Firefox updated...

[tashi]

Firefox v 23.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html

http://www.mozilla.org/en-US/firefox/23.0/releasenotes/

Security Advisories
Fixed in Firefox 23

MFSA 2013-75 Local Java applets may read contents of local file system
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
MFSA 2013-72 Wrong principal used for validating URI for some Javascript components
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

https://www.mozilla.org/security/kno...s/firefox.html

[AplusWebMaster]

FYI...

Firefox 29.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html

Security Advisories for 29.0:
- https://www.mozilla.org/security/kno...html#firefox29
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Apr 29, 2014

... complete list of changes in this release... 3892 bugs found.
___

- https://addons.mozilla.org/en-US/fir...evar/versions/
April 27, 2014
___

- http://www.securitytracker.com/id/1030163
CVE Reference: CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1527, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
Apr 30 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 29.0 ...
Solution: The vendor has issued a fix (29.0)...

[AplusWebMaster]

FYI...

Firefox 33.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html

Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Oct 28, 2014
Fixed: 33.0.2: Fix a startup crash with some combination of hardware and drivers

[AplusWebMaster]

FYI...

Firefox 37.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

- https://www.mozilla.org/en-US/firefo.../releasenotes/
March 31, 2015

- https://www.mozilla.org/en-US/securi...fox/#firefox37
Fixed in Firefox 37.0
2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
2015-41 PRNG weakness allows for DNS poisoning on Android
2015-40 Same-origin bypass through anchor navigation
2015-39 Use-after-free due to type confusion flaws
2015-38 Memory corruption crashes in Off Main Thread Compositing
2015-37 CORS requests should not follow 30x redirections after preflight
2015-36 Incorrect memory management for simple-type arrays in WebRTC
2015-35 Cursor clickjacking with flash and images
2015-34 Out of bounds read in QCMS library
2015-33 resource:// documents can load privileged pages
2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

... complete list of changes in this release... 2817 bugs found.
___

- http://www.securitytracker.com/id/1031996
CVE Reference: CVE-2015-0800, CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0810, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
Apr 1 2015
Original Entry Date: Mar 31 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 37.0 ...

[AplusWebMaster]

FYI...

Firefox 41.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Sep 22, 2015

- https://www.mozilla.org/en-US/securi...fox/#firefox41
Fixed in Firefox 41
2015-114 Information disclosure via the High Resolution Time API
2015-113 Memory safety errors in libGLES in the ANGLE graphics library
2015-112 Vulnerabilities found through code inspection
2015-111 Errors in the handling of CORS preflight request headers
2015-110 Dragging and dropping images exposes final URL after redirects
2015-109 JavaScript immutable property enforcement can be bypassed
2015-108 Scripted proxies can access inner window
2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
2015-106 Use-after-free while manipulating HTML media content
2015-105 Buffer overflow while decoding WebM video
2015-104 Use-after-free with shared workers and IndexedDB
2015-103 URL spoofing in reader mode
2015-102 Crash when using debugger with SavedStacks in JavaScript
2015-101 Buffer overflow in libvpx while parsing vp9 format video
2015-100 Arbitrary file manipulation by local user through Mozilla updater
2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
2015-97 Memory leak in mozTCPSocket to servers
2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

... complete list of changes in this release... 3502 bugs found.

Fixed in Firefox ESR 38.3
- https://www.mozilla.org/en-US/securi...firefoxesr38.3
___

- http://www.securitytracker.com/id/1033640
CVE Reference: CVE-2015-4476, CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4503, CVE-2015-4504, CVE-2015-4505, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4512, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180
Sep 22 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 41.0...
Solution: The vendor has issued a fix (41.0, ESR 38.3).

[AplusWebMaster]

FYI...

Firefox 46.0.1 released

Start Firefox, then >Help >About >Apply Update ...

- https://www.mozilla.org/en-US/firefo.../releasenotes/
May 3, 2016
Fixed:
Fix for search plugin issue for various locales (Bug 1246494)
Fix for add-on signing certificate expiration (Bug 1267318)
Limit Sync registration updates (Bug 1262312)
Fix for service worker update issue (Bug 1267733)
Fix a build issue when jit is disabled (Bug 1266366)
Fix for page loading issue related to antivirus software (Bug 1268922)

[AplusWebMaster]

FYI...

Update on Firefox Support for Windows XP and Vista
- https://blog.mozilla.org/futurerelea...-xp-and-vista/
Dec 23, 2016 - "In approximately March, 2017, Windows XP and Vista users will automatically be moved to the Firefox Extended Support Release (ESR*).
Firefox is one of the few browsers that continues to support Windows XP and Vista, and we expect to continue to provide security updates for users until September 2017. Users do not need to take additional action to receive those updates. In mid-2017, user numbers on Windows XP and Vista will be reassessed and a final support end date will be announced. In the meantime, we strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use. For planning purposes, enterprises using Firefox should consider September 2017 as the support end date for Windows XP and Vista. For more information please visit the Firefox support page**."
* https://www.mozilla.org/en-US/firefox/organizations/

** https://support.mozilla.org/en-US/kb...s-xp-and-vista
"... Firefox version 52 will be the last complete update for Windows XP and Windows Vista. Security updates will be released, but no new features... Firefox is one of the only browsers to offer any support for Windows XP and Vista. Microsoft itself ended support for Windows XP in 2014 and will end support for Windows Vista in 2017. Unsupported operating systems receive no security updates, have known exploits, and can be dangerous to use, which makes it difficult to maintain Firefox on those versions.
Firefox security updates for XP and Vista users will continue until September 2017, although new features will not be offered. In mid-2017, a final support end date will be announced based on the number of users still on Windows XP and Vista..."

> https://www.mozilla.org/en-US/firefo...nizations/faq/