-
Firefox 33.0.2 released
FYI...
Firefox 33.0.2 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Oct 28, 2014
Fixed: 33.0.2: Fix a startup crash with some combination of hardware and drivers
:fear:
-
Firefox 33.0.3 released
FYI...
Firefox 33.0.3 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Nov 6, 2014
Fixed:
33.0.3: Blacklisted graphics drivers that were causing black screens with OMTC enabled...
33.0.3: Fix two startup crashes with some combination of hardware and drivers
:spider:
-
Firefox 33.1 released
FYI...
Firefox 33.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Nov 10, 2014
New:
- Forget Button added
- Enhanced Tiles
- Privacy tour introduced
- Adding DuckDuckGo as a search option
:fear:
-
Firefox 33.1.1 released
FYI...
Firefox 33.1.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Nov 14, 2014
Fixed: 33.1.1 - Fixed startup crash
:fear:
-
Firefox 34.0 released
FYI...
Firefox 34.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 34.0:
- https://www.mozilla.org/security/kno...html#firefox34
Fixed in Firefox 34
2014-91 Privileged access to security wrapped protected objects
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-86 CSP leaks redirect data via violation reports
2014-85 XMLHttpRequest crashes with some input streams
2014-84 XBL bindings accessible via improper CSS declarations
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Dec 1, 2014
... complete list of changes in this release... 3749 bugs found.
___
- http://www.securitytracker.com/id/1031286
CVE Reference: CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595, CVE-2014-8631, CVE-2014-8632
Dec 3 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 34.0 ...
Solution: The vendor has issued a fix (34.0).
:fear:
-
Firefox 35.0 released
FYI...
Firefox 35.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 35.0:
- https://www.mozilla.org/security/kno...html#firefox35
Fixed in Firefox 35
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-07 Gecko Media Plugin sandbox escape
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Jan 13, 2015
... complete list of changes in this release... 3589 bugs found.
___
- http://www.securitytracker.com/id/1031533
CVE Reference: CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642, CVE-2014-8643
Jan 14 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 35.0 ...
Solution: The vendor has issued a fix (35.0).
:fear:
-
Firefox 35.0.1 released
FYI...
Firefox 35.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Jan 26, 2015
... complete list of changes in this release 3610 bugs found.
:fear:
-
Firefox 36.0 released
FYI...
Firefox 36.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 36.0:
- https://www.mozilla.org/security/kno...html#firefox36
Fixed in Firefox 36
2015-27 Caja Compiler JavaScript sandbox bypass
2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
2015-25 Local files or privileged URLs in pages can be opened into new tabs
2015-24 Reading of local files through manipulation of form autocomplete
2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
2015-22 Crash using DrawTarget in Cairo graphics library
2015-21 Buffer underflow during MP3 playback
2015-20 Buffer overflow during CSS restyling
2015-19 Out-of-bounds read and write while rendering SVG content
2015-18 Double-free when using non-default memory allocators with a zero-length XHR
2015-17 Buffer overflow in libstagefright during MP4 video playback
2015-16 Use-after-free in IndexedDB
2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
2015-14 Malicious WebGL content crash when writing strings
2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Feb 24, 2015
... complete list of changes in this release... 3608 bugs found.
___
- http://www.securitytracker.com/id/1031791
CVE Reference: CVE-2015-0819, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0828, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0833, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836
Feb 24 2015
Version: prior to 36.0...
:fear:
-
Firefox 36.0.3 released
FYI...
Firefox 36.0.3 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/
- https://www.mozilla.org/en-US/firefo.../releasenotes/
What’s New:
Fixed: 36.0.3: Security fixes for issues disclosed at HP Zero Day Initiative's Pwn2Own contest*
* https://www.mozilla.org/security/kno...#firefox36.0.3
Fixed in Firefox 36.0.3
2015-29 Code execution through incorrect JavaScript bounds checking elimination
2015-28 Privilege escalation through SVG navigation
___
- https://www.us-cert.gov/ncas/current...-and-SeaMonkey
March 20, 2015 - "... Available updates include:
• Firefox 36.0.3
• Firefox ESR 31.5.2
• SeaMonkey 2.33.1 ..."
___
- http://www.securitytracker.com/id/1031958
CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2015-0817
Mar 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 36.0.3 ...
All four major browsers take a stomping at Pwn2Own...
- http://arstechnica.com/security/2015...g-competition/
Mar 20, 2015 - "The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader..."
:fear::fear:
-
Firefox 36.0.4 released
FYI...
Firefox 36.0.4 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/
- https://www.mozilla.org/en-US/firefo.../releasenotes/
- https://www.mozilla.org/en-US/securi...#firefox36.0.4
Fixed in Firefox 36.0.4
2015-28 Privilege escalation through SVG navigation
... HP Zero Day Initiative's Pwn2Own contest... AGAIN.
___
- http://www.securitytracker.com/id/1031959
CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2015-0818
Mar 22 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 36.0.4...
- https://www.mozilla.org/en-US/securi...s/mfsa2015-28/
- https://www.mozilla.org/en-US/securi...s/mfsa2015-29/
Impact: Critical
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0817 - 6.8
Last revised: 03/27/2015
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0818 - 7.5 (HIGH)
Last revised: 03/27/2015
:fear: