Results 1 to 10 of 105

Thread: Firefox updated...

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2012-10-11, 20:55 #8
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v16.0.1 released

    FYI...

    Firefox v16.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
    -or-
    Download: https://www.mozilla.com/firefox/all.html
    Oct 11, 2012

    What's new...
    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    - https://blog.mozilla.org/security/20...in-firefox-16/
    "Impact: The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters..."

    Security Advisories for v16.0.1:
    - https://www.mozilla.org/security/kno...#firefox16.0.1
    Fixed in Firefox 16.0.1
    MFSA 2012-89 defaultValue security checks not applied
    "... regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object... CVE-2012-4192, CVE-2012-4193..."
    MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
    "... bugs showed evidence of memory corruption under certain circumstances... some of these could be exploited to run arbitrary code... websockets crash affecting Firefox 16... CVE-2012-4190, CVE-2012-4191..."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4190 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4191 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4192 - 4.3
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4193 - 9.3 (HIGH)
    12 Oct 2012
    ___

    - http://www.securitytracker.com/id/1027653
    CVE Reference: CVE-2012-4190, CVE-2012-4191
    Oct 12 2012
    Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (16.0.1).

    - https://secunia.com/advisories/50932/
    Last Update: 2012-10-12
    Criticality level: Highly critical
    Impact: Security Bypass, System access
    Where: From remote
    CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
    ... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
    Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

    - http://h-online.com/-1728382
    12 Oct 2012

    Last edited by AplusWebMaster; 2012-10-15 at 14:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules