FYI...
Firefox v3.5.6 released
From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all.html
v.3.5.6, released December 15, 2009
- http://www.mozilla.org/security/know...l#firefox3.5.6
Fixed in Firefox 3.5.6
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-67 Integer overflow, crash in libtheora video library
MFSA 2009-66 Memory safety fixes in liboggplay media library
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
___
Firefox v3.0.16 released
From an admin account, start Firefox, then > Help > Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all-older.html
v3.0.16, released December 15, 2009
- http://www.mozilla.org/security/know...#firefox3.0.16
Fixed in Firefox 3.0.16
MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
MFSA 2009-70 Privilege escalation via chrome window.opener
MFSA 2009-69 Location bar spoofing vulnerabilities
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
___
- http://secunia.com/advisories/37699/2/
Release Date: 2009-12-16
Critical: Highly critical
Impact: Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.0.x, Mozilla Firefox 3.5.x ...
Solution: Update to version 3.0.16 or 3.5.6...
- http://www.theregister.co.uk/2009/12/16/firefox_update/
16 December 2009