:
Firefox 5.0.1 addresses promblems with recent Mac OS X releases*. It does -not- contain security fixes."
* http://www.mozilla.com/firefox/5.0.1...tes/#whatsnew2
• Worked around an issue in Mac OS X 10.7 that could cause Firefox to crash
• Worked around an issue caused by Apple's "Java for Mac OS X 10.6 Update 5" where the Java plugin would not be loaded
:cleaning:
Firefox v6.0.2, v3.6.22 released
FYI...
Firefox v6.0.2 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
September 6, 2011
> Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Security Advisories
- https://www.mozilla.org/security/kno...l#firefox6.0.2
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificates
- https://www.mozilla.org/security/ann...sa2011-35.html
___
Firefox v3.6.22 released
September 6, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all-older.html
> Security Advisories
- https://www.mozilla.org/security/kno...#firefox3.6.22
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificates
- https://www.mozilla.org/security/ann...sa2011-35.html
:fear: