Firefox updates

Firefox v3.5.6 - v3.0.16 released

FYI...

Firefox v3.5.6 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all.html
v.3.5.6, released December 15, 2009

- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.6
Fixed in Firefox 3.5.6
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
___

Firefox v3.0.16 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all-older.html
v3.0.16, released December 15, 2009

- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.16
Fixed in Firefox 3.0.16
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
___

- http://secunia.com/advisories/37699/2/
Release Date: 2009-12-16
Critical: Highly critical
Impact: Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...
Solution: Update to version 3.0.16 or 3.5.6...

- http://www.theregister.co.uk/2009/12/16/firefox_update/
16 December 2009

:fear:
 
Last edited:
Firefox v3.5.7 - v3.0.17 released

FYI...

Firefox v3.5.7 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all.html
v.3.5.7, released January 5, 2010

- http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes/
Firefox 3.5.7 fixes the following issues:
• Fixed a common stability issue.
• Fixed a problem with how updates were being presented to users.
Complete list of changes:
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.1:.7-fixed

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0220
Last revised: 01/08/2010
CVSS v2 Base Score: 5.0 (MEDIUM)
___

Firefox v3.0.17 released

From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all-older.html
v3.0.17, released January 5, 2010

- http://www.mozilla.com/en-US/firefox/3.0.17/releasenotes/
Firefox 3.0.17 fixes the following issue:
• Fixed a problem with how updates were being presented to users.
Complete list of changes:
- https://bugzilla.mozilla.org/buglis...words&keywords=fixed1.9.0.17+verified1.9.0.17

:fear:
 
Last edited:
Firefox v.3.6 released

FYI...

Firefox v.3.6 released
- http://www.mozilla.com/en-US/firefox/3.6/releasenotes/
January 21, 2010 - "Firefox 3.6 is built on Mozilla's Gecko 1.9.2 web rendering platform, which has been under development since early 2009 and contains many improvements for web developers, add-on developers, and users. This version is also faster and more responsive than previous versions and has been optimized to run on small device operating systems such as Maemo..."
- Download: http://www.mozilla.com/firefox/all.html

WeeklyUpdates/2010-01-25
- https://wiki.mozilla.org/WeeklyUpdates/2010-01-25
Schedule for Firefox 3.5.8 are... Final release: February 16 ...
Schedule for Firefox 3.0.18 are... Final release: February 16 ...

:confused:
 
Firefox v3.0.18/v3.5.8 released

FYI...

From an admin account, start Firefox, then > Help > Check for Updates

Firefox v3.0.18/v3.5.8 released
- http://secunia.com/advisories/37242/
Release Date: 2010-02-18
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x
Solution: Update to version 3.0.18 or 3.5.8.
Original Advisory: Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
http://www.mozilla.org/security/announce/2010/mfsa2010-02.html
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
http://www.mozilla.org/security/announce/2010/mfsa2010-05.html
Secunia Research:
http://secunia.com/secunia_research/2009-45/

Bug list:
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.1:.8-fixed
63 bugs found.

Fixed in Firefox 3.5.8
- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html

Bug list:
- https://bugzilla.mozilla.org/buglis...words&keywords=fixed1.9.0.18+verified1.9.0.18
19 bugs found.

Fixed in Firefox 3.0.18
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162
____

Blocklisted add-ons that should no longer be used with Mozilla products.
- https://www.mozilla.com/en-US/blocklist/

:fear:
 
Last edited:
Firefox v3.6.2...

FYI...

Firefox v3.6.2
- http://secunia.com/advisories/38608/
Last Update: 2010-03-19
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Mozilla Firefox 3.6.x
Original Advisory: Mozilla:
- http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/
03.18.10 - "Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience. Alternatively, users can download the current Beta build of Firefox 3.6.2, which contains the fix from here:
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.2-candidates/build3/

- https://wiki.mozilla.org/WeeklyUpda...3.5.x_.2F_Firefox_3.6.x_.2F_Thunderbird_3.0.x
WeeklyUpdates/2010-03-22 - "QA and release teams are quickly checking the risk of 1.9.2 patches, to see if we can get 3.6.2 out early this week."

:fear:
 
Last edited:
Firefox v3.6.2 released

FYI...

Firefox v3.6.2 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html

• Critical: MFSA 2010-11 Crashes with evidence of memory corruption
- http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
• Critical: MFSA 2010-08 WOFF heap corruption due to integer overflow
- http://www.mozilla.org/security/announce/2010/mfsa2010-08.html

Fixed in Firefox 3.6.2
- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.2
MFSA 2010-15 Asynchronous Auth Prompt attaches to wrong window
MFSA 2010-14 Browser chrome defacement via cached XUL stylesheets
MFSA 2010-13 Content policy bypass with image preloading
MFSA 2010-12 XSS using addEventListener and setTimeout on a wrapped object
MFSA 2010-11 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18)
MFSA 2010-10 XSS via plugins and unprotected Location object
MFSA 2010-09 Deleted frame reuse in multipart/x-mixed-replace image
MFSA 2010-08 WOFF heap corruption due to integer overflow

What’s New in Firefox 3.6.2
- http://www.mozilla.com/en-US/firefox/3.6.2/releasenotes/
Firefox 3.6.2 fixes the following issues found in previous versions of Firefox 3.6:
* Fixed a critical security issue that could potentially allow remote code execution (see bug 552216).
* Fixed several additional security issues.
* Fixed several stability issues.
Please see the complete list of changes* in this version..."
* https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.2-fixed
118 bugs found.

- http://secunia.com/advisories/38608/
Last Update: 2010-03-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 3.6.2.

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028
... before 3.6.2...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1122
Last revised: 03/26/2010 - ...Firefox 3.5.x through 3.5.8...
CVSS v2 Base Score: 10.0 (HIGH)...

- https://wiki.mozilla.org/WeeklyUpda...3.5.x_.2F_Firefox_3.6.x_.2F_Thunderbird_3.0.x
WeeklyUpdates/2010-03-29 - "... 3.5.9, 3.0.19 on track for tomorrow..."

:fear:
 
Last edited:
Firefox v3.5.9 released

FYI...

Firefox v3.5.9 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.com/firefox/all-older.html

Release Notes
- http://www.mozilla.com/firefox/3.5.9/releasenotes/
v.3.5.9, released March 30, 2010

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.9
Fixed in Firefox 3.5.9
MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
MFSA 2010-23 Image src redirect to mailto: URL opens email editor
MFSA 2010-22 Update NSS to support TLS renegotiation indication
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)

- https://developer.mozilla.org/devne...-9-and-3-0-19-security-updates-now-available/
March 30, 2010 - "... Firefox 3.5.9 and Firefox 3.0.19 are now available for Windows, Mac, and Linux for free download... Please note: This is the last planned security and stability release for Firefox 3.0..."
Use: >Help >Check for Updates

Firefox 3.0.19: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.19

13 bugs...
- https://bugzilla.mozilla.org/buglis...words&keywords=fixed1.9.0.19+verified1.9.0.19

:fear:
 
Last edited:
Firefox v3.6.3 released

FYI...

Firefox v3.6.3 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html

- http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
Title: Re-use of freed object due to scope confusion
Impact: Critical
Announced: April 1, 2010
Reporter: Nils (MWR InfoSecurity)
Products: Firefox
Fixed in: Firefox 3.6.3...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1121
Last revised:03/26/2010
CVSS v2 Base Score: 10.0 (HIGH)
Overview: Unspecified vulnerability in Mozilla Firefox 3 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010...

- http://secunia.com/advisories/39175/
Release Date: 2010-04-02
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 3.6.3.
___

Due to some obscure moron a "security 'specialist'" hacking into a kludge of browsers "playing games" at a supposed security conference at CanSecWest with all the public media reports as a result of the "contest", this update became necessary wasting the time and effort of millions of end users and those who support them. More updates for other browsers will follow...

Responsible Disclosure Policy
- http://www.secureworks.com/research/disclosure.html
As a managed security services provider, we are constantly researching new methods computer criminals could use to break into systems, steal information and cause harm to our clients or their clients. We must be ahead of the criminal – anticipating new threats and developing countermeasures to prevent those threats. In that process, we may discover a vulnerability or a class of vulnerabilities in a technology solution that could create risk for our clients or the general market. When we discover a vulnerability, we will follow SecureWorks’ Responsible Disclosure Policy.
The goals of our Disclosure Policy are as follows:
1. Minimize risks to our clients and to the market
2. Education
3. Contribution to the security community
4. Cooperation with vendor community to understand the vulnerability
SecureWorks believes that it is important to work with technology providers when we find vulnerabilities – giving them an opportunity to patch their systems prior to advising our clients and the public about the vulnerability. This reduces the opportunity for a computer criminal to use information we provide to the public to cause harm although it does not prevent the criminal from discovering the same vulnerability independently...

:fear::sad:
 
Last edited:
Firefox v3.6.4 released

FYI...

Firefox v3.6.4 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
June 22, 2010

What’s new
- http://www.mozilla.com/en-US/firefox/3.6.4/releasenotes/

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.4-fixed
226 bugs found/fixed

- http://secunia.com/advisories/40309/
Release Date: 2010-06-23
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote
Solution: Update to version 3.5.10 or 3.6.4...

:fear:
 
Last edited:
Firefox v3.6.6 released

FYI...

Firefox v3.6.6 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
June 26, 2010

What’s new
- http://www.mozilla.com/en-US/firefox/3.6.6/releasenotes/
"Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated..."

- http://forums.mozillazine.org/viewtopic.php?f=38&t=1929983
"Firefox 3.6.6 is a maintenance release to solve problems with Flash crashes. If you are having a number of flash crashes this should solve the issue. The fix increases the amount of time the before Firefox decides the plug-in has crashed. If you are curious why this release isn't number 3.6.5 see where's 3.6.5?* ..."
* http://christian.legnitto.com/blog/...atform-version-is-1-9-2-6-instead-of-1-9-2-5/

- http://www.h-online.com/security/ne...false-alarm-after-Firefox-update-1030099.html
28 June 2010 - "... Norton Antivirus and Internet Security from Symantec both issued a security alert and pushed various files into quarantine after they installed the latest Firefox update which in turn caused Firefox to malfunction. In Symantec's support forums and elsewhere on the internet, further users have reported malware alerts after installing the Firefox 3.6.6 update. The affected files are reported to be:
* freebl3.dll
* softokn3.dll
* nssdbm3.dll
The name given by Symantec, WS.Reputation.1, points towards a detection by the cloud based functionality of Norton where the company evaluates the information transmitted by users' systems to assess files. Files that haven't been seen before are considered particularly suspicious. [?] If Norton then detects anything else that's unusual about the file, it will raise the alarm..."

:fear:
 
Last edited:
Firefox v3.6.7 released

FYI...

Firefox v3.6.7 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
July 20, 2010

What’s new
- http://www.mozilla.com/en-US/firefox/3.6.7/releasenotes/

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.7

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.7-fixed,.5-fixed
126 bugs found/fixed.

- http://securitytracker.com/alerts/2010/Jul/1024225.html
- http://securitytracker.com/alerts/2010/Jul/1024226.html

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0654
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1208
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1209
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1211
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1212
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1214
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2752
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2753
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2754

:fear:
 
Last edited:
Firefox v3.6.8 released

FYI...

Firefox v3.6.8 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
July 23, 2010

What’s new
- http://www.mozilla.com/en-US/firefox/3.6.8/releasenotes/
• Fixed a single stability issue affecting some pages containing plugins.
Regression: http://www.mozilla.org/security/announce/2010/mfsa2010-48.html

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.8

- http://securitytracker.com/alerts/2010/Jul/1024243.html
Date: July 24, 2010

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2755
CVSS v2 Base Score: 10.0 (HIGH)

:fear:
 
Last edited:
Firefox v3.6.9 released ..

FYI...

Firefox v3.6.9 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
Sep. 7, 2010

What’s new
- http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/

- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9

67 bugs found:
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.9-fixed

- http://secunia.com/advisories/41297/
Release Date: 2010-09-08
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2010-2760, CVE-2010-2762, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
Solution: Update to version 3.6.9 or 3.5.12.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3171
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3399
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3400

- http://securitytracker.com/alerts/2010/Sep/1024401.html
- http://securitytracker.com/alerts/2010/Sep/1024406.html
Sep 8 2010

:fear:
 
Last edited:
Firefox v3.6.11 released

FYI...

Firefox v3.6.11 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
Oct. 19, 2010

What’s new
- http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/
• Fixed several security issues.
• Fixed several stability issues.

Fixed in Firefox 3.6.11
- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11

Complete list of changes: 40 bugs found.
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.11-fixed

- http://www.securitytracker.com/id?1024605
Oct 20 2010
CVE Reference: CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3181, CVE-2010-3182, CVE-2010-3183
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network ...
... prior to 3.6.11
Solution: The vendor has issued a fix (3.5.14, 3.6.11)...

:fear:
 
Last edited:
Firefox v3.6.13 released

FYI...

Firefox v3.6.13 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
Dec. 9, 2010

Fixed in Firefox 3.6.13
- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.13-fixed
68 bugs fixed...

- http://secunia.com/advisories/42517/
Release Date: 2010-12-10
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 3.6.13 or 3.5.16.

- http://www.securitytracker.com/id?1024848
- http://www.securitytracker.com/id?1024850
- http://www.securitytracker.com/id?1024851
Dec 10 2010

:fear:
 
Last edited:
Firefox v.3.6.14 released

FYI...

Firefox v.3.6.14 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
March 1st, 2011

Fixed in Firefox 3.6.14
- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-09 Crash caused by corrupted JPEG image
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

Bug fixes:
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.14-fixed
41 bugs found.
___

- http://secunia.com/advisories/43550/
Release Date: 2011-03-02
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution: Update to Mozilla Firefox version 3.5.17 or 3.6.14

- http://www.securitytracker.com/id/1025134
Mar 2 2011

:fear:
 
Last edited:
Firefox v.3.6.15 released

FYI...

Firefox v.3.6.15 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
March 4, 2011

- http://www.mozilla.com/en-US/firefox/3.6.15/releasenotes/
• Fixed an issue where some Java applets would fail to load in Firefox 3.6.14

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.15-fixed
24 bugs found.
___

- https://wiki.mozilla.org/WeeklyUpdates/2011-03-07#Firefox_3.6_and_3.5
WeeklyUpdates/2011-03-07
Shipped 3.6.15 on Friday, fixing an issue where Firefox 3.6.14 would fail to load certain Java applets
Bugs will be adjusted to reflect the current state of branch fixes ...

:fear:
 
Last edited:
Firefox 4 next week

FYI...

Firefox 4 next week ...
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=229301231
March 18, 2011 - "Firefox 4... will be officially released on March 22, 2011..."

- http://blogs.computerworld.com/17982/windows_7_service_pack_1_dont_install_it_yet
March 16, 2011 - "... Firefox version 4.. give it a couple months before installing it; not only to let the browser get battle tested but also to give authors of extensions more time to get the kinks out..."

- https://wiki.mozilla.org/Firefox/Roadmap#Product_Priorities_for_2011

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top