Page 11 of 11 FirstFirst ... 7891011
Results 101 to 102 of 102

Thread: Firefox updates

  1. #101
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v12.0 released

    FYI...

    Firefox v12.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    April 24, 2012

    What's new...
    - https://www.mozilla.org/firefox/12.0/releasenotes/
    Release Notes/Bug fixes ... See: Known Issues...
    Complete list of changes in this release:
    - https://www.mozilla.org/firefox/12.0...s/buglist.html
    Security Advisories:
    - https://www.mozilla.org/security/kno...html#firefox12
    Fixed in Firefox 12
    MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
    MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
    MFSA 2012-31 Off-by-one error in OpenType Sanitizer
    MFSA 2012-30 Crash with WebGL content using textImage2D
    MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
    MFSA 2012-27 Page load short-circuit can lead to XSS
    MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
    MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
    MFSA 2012-24 Potential XSS via multibyte content processing errors
    MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
    MFSA 2012-22 use-after-free in IDBKeyRange
    MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
    MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
    ___

    - http://h-online.com/-1546370
    24 April 2012
    > http://www.h-online.com/security/new...ew=zoom;zoom=3
    ___

    - https://secunia.com/advisories/48932/
    Release Date: 2012-04-25
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, System access
    Where: From remote...
    Solution: Upgrade to Firefox version 12.0 and Thunderbird version 12.0...

    - http://www.securitytracker.com/id/1026971
    Date: Apr 24 2012
    CVE Reference::
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1187 - 5.0
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0467 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0468 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0469 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0470 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0471 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0472 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0473 - 5.0
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0474 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0475 - 2.6
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0477 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0478 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0479 - 4.3
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
    Version(s): prior to 12.0...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with a target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    A remote user can spoof certain web sites.
    A remote user can obtain potentially sensitive information...

    .
    Last edited by AplusWebMaster; 2012-04-27 at 17:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #102
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Firefox add-on ShowIP - privacy concerns

    FYI...

    Firefox add-on ShowIP - privacy concerns
    - http://nakedsecurity.sophos.com/2012...irefox-add-on/
    May 1, 2012 - "A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security... What the add-on's description doesn't say is that since version 1.3 (released on April 19th 2012) it has also sent - unencrypted - the full URL of sites visited using HTTPS, and sites viewed in Private Browsing mode, to a site called ip2info .org. The user never realises that the data has been shared with a third-party, unless they use special tools to monitor what data is being sent from their computer... The full URL of -every- webpage visited is sent to the Germany-based ip2info .org website, using unencrypted connections. In addition, the add-on has no warning that sites you visit might be disclosed, no privacy policy small print explaining its behaviour, and no apparent way to opt-out of the data-sharing... And who appears to have registered the domain? A Berlin-based link marketing firm. Hmm...
    Update: Mozilla has rolled the version of ShowIP they make available on their add-on site back to 1.0. They say they are working with the developer on correcting the issue. Hopefully in future their review process will flag privacy issues like this one to prevent users' data being potentially exposed."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •