Page 1 of 11 12345 ... LastLast
Results 1 to 10 of 105

Thread: Firefox updated...

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v13 released

    FYI...

    Firefox v13 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    June 5, 2012

    What's new...
    - https://www.mozilla.org/firefox/13.0/releasenotes/
    Release Notes/Bug fixes ... See: Known Issues...
    Complete list of changes in this release:
    - https://www.mozilla.org/firefox/13.0...s/buglist.html
    Security Advisories:
    - https://www.mozilla.org/security/kno...html#firefox13
    Fixed in Firefox 13
    MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
    MFSA 2012-39 NSS parsing errors with zero length items
    MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
    MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
    MFSA 2012-36 Content Security Policy inline-script bypass
    MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
    MFSA 2012-34 Miscellaneous memory safety hazards
    ___

    - http://www.securitytracker.com/id/1027120
    CVE Reference:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0441 - 5.0
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1937 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1938 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1939 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1940 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1941 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1942 - 7.2 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1943 - 6.9
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1944 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1945 - 2.9
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1946 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1947 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-3105 - 9.3 (HIGH)
    Jun 6 2012
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Version(s): prior to 13.0

    - https://secunia.com/advisories/49368/
    Release Date: 2012-06-06
    Criticality level: Highly critical
    Impact: Unknown, Exposure of sensitive information, Privilege escalation, DoS, System access
    Where: From remote...
    Solution: Upgrade to Firefox version 13.0...

    Last edited by AplusWebMaster; 2012-06-07 at 20:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v13.0.1 released

    FYI...

    Firefox v13.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    June 15, 2012

    What's new...
    - https://www.mozilla.org/firefox/13.0.1/releasenotes/
    Flash 11.3 sometimes caused a crash on quit (747683*, fixed in 13.0.1)...
    * https://bugzilla.mozilla.org/show_bug.cgi?id=747683

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox "new tab" thumbnail feature - disable

    FYI...

    Firefox "new tab" thumbnail feature - disable

    - http://h-online.com/-1625761
    25 June 2012 - "... users can completely disable the new tab page feature in Firefox by changing some advanced preferences under "about:config" ..."

    - http://www.h-online.com/security/new...ew=zoom;zoom=1

    - http://www.theregister.co.uk/2012/06...rity_concerns/
    22 June 2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v14.0.1 released

    FYI...

    Firefox v14.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    July 17, 2012

    What's new...
    - https://www.mozilla.org/firefox/14.0.1/releasenotes/
    Complete list of Bug fixes:
    - https://www.mozilla.org/en-US/firefo...s/buglist.html

    Security Advisories for v14.0.01:
    - https://www.mozilla.org/security/kno...html#firefox14
    Fixed in Firefox 14
    MFSA 2012-56 Code execution through javascript: URLs
    MFSA 2012-55 feed: URLs with an innerURI inherit security context of page
    MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
    MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
    MFSA 2012-51 X-Frame-Options header ignored when duplicated
    MFSA 2012-50 Out of bounds read in QCMS
    MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
    MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
    MFSA 2012-47 Improper filtering of javascript in HTML feed-view
    MFSA 2012-46 XSS through data: URLs
    MFSA 2012-45 Spoofing issue with location
    MFSA 2012-44 Gecko memory corruption
    MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop
    MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
    ___

    - http://www.securitytracker.com/id/1027256
    CVE Reference: CVE-2012-1948, CVE-2012-1949, CVE-2012-1950, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1965, CVE-2012-1966, CVE-2012-1967
    Jul 17 2012
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Version(s): prior to 14...

    - https://secunia.com/advisories/49965/
    Release Date: 2012-07-18
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
    Where: From remote...
    Solution: Upgrade to version 14...

    Last edited by AplusWebMaster; 2012-07-18 at 15:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v15.0 released

    FYI...

    Firefox v15.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    August 28, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Complete list of Bug fixes:
    - https://www.mozilla.org/en-US/firefo...s/buglist.html

    Security Advisories for v15.0:
    - https://www.mozilla.org/security/kno...html#firefox15
    Fixed in Firefox 15
    MFSA 2012-72 Web console eval capable of executing chrome-privileged code
    MFSA 2012-71 Insecure use of __android_log_print
    MFSA 2012-70 Location object security checks bypassed by chrome code
    MFSA 2012-69 Incorrect site SSL certificate data display
    MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
    MFSA 2012-67 Installer will launch incorrect executable following new installation
    MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
    MFSA 2012-65 Out-of-bounds read in format-number in XSLT
    MFSA 2012-64 Graphite 2 memory corruption
    MFSA 2012-63 SVG buffer overflow and use-after-free issues
    MFSA 2012-62 WebGL use-after-free and memory corruption
    MFSA 2012-61 Memory corruption with bitmap format images with negative height
    MFSA 2012-60 Escalation of privilege through about:newtab
    MFSA 2012-59 Location object can be shadowed using Object.defineProperty
    MFSA 2012-58 Use-after-free issues found using Address Sanitizer
    MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
    ___

    - http://www.securitytracker.com/id/1027450
    CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3979, CVE-2012-3980
    Aug 29 2012
    Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
    Version(s): prior to 15.0 ...

    - https://secunia.com/advisories/50088/
    Release Date: 2012-08-29
    Criticality level: Highly critical
    Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
    Where: From remote...
    Solution: Upgrade to version 15.

    Last edited by AplusWebMaster; 2012-08-29 at 15:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Firefox v15.0.1 released

    FYI...

    Firefox v15.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    September 6, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Complete list of Bug fixes:
    - https://www.mozilla.org/en-US/firefo...s/buglist.html

    - http://www.ghacks.net/2012/09/06/fir...ribution-soon/
    Sep 6, 2012 - "... unfortunate bug in Mozilla Firefox 15 stable that is preventing the browser’s private browsing mode from working correctly. The bug was discovered shortly after Firefox 15 was distributed to users of the stable channel of the browser, and Mozilla has been working diligently ever since to resolve the issue... It is a issue of trust for Mozilla mainly, which can easily be lost if sensitive features are not working like they should. For users the situation may have been even more precarious as it may have forced them to explain their browsing activities to third parties..."
    - http://cdn.ghacks.net/wp-content/upl...fox-15.0.1.jpg
    ___

    - http://h-online.com/-1702798
    7 Sep 2012

    Last edited by AplusWebMaster; 2012-09-07 at 18:07.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v16.0 released

    FYI...

    Firefox v16.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Oct 9, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Complete list of Bug fixes:
    - https://www.mozilla.org/en-US/firefo...s/buglist.html

    Security Advisories for v16.0:
    - https://www.mozilla.org/security/kno...html#firefox16
    Fixed in Firefox 16
    MFSA 2012-87 Use-after-free in the IME State Manager
    MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
    MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
    MFSA 2012-84 Spoofing and script injection through location.hash
    MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
    MFSA 2012-82 top object and location property accessible by plugins
    MFSA 2012-81 GetProperty function can bypass security checks
    MFSA 2012-80 Crash with invalid cast when using instanceof operator
    MFSA 2012-79 DOS and crash with full screen and history navigation
    MFSA 2012-78 Reader Mode pages have chrome privileges
    MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
    MFSA 2012-76 Continued access to initial origin after setting document.domain
    MFSA 2012-75 select element persistance allows for attacks
    MFSA 2012-74 Miscellaneous memory safety hazards ...
    ___

    - https://secunia.com/advisories/50856/
    Release Date: 2012-10-10
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
    Where: From remote...
    Solution: Upgrade to version 16...

    - http://www.securitytracker.com/id/1027631
    CVE Reference: CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3987, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188
    Oct 10 2012
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network...
    Solution: The vendor has issued a fix (ESR 10.0.8; 16.0).

    Last edited by AplusWebMaster; 2012-10-10 at 15:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v16.0.1 released

    FYI...

    Firefox v16.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Oct 11, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    - https://blog.mozilla.org/security/20...in-firefox-16/
    "Impact: The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters..."

    Security Advisories for v16.0.1:
    - https://www.mozilla.org/security/kno...#firefox16.0.1
    Fixed in Firefox 16.0.1
    MFSA 2012-89 defaultValue security checks not applied
    "... regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object... CVE-2012-4192, CVE-2012-4193..."
    MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
    "... bugs showed evidence of memory corruption under certain circumstances... some of these could be exploited to run arbitrary code... websockets crash affecting Firefox 16... CVE-2012-4190, CVE-2012-4191..."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4190 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4191 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4192 - 4.3
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4193 - 9.3 (HIGH)
    12 Oct 2012
    ___

    - http://www.securitytracker.com/id/1027653
    CVE Reference: CVE-2012-4190, CVE-2012-4191
    Oct 12 2012
    Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (16.0.1).

    - https://secunia.com/advisories/50932/
    Last Update: 2012-10-12
    Criticality level: Highly critical
    Impact: Security Bypass, System access
    Where: From remote
    CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
    ... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
    Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

    - http://h-online.com/-1728382
    12 Oct 2012

    Last edited by AplusWebMaster; 2012-10-15 at 15:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v16.0.2 released

    FYI...

    Firefox v16.0.2 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Oct 26, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    Security Advisories for v16.0.2:
    - https://www.mozilla.org/security/kno...#firefox16.0.2
    MFSA 2012-90 Fixes for Location object issues
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4194 - 4.3
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4195 - 5.1
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4196 - 5.0
    ... before 16.0.2...
    ___

    - http://www.securitytracker.com/id/1027701
    CVE Reference: CVE-2012-4194, CVE-2012-4195, CVE-2012-4196
    Oct 27 2012
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Solution: The vendor has issued a fix (16.0.2, ESR 10.0.10).

    - https://secunia.com/advisories/51144/
    Release Date: 2012-10-29
    Impact: Security Bypass, Cross Site Scripting
    Where: From remote
    Original Advisory: Mozilla:
    http://www.mozilla.org/security/anno...sa2012-90.html

    Last edited by AplusWebMaster; 2012-10-30 at 23:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v17.0 released

    FYI...

    Firefox v17.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Nov 20, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Complete list of Bug fixes:
    - https://www.mozilla.org/en-US/firefo...s/buglist.html

    Security Advisories for v17.0:
    - https://www.mozilla.org/security/kno...html#firefox17
    MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
    MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
    MFSA 2012-104 CSS and HTML injection through Style Inspector
    MFSA 2012-103 Frames can shadow top.location
    MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
    MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
    MFSA 2012-100 Improper security filtering for cross-origin wrappers
    MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
    MFSA 2012-98 Firefox installer DLL hijacking
    MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
    MFSA 2012-96 Memory corruption in str_unescape
    MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
    MFSA 2012-94 Crash when combining SVG text on path with CSS
    MFSA 2012-93 evalInSanbox location context incorrectly applied
    MFSA 2012-92 Buffer overflow while rendering GIF images
    MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) ...
    ___

    - http://www.securitytracker.com/id/1027791
    CVE Reference: CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4206, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4210, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5837, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843
    Nov 21 2012
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (17.0)...

    - https://secunia.com/advisories/51358/
    Release Date: 2012-11-21
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, System access
    Where: From remote...
    Solution: Upgrade to version 17.0...
    ___

    - http://h-online.com/-1754171
    21 Nov 2012

    Last edited by AplusWebMaster; 2012-11-21 at 15:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •