Firefox 56, 52.4.0 ESR released
FYI...
Firefox 56 released
Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/
Release notes: https://www.mozilla.org/en-US/firefo.../releasenotes/
Sep 28, 2017
New:
Launched Firefox Screenshots[1], a feature that lets users take, save, and share screenshots without leaving the browser
1] https://screenshots.firefox.com/#tour
Added support for address form autofill (en-US only)
Updated Preferences:
Added search tool so users can find a specific setting quickly
Reorganized preferences so users can more easily scan settings
Rewrote descriptions so users can better understand choices and how they affect browsing
Revised data collection choices so they align with updated Privacy Notice and data collection strategy
Media opened in a background tab will not play until the tab is selected
Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account
Changed:
Replaced character encoding converters with a new Encoding Standard-compliant implementation written in Rust
Added hardware acceleration for AES-GCM
Updated the Safe Browsing protocol to version 4
Reduced update download file size by approximately 20 percent
Improved security for verifying update downloads...
Unresolved:
Startup crashes with 64-bit Firefox on Windows 7, for users of Lenovo's "OneKey Theater" software for
IdeaPad laptops. To fix this crash, please re-install 32-bit Firefox.
> https://www.mozilla.org/en-US/firefox/all/
Startup crash with RelevantKnowledge adware installed. Firefox Support has helpful instructions to remove it:
> https://support.mozilla.org/en-US/kb...caused-malware
Fixed in Firefox 56: https://www.mozilla.org/en-US/securi...fox/#firefox56
> https://www.mozilla.org/en-US/securi...s/mfsa2017-21/
Critical:
CVE-2017-7811: Memory safety bugs fixed in Firefox 56
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 ...
- http://www.securitytracker.com/id/1039465
CVE Reference: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7816, CVE-2017-7817, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825
Sep 29 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 56.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the address bar and other user interface components.
A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix (56.0)...
___
52.4.0 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefo...nizations/all/
Release notes: https://www.mozilla.org/en-US/firefo.../releasenotes/
Sep 28, 2017
Fixed:
Various security fixes*
Various stability and regression fixes
* https://www.mozilla.org/en-US/securi...firefoxesr52.4
Security vulnerabilities fixed in Firefox ESR52.4
> https://www.mozilla.org/en-US/securi...s/mfsa2017-22/
Critical:
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 ...
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Sep 28, 2017
:fear::fear:
Firefox ESR E-O-L - on XP-Vista in June 2018
FYI...
Firefox ESR E-O-L - on XP-Vista in June 2018
> https://blog.mozilla.org/futurerelea...-xp-and-vista/
Oct 4, 2017 - "... Today we are announcing June 2018 as the final end of life date for Firefox support on Windows XP and Vista. As one of the few browsers that continues to support Windows XP and Vista, Firefox users on these platforms can expect security updates until that date. Users do not need to take additional action to receive those updates..."
> https://support.mozilla.org/en-US/kb...s-xp-and-vista
:fear::fear:
Firefox 57.0, 52.5.0 ESR released
FYI...
Firefox 57.0 released
Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/
Release notes:
- https://www.mozilla.org/en-US/firefo...paign=whatsnew
Nov 14, 2017
New:
A completely new browsing engine, designed to take full advantage of the processing power in modern devices
A redesigned interface with a clean, modern appearance, consistent visual elements, and optimizations for touch screens
A unified address and search bar. New installs will see this unified bar. Learn how to add the stand-alone search bar to the toolbar
A revamped new tab page that includes top visited sites, recently visited pages, and recommendations from Pocket (in the US, Canada, and Germany)
An updated product tour to orient new and returning Firefox users
AMD VP9 hardware video decoder support for improved video playback with lower power consumption
An expanded section in preferences to manage all website permissions
Changed:
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Firefox does -not- support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience -issues- with Firefox.
Made the Adobe Flash plugin click-to-activate by default and allowed -only- on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap:
- https://developer.mozilla.org/en-US/...lugins/Roadmap )
Changed: Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work..."
> https://support.mozilla.org/kb/firef...gy-modernizing
Fixed: Various security fixes:
> https://www.mozilla.org/en-US/securi...fox/#firefox57
Security vulnerabilities fixed in Firefox 57
> https://www.mozilla.org/en-US/securi...s/mfsa2017-24/
Nov 14, 2017
Critical:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7827: Memory safety bugs fixed in Firefox 57
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
> https://blog.mozilla.org/blog/2017/1...refox-quantum/
___
Firefox 52.5.0 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefo...nizations/all/
Release notes: https://www.mozilla.org/en-US/firefo.../releasenotes/
Nov 14, 2017
Various security fixes
- https://www.mozilla.org/en-US/securi...firefoxesr52.5
Security vulnerabilities fixed in Firefox ESR 52.5
- https://www.mozilla.org/en-US/securi...s/mfsa2017-25/
Critical:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Various stability and regression fixes
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Nov 14, 2017
___
- https://www.securitytracker.com/id/1039803
CVE Reference: CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
Nov 15 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 57.0 ...
(More detail at the URL above.)
- https://www.securitytracker.com/id/1039805
CVE Reference: CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
Nov 15 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to ESR 52.5 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can modify data on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix for CVE-2017-7826, CVE-2017-7828, and CVE-2017-7830 for Firefox ESR (52.5)...
:fear::fear::fear: