Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: Firefox updated...

  1. #21
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    32,085

    Default Firefox v 23.0 released

    Firefox v 23.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    http://www.mozilla.org/en-US/firefox/23.0/releasenotes/

    Security Advisories
    Fixed in Firefox 23

    MFSA 2013-75 Local Java applets may read contents of local file system
    MFSA 2013-74 Firefox full and stub installer DLL hijacking
    MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
    MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
    MFSA 2013-71 Further Privilege escalation through Mozilla Updater
    MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
    MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
    MFSA 2013-68 Document URI misrepresentation and masquerading
    MFSA 2013-67 Crash during WAV audio file decoding
    MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
    MFSA 2013-65 Buffer underflow when generating CRMF requests
    MFSA 2013-64 Use after free mutating DOM during SetBody
    MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

    https://www.mozilla.org/security/kno...s/firefox.html
    Microsoft MVP. Consumer Security 2006-2014


  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v23.0.1 released

    FYI...

    Firefox v23.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    August 16, 2013
    FIXED 23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
    FIXED 23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532)
    FIXED 23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527) ...

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v24.0 released

    FYI...

    Firefox v24.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Sep 17, 2013

    Security Advisories for v24.0:
    * https://www.mozilla.org/security/kno...html#firefox24
    Fixed in Firefox 24
    MFSA 2013-92 GC hazard with default compartments and frame chain restoration
    MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
    MFSA 2013-90 Memory corruption involving scrolling
    MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
    MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
    MFSA 2013-87 Shared object library loading from writable location
    MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
    MFSA 2013-85 Uninitialized data in IonMonkey
    MFSA 2013-84 Same-origin bypass through symbolic links
    MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
    MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
    MFSA 2013-81 Use-after-free with select element
    MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
    MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
    MFSA 2013-78 Integer overflow in ANGLE library
    MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
    MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    ... complete list of changes in this release... 543 bugs found.
    ___

    - http://www.securitytracker.com/id/1029042
    CVE Reference: CVE-2013-1718, CVE-2013-1719, CVE-2013-1720, CVE-2013-1721, CVE-2013-1722, CVE-2013-1723, CVE-2013-1724, CVE-2013-1725, CVE-2013-1726, CVE-2013-1727, CVE-2013-1728, CVE-2013-1729, CVE-2013-1730, CVE-2013-1731, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738
    Sep 17 2013
    Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 24.0; prior to ESR 17.0.9 ...

    Last edited by AplusWebMaster; 2013-09-18 at 11:44.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v25.0 released

    FYI...

    Firefox v25.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Oct 29, 2013

    Security Advisories for v25.0:
    - https://www.mozilla.org/security/kno...html#firefox25
    Fixed in Firefox 25
    MFSA 2013-102 Use-after-free in HTML document templates
    MFSA 2013-101 Memory corruption in workers
    MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
    MFSA 2013-99 Security bypass of PDF.js checks using iframes
    MFSA 2013-98 Use-after-free when updating offline cache
    MFSA 2013-97 Writing to cycle collected object during image decoding
    MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
    MFSA 2013-95 Access violation with XSLT and uninitialized data
    MFSA 2013-94 Spoofing addressbar though SELECT element
    MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    ... complete list of changes in this release... 565 bugs found.
    ___

    - https://secunia.com/advisories/55520/
    Release Date: 2013-10-30
    Criticality: Highly Critical
    Where: From remote
    Impact: Security Bypass, Spoofing, System access
    ... vulnerabilities are reported in versions prior to 25.
    Solution: Upgrade to version 25.

    - http://www.securitytracker.com/id/1029270
    CVE Reference: CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
    Oct 30 2013
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 25.0 ...
    Solution: The vendor has issued a fix (25.0)...

    Last edited by AplusWebMaster; 2013-10-30 at 13:53.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v25.0.1 released

    FYI...

    Firefox v25.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Nov 15, 2013

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    25.0.1: New security fixes... (list not available as of date/time of this post)
    25.0.1: Pages sometimes wouldn't load without first moving the cursor

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v25.0.1 ..

    FYI...

    Firefox v25.0.1 ...

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...

    - https://www.mozilla.org/security/kno...#firefox25.0.1
    Fixed in Firefox 25.0.1
    MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
    - https://www.mozilla.org/security/ann...a2013-103.html
    CVE Reference(s):
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1741 - 7.5 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-2566 - 2.6
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5605 - 7.5 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5606 - 6.4
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5607 - 7.5 (HIGH)

    - https://secunia.com/advisories/55732/
    Release Date: 2013-11-19
    Criticality: Highly Critical
    Where: From remote
    Impact: Unknown, Security Bypass, System access
    Solution Status: Vendor Patch...
    For more information: https://secunia.com/SA55557/
    Solution: Update to a fixed version.
    Original Advisory: Mozilla:
    https://www.mozilla.org/security/ann...a2013-103.html

    Last edited by AplusWebMaster; 2013-11-21 at 00:07.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v26.0 released

    FYI...

    Firefox v26.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for v26.0:
    - https://www.mozilla.org/security/kno...html#firefox26
    Fixed in Firefox 26
    MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
    MFSA 2013-116 JPEG information leak
    MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
    MFSA 2013-114 Use-after-free in synthetic mouse movement
    MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
    MFSA 2013-112 Linux clipboard information disclosure though selection paste
    MFSA 2013-111 Segmentation violation when replacing ordered list elements
    MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
    MFSA 2013-109 Use-after-free during Table Editing
    MFSA 2013-108 Use-after-free in event listeners
    MFSA 2013-107 Sandbox restrictions not applied to nested object elements
    MFSA 2013-106 Character encoding cross-origin XSS attack
    MFSA 2013-105 Application Installation doorhanger persists on navigation
    MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Dec 10, 2013

    ... complete list of changes in this release... 676 bugs found.
    ___

    - https://secunia.com/advisories/56005/
    Release Date: 2013-12-10
    Criticality: Highly Critical
    Where: From remote
    Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
    CVE Reference(s): CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
    ... security issue and the vulnerabilities are reported in versions prior to 26.
    Solution: Upgrade to version 26.

    Last edited by AplusWebMaster; 2013-12-11 at 01:49.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v27.0 released

    FYI...

    Firefox v27.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for v27.0:
    - https://www.mozilla.org/security/kno...html#firefox27
    MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
    MFSA 2014-12 NSS ticket handling issues
    MFSA 2014-11 Crash when using web workers with asm.js
    MFSA 2014-10 Firefox default start page UI content invokable by script
    MFSA 2014-09 Cross-origin information leak through web workers
    MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
    MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
    MFSA 2014-06 Profile path leaks to Android system log
    MFSA 2014-05 Information disclosure with *FromPoint on iframes
    MFSA 2014-04 Incorrect use of discarded images by RasterImage
    MFSA 2014-03 UI selection timeout missing on download prompts
    MFSA 2014-02 Clone protected content with XBL scopes
    MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Feb 4, 2014

    ... complete list of changes in this release... 659 bugs found.
    ___

    - http://www.securitytracker.com/id/1029717
    CVE Reference: CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491
    Feb 5 2014
    Impact: Denial of service via network, Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 27.0 ...
    Solution: The vendor has issued a fix (27.0)...

    - https://secunia.com/advisories/56787/
    Release Date: 2014-02-05
    Criticality: Highly Critical
    Where: From remote
    Impact: Security Bypass, System access
    For more information: https://secunia.com/SA56767/
    Solution: Upgrade to version 27.

    Last edited by AplusWebMaster; 2014-02-05 at 13:13.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox v27.0.1 released

    FYI...

    Firefox v27.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Release notes:
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    FIXED: 27.0.1 - Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval
    FIXED: 27.0.1 - JS math correctness issue (bug 941381)

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    4,823

    Exclamation Firefox 28.0 released ...

    FYI...

    Firefox 28.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for 28.0:
    - https://www.mozilla.org/security/kno...html#firefox28
    MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
    MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
    MFSA 2014-30 Use-after-free in TypeObject
    MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
    MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
    MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
    MFSA 2014-26 Information disclosure through polygon rendering in MathML
    MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
    MFSA 2014-24 Android Crash Reporter open to manipulation
    MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
    MFSA 2014-22 WebGL content injection from one domain to rendering in another
    MFSA 2014-21 Local file access via Open Link in new tab
    MFSA 2014-20 onbeforeunload and Javascript navigation DOS
    MFSA 2014-19 Spoofing attack on WebRTC permission prompt
    MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
    MFSA 2014-17 Out of bounds read during WAV file decoding
    MFSA 2014-16 Files extracted during updates are not always read only
    MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Mar 18, 2014

    ... complete list of changes in this release... 865 bugs found.
    ___

    - http://www.securitytracker.com/id/1029928
    CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
    Mar 19 2014
    Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 28.0 ...
    Solution: The vendor has issued a fix (28.0)...
    ___

    - https://www.computerworld.com/s/arti..._Pwn2Own_holes
    Mar 19, 2014 - "... Firefox 28 was primarily a security update, patching the five Pwn2Own flaws and 15 others..."
    ___

    Firefox 28.0.1 for Android
    - https://www.mozilla.org/security/kno...#firefox28.0.1

    - https://www.mozilla.org/security/ann...sa2014-33.html

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1515
    "... Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application..."

    Last edited by AplusWebMaster; 2014-04-22 at 01:49.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •