Firefox "new tab" thumbnail feature - disable
FYI...
Firefox "new tab" thumbnail feature - disable
- http://h-online.com/-1625761
25 June 2012 - "... users can completely disable the new tab page feature in Firefox by changing some advanced preferences under "about:config" ..."
- http://www.h-online.com/security/new...ew=zoom;zoom=1
- http://www.theregister.co.uk/2012/06...rity_concerns/
22 June 2012
:fear: :sad:
Firefox v18.0.1 released ...
FYI...
Firefox v18.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
What's new...
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Jan 18, 2013
18.0.1: Problems involving HTTP Proxy Transactions (Associated bugs)
18.0.1: Unity player crashes on Mac OS X (bug 828954)
18.0.1: Disabled HIDPI support on external monitors to avoid rendering glitches (bug 814434)
FIXED
___
- http://h-online.com/-1787497
19 Jan 2013
:fear::fear:
Firefox 28.0 released ...
FYI...
Firefox 28.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 28.0:
- https://www.mozilla.org/security/kno...html#firefox28
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable to relative path escape
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-23 Content Security Policy for data: documents not preserved by session restore
MFSA 2014-22 WebGL content injection from one domain to rendering in another
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-18 crypto.generateCRMFRequest does not validate type of key
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Mar 18, 2014
... complete list of changes in this release... 865 bugs found.
___
- http://www.securitytracker.com/id/1029928
CVE Reference: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514
Mar 19 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 28.0 ...
Solution: The vendor has issued a fix (28.0)...
___
- https://www.computerworld.com/s/arti..._Pwn2Own_holes
Mar 19, 2014 - "... Firefox 28 was primarily a security update, patching the five Pwn2Own flaws and 15 others..."
___
Firefox 28.0.1 for Android
- https://www.mozilla.org/security/kno...#firefox28.0.1
- https://www.mozilla.org/security/ann...sa2014-33.html
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-1515
"... Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application..."
:fear:
Firefox 29.0 released ...
FYI...
Firefox 29.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 29.0:
- https://www.mozilla.org/security/kno...html#firefox29
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Apr 29, 2014
... complete list of changes in this release... 3892 bugs found.
___
- https://addons.mozilla.org/en-US/fir...evar/versions/
April 27, 2014
___
- http://www.securitytracker.com/id/1030163
CVE Reference: CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1527, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
Apr 30 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 29.0 ...
Solution: The vendor has issued a fix (29.0)...
:fear:
Firefox 30.0 released ...
FYI...
Firefox 30.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Security Advisories for 30.0:
- https://www.mozilla.org/security/kno...html#firefox30
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
June 10, 2014
... complete list of changes in this release... 3622 bugs found.
___
- http://www.securitytracker.com/id/1030388
CVE Reference: CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1539, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542, CVE-2014-1543
Jun 11 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 30.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can conduct clickjacking attacks.
Solution: The vendor has issued a fix (30.0)...
:fear::fear: