Page 4 of 4 FirstFirst 1234
Results 31 to 39 of 39

Thread: Firefox updated...

  1. #31
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 29.0 released ...

    FYI...

    Firefox 29.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for 29.0:
    - https://www.mozilla.org/security/kno...html#firefox29
    Fixed in Firefox 29
    MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
    MFSA 2014-46 Use-after-free in nsHostResolve
    MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
    MFSA 2014-44 Use-after-free in imgLoader while resizing images
    MFSA 2014-43 Cross-site scripting (XSS) using history navigations
    MFSA 2014-42 Privilege escalation through Web Notification API
    MFSA 2014-41 Out-of-bounds write in Cairo
    MFSA 2014-40 Firefox for Android addressbar suppression
    MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
    MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
    MFSA 2014-37 Out of bounds read while decoding JPG images
    MFSA 2014-36 Web Audio memory corruption issues
    MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
    MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Apr 29, 2014

    ... complete list of changes in this release... 3892 bugs found.
    ___

    - https://addons.mozilla.org/en-US/fir...evar/versions/
    April 27, 2014
    ___

    - http://www.securitytracker.com/id/1030163
    CVE Reference: CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1527, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
    Apr 30 2014
    Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 29.0 ...
    Solution: The vendor has issued a fix (29.0)...

    Last edited by AplusWebMaster; 2014-04-30 at 12:14.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #32
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 29.0.1 released

    FYI...

    Firefox 29.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    May 9, 2014

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #33
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 30.0 released ...

    FYI...

    Firefox 30.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for 30.0:
    - https://www.mozilla.org/security/kno...html#firefox30
    Fixed in Firefox 30
    MFSA 2014-54 Buffer overflow in Gamepad API
    MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
    MFSA 2014-52 Use-after-free with SMIL Animation Controller
    MFSA 2014-51 Use-after-free in Event Listener Manager
    MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
    MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
    MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    June 10, 2014

    ... complete list of changes in this release... 3622 bugs found.
    ___

    - http://www.securitytracker.com/id/1030388
    CVE Reference: CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1539, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542, CVE-2014-1543
    Jun 11 2014
    Impact: Disclosure of system information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 30.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can conduct clickjacking attacks.
    Solution: The vendor has issued a fix (30.0)...

    Last edited by AplusWebMaster; 2014-06-11 at 11:37.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 31.0 released

    FYI...

    Firefox 31.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-

    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for 31.0:
    - https://www.mozilla.org/security/kno...html#firefox31
    Fixed in Firefox 31
    MFSA 2014-66 IFRAME sandbox same-origin access through redirect
    MFSA 2014-65 Certificate parsing broken by non-standard character encoding
    MFSA 2014-64 Crash in Skia library when scaling high quality images
    MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
    MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
    MFSA 2014-61 Use-after-free with FireOnStateChange event
    MFSA 2014-60 Toolbar dialog customization event spoofing
    MFSA 2014-59 Use-after-free in DirectWrite font handling
    MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
    MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
    MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    July 22, 2014

    ... complete list of changes in this release... 3025 bugs found.
    ___

    - http://www.securitytracker.com/id/1030619
    CVE Reference: CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560, CVE-2014-1561
    Jul 22 2014
    Impact: Denial of service via network, Execution of arbitrary code via network, Modification of system information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 31.0 ...

    Last edited by AplusWebMaster; 2014-07-23 at 11:41.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #35
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 32.0 released

    FYI...

    Firefox 32.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for 32.0:
    - https://www.mozilla.org/security/kno...html#firefox32
    Fixed in Firefox 32
    MFSA 2014-72 Use-after-free setting text directionality
    MFSA 2014-71 Profile directory file access through file: protocol
    MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
    MFSA 2014-69 Uninitialized memory use during GIF rendering
    MFSA 2014-68 Use-after-free during DOM interactions with SVG
    MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8 )

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Sep 2, 2014

    ... complete list of changes in this release... 3198 bugs found.
    ___

    - http://www.securitytracker.com/id/1030793
    CVE Reference: CVE-2014-1553, CVE-2014-1554, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
    Sep 3 2014
    Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to versions 31.1, 32.0 ...

    Last edited by AplusWebMaster; 2014-09-03 at 14:42.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #36
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 32.0.1 released

    FYI...

    Firefox 32.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Sep 12, 2014
    Fixed: 32.0.1 - Stability issues for computers with multiple graphics cards
    Fixed: 32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites
    Fixed: 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified...

    Mobile:
    - https://www.mozilla.org/en-US/mobile.../releasenotes/
    Fixed: 32.0.1 - Link tap selection is offset on some Android devices
    Fixed: 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified...

    Last edited by AplusWebMaster; 2014-09-13 at 16:04.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #37
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 32.0.2 released

    FYI...

    Firefox 32.0.2 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Sep 18, 2014
    Fixed: 32.0.2 - Corrupt installations cause Firefox to crash on update

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #38
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 32.0.3 released

    FYI...

    Firefox 32.0.3 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    September 24, 2014
    Fixed: 32.0.3: New security fixes can be found here*
    * https://www.mozilla.org/security/kno...#firefox32.0.3
    MFSA 2014-73 RSA Signature Forgery in NSS
    > https://www.mozilla.org/security/ann...sa2014-73.html

    > https://www.us-cert.gov/ncas/current...-Vulnerability
    Sep 24, 2014

    - http://www.kb.cert.org/vuls/id/772676
    24 Sep 2014 - "... This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate..."

    - http://www.securitytracker.com/id/1030901
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1568 - 7.5 (HIGH)
    Sep 24 2014
    Impact: Disclosure of system information, Disclosure of user information, Modification of authentication information, Modification of system information, Modification of user information
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to versions ESR 24.8.1, ESR 31.1.1, 32.0.3 ...

    Last edited by AplusWebMaster; 2014-09-27 at 00:02.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #39
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,155

    Exclamation Firefox 33.0 released

    FYI...

    Firefox 33.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html

    Security Advisories for 33.0:
    - https://www.mozilla.org/security/kno...html#firefox33
    Fixed in Firefox 33
    MFSA 2014-82 Accessing cross-origin objects via the Alarms API
    MFSA 2014-81 Inconsistent video sharing within iframe
    MFSA 2014-80 Key pinning bypasses
    MFSA 2014-79 Use-after-free interacting with text directionality
    MFSA 2014-78 Further uninitialized memory use during GIF
    MFSA 2014-77 Out-of-bounds write with WebM video
    MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
    MFSA 2014-75 Buffer overflow during CSS manipulation
    MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Oct 14, 2014

    ... complete list of changes in this release... 3422 bugs found.
    ___

    - http://www.securitytracker.com/id/1031028
    CVE Reference: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582, CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586
    Oct 14 2014
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 33.0 ...
    ___

    Mozilla to disable encryption feature in next Firefox browser due to 'Poodle' bug
    - http://www.reuters.com/article/2014/...0SA04O20141015
    Oct 14, 2014 - "Mozilla said it will -disable- Secure Sockets Layer (SSL) encryption in the latest version of its Firefox web browser that will be released on Nov. 25 after a security bug called "Poodle" was discovered in a web encryption technology. "By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user's private account data on a website," Mozilla said in its blog*. SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. The code to disable the security protocol will be available shortly via Mozilla Nightly, an in-development version of Mozilla's browser. Mozilla also said that Firefox 35 will support a generic Transport Layer Security (TLS) downgrade protection mechanism called SCSV (Signaling Cipher Suite Value), as a precautionary measure..."
    * https://blog.mozilla.org/security/20...nd-of-ssl-3-0/
    Oct 14, 2014 - "Summary: SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information. We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a critical flaw in SSLv3, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the “Secure Sockets Layer” (SSL) or “Transport Layer Security” (TLS)..."

    Microsoft Security Advisory 3009008
    Vulnerability in SSL 3.0 Could Allow Information Disclosure
    - https://technet.microsoft.com/en-us/...y/3009008.aspx
    Oct 14, 2014

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3566
    Last revised: 10/14/2014

    Last edited by AplusWebMaster; 2014-10-15 at 16:02.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •