Page 8 of 8 FirstFirst ... 45678
Results 71 to 79 of 79

Thread: Firefox updated...

  1. #71
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 46.0.1 released

    FYI...

    Firefox 46.0.1 released

    Start Firefox, then >Help >About >Apply Update ...

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    May 3, 2016
    Fixed:
    Fix for search plugin issue for various locales (Bug 1246494)
    Fix for add-on signing certificate expiration (Bug 1267318)
    Limit Sync registration updates (Bug 1262312)
    Fix for service worker update issue (Bug 1267733)
    Fix a build issue when jit is disabled (Bug 1266366)
    Fix for page loading issue related to antivirus software (Bug 1268922)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #72
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 47.0 released

    FYI...

    Firefox 47.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    June 7, 2016
    New...
    Fixed...
    Changed...
    Developer...
    HTML5...

    - https://www.mozilla.org/en-US/securi...fox/#firefox47
    Fixed in Firefox 47
    2016-62 Network Security Services (NSS) vulnerabilities
    2016-60 Java applets bypass CSP protections
    2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
    2016-58 Entering fullscreen and persistent pointerlock without user permission
    2016-57 Incorrect icon displayed on permissions notifications
    2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
    2016-55 File overwrite and privilege escalation through Mozilla Windows updater
    2016-54 Partial same-origin-policy through setting location.host through data URI
    2016-53 Out-of-bounds write with WebGL shader
    2016-52 Addressbar spoofing though the SELECT element
    2016-51 Use-after-free deleting tables from a contenteditable document
    2016-50 Buffer overflow parsing HTML5 fragments
    2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

    Fixed in Firefox ESR 45.2
    - https://www.mozilla.org/en-US/securi...firefoxesr45.2

    ... 3389 bugs found.
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    June 07, 2016
    ___

    - http://www.securitytracker.com/id/1036057
    CVE Reference: CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2825, CVE-2016-2826, CVE-2016-2828, CVE-2016-2829, CVE-2016-2831, CVE-2016-2832, CVE-2016-2833, CVE-2016-2834
    Jun 8 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 47.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A local user can obtain elevated privileges on the target system.
    A remote user can bypass security controls on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    A remote user can spoof a URL.
    Solution: The vendor has issued a fix (47.0; ESR 45.2)...

    Last edited by AplusWebMaster; 2016-06-09 at 02:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #73
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 48.0 released

    FYI...

    Firefox 48.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Aug 2, 2016
    New...
    Fixed...
    Changed...
    Developer...
    Unresolved...

    ... 4050 bugs found.

    - https://www.mozilla.org/en-US/securi...fox/#firefox48
    Fixed in Firefox 48
    2016-84 Information disclosure through Resource Timing API during page navigation
    2016-83 Spoofing attack through text injection into internal error pages
    2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
    2016-81 Information disclosure and local file manipulation through drag and drop
    2016-80 Same-origin policy violation using local HTML file and saved shortcut file
    2016-79 Use-after-free when applying SVG effects
    2016-78 Type confusion in display transformation
    2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
    2016-76 Scripts on marquee tag can execute in sandboxed iframes
    2016-75 Integer overflow in WebSockets during data buffering
    2016-74 Form input type change from password to text can store plain text password in session restore file
    2016-73 Use-after-free in service workers with nested sync events
    2016-72 Use-after-free in DTLS during WebRTC session shutdown
    2016-71 Crash in incremental garbage collection in JavaScript
    2016-70 Use-after-free when using alt key and toplevel menus
    2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
    2016-68 Out-of-bounds read during XML parsing in Expat library
    2016-67 Stack underflow during 2D graphics rendering
    2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
    2016-65 Cairo rendering crash due to memory allocation issue with FFMpeg 0.10
    2016-64 Buffer overflow rendering SVG with bidirectional content
    2016-63 Favicon network connection can persist when page is closed
    2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)

    Firefox ESR 45.3
    - https://www.mozilla.org/en-US/securi...firefoxesr45.3
    ___

    Enhancing Download Protection in Firefox
    - https://blog.mozilla.org/security/20...on-in-firefox/
    Aug 1, 2016
    ___

    - http://www.securitytracker.com/id/1036508
    CVE Reference: CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5253, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5267, CVE-2016-5268
    Aug 3 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 48.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can modify files on the target system.
    A remote user can bypass security controls on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    A remote user can spoof content.
    A local user can gain elevated privileges on the target system.
    Solution: The vendor has issued a fix (48.0, ESR 45.3)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Aug 03, 2016

    Last edited by AplusWebMaster; 2016-08-04 at 02:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #74
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 48.0.1 released

    FYI...

    Firefox 48.0.1 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Aug 18, 2016
    Fixed:
    Fix an audio regression impacting some major websites (bug 1295296)
    Fix a top crash in the JavaScript engine (Bug 1290469)
    Fix a startup crash issue caused by Websense (Bug 1291738)
    Fix a different behavior with e10s / non-e10s on <select> and mouse events (Bug 1291078)
    Fix a top crash caused by plugin issues (Bug 1264530)
    Fix an unsigned add-ons issue on Windows
    Fix a shutdown issue (Bug 1276920)
    Fix a crash in WebRTC

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #75
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 49.0 released

    FYI...

    Firefox 49.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Sep 20, 2016
    New...
    Fixed...
    Changed...
    Developer...

    - https://www.mozilla.org/en-US/securi...fox/#firefox49
    Fixed in Firefox 49
    2016-85 Security vulnerabilities fixed in Firefox 49: https://www.mozilla.org/en-US/securi...s/mfsa2016-85/

    Firefox 45.4: https://www.mozilla.org/en-US/securi...firefoxesr45.4
    ___

    - http://www.securitytracker.com/id/1036852
    CVE Reference: CVE-2016-2827, CVE-2016-5256, CVE-2016-5257, CVE-2016-5270, CVE-2016-5271, CVE-2016-5272, CVE-2016-5273, CVE-2016-5274, CVE-2016-5275, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5279, CVE-2016-5280, CVE-2016-5281, CVE-2016-5282, CVE-2016-5283, CVE-2016-5284
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 49.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can cause the target application to crash.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (49.0)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Sep 20, 2016

    Last edited by AplusWebMaster; 2016-09-21 at 13:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #76
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 49.0.2 released

    FYI...

    Firefox 49.0.2 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Oct 20, 2016
    New: Asynchronous rendering of the Flash plugins is now enabled by default. This should improve performance and reduce crashes for sites that use the Flash plugin. (Bug 1307108)
    Fixed: Change D3D9 default fallback preference to prevent graphical artifacts (Bug 1306465)
    Network issue prevents some users from seeing the Firefox UI on startup (Bug 1305436)
    Web compatibility issue with Array.prototype.values (Bug 1299593)
    Various security fixes: https://www.mozilla.org/en-US/securi...#firefox49.0.2
    Fixed in Firefox 49.0.2:
    > https://www.mozilla.org/en-US/securi...s/mfsa2016-87/
    Web compatibility issue with file uploads (Bug 1306472)
    Changed: Diagnostic information on timing for tab switching (Bug 1304113)
    Reference link to Firefox 49.0.1 release notes:
    > https://www.mozilla.org/firefox/49.0.1/releasenotes/
    Fix a Canvas filters graphics issue affecting HTML5 apps (Bug 1304539)
    ___

    - http://www.securitytracker.com/id/1037077
    CVE Reference: CVE-2016-5287, CVE-2016-5288
    Oct 21 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 48.x, 49.x ...
    Impact: A remote user can execute arbitrary code on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (49.0.2)...
    ___

    - https://www.us-cert.gov/ncas/current...Update-Firefox
    Oct 20, 2016

    Last edited by AplusWebMaster; 2016-10-22 at 17:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #77
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 50.0 released

    FYI...

    Firefox 50.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Nov 15, 2016
    New:
    - Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently used order
    View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
    - Added option to Find in page that allows users to limit search to whole words only
    - Added Guarani (gn) locale
    - Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
    - Added download protection for a large number of executable file types on Windows, Mac and Linux
    - Improved performance for SDK extensions or extensions using the SDK module loader
    - Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
    Fixed:
    - Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
    - Various security fixes
    Changed:
    - Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
    - Blocked versions of libavcodec older than 54.35.1 ...

    Fixed in Firefox 50.0
    - https://www.mozilla.org/en-US/securi...fox/#firefox50
    2016-89 Security vulnerabilities fixed in Firefox 50
    - https://www.mozilla.org/en-US/securi...s/mfsa2016-89/
    Critical - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
    High - CVE-2016-5292: URL parsing causes crash
    High - CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log hardlink
    High - CVE-2016-5294: Arbitrary target directory for result files of update process
    High - CVE-2016-5297: Incorrect argument length checking in Javascript
    High - CVE-2016-9064: Addons update must verify IDs match between current and new versions
    High - CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
    High - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
    High - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
    High - CVE-2016-9068: heap-use-after-free in nsRefreshDriver
    High - CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
    High - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
    High - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
    Moderate - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
    Moderate - CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
    Moderate - CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
    Moderate - CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
    Moderate - CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
    Moderate - CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file
    Moderate - CVE-2016-9070: Sidebar bookmark can have reference to chrome window
    Moderate - CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
    Moderate - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
    Moderate - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
    Low - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat
    Low - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
    Critical - CVE-2016-5289: Memory safety bugs fixed in Firefox 50
    Critical - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

    Firefox ESR 45.5: https://www.mozilla.org/en-US/securi...firefoxesr45.5
    - https://www.mozilla.org/en-US/securi...s/mfsa2016-90/
    Nov 15, 2016
    ___

    - http://www.securitytracker.com/id/1037298
    CVE Reference: CVE-2016-5289, CVE-2016-5290, CVE-2016-5291, CVE-2016-5292, CVE-2016-5293, CVE-2016-5294, CVE-2016-5295, CVE-2016-5296, CVE-2016-5297, CVE-2016-5298, CVE-2016-5299, CVE-2016-9061, CVE-2016-9062, CVE-2016-9063, CVE-2016-9064, CVE-2016-9065, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9069, CVE-2016-9070, CVE-2016-9071, CVE-2016-9072, CVE-2016-9073, CVE-2016-9074, CVE-2016-9075, CVE-2016-9076, CVE-2016-9077
    Nov 16 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 50.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A local user can obtain data on the target system.
    A local user can modify files on the target system.
    A remote user can bypass security controls on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    A remote user can spoof a URL.
    Solution: The vendor has issued a fix (50.0)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Nov 15, 2016

    Last edited by AplusWebMaster; 2016-11-16 at 16:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #78
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 50.0.1 released

    FYI...

    Firefox 50.0.1 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Nov 28, 2016
    > https://www.mozilla.org/en-US/securi...#firefox50.0.1
    Security vulnerabilities fixed in Firefox 50.0.1
    > https://www.mozilla.org/en-US/securi...s/mfsa2016-91/
    CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
    Impact: Critical
    ___

    - http://www.securitytracker.com/id/1037353
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-9078
    Nov 29 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 49, 50 ...
    Description: A vulnerability was reported in Mozilla Firefox. A remote user can bypass security controls on the target system.
    A remote user can return a specially crafted HTTP redirection to a 'data:' URL to bypass same-origin controls and allow the referring domain to access data in the 'data:' URL domain.
    Impact: A remote user can bypass same-origin restrictions to potentially read or write information from 'data:' URLs.
    Solution: The vendor has issued a fix (50.0.1)...
    ___

    - https://www.us-cert.gov/ncas/current...ecurity-Update
    Nov 28, 2016

    Last edited by AplusWebMaster; 2016-11-30 at 13:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #79
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,386

    Exclamation Firefox 50.0.2 released

    FYI...

    Firefox 50.0.2 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Nov 30, 2016
    > https://www.mozilla.org/en-US/securi...#firefox50.0.2
    Fixed in:
    Firefox 50.0.2
    Firefox ESR 45.5.1
    Thunderbird 45.5.1
    > https://www.mozilla.org/en-US/securi...s/mfsa2016-92/
    CVE-2016-9079: Use-after-free in SVG Animation
    Critical
    ___

    - http://www.securitytracker.com/id/1037370
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-9079
    Updated: Dec 1 2016
    Original Entry Date: Nov 30 2016
    Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
    Version(s): 50.0.1; possibly earlier versions
    Impact: A remote user can create JavaScript content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (50.0.2; ESR 45.5.1)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Nov 30, 2016

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •