Firefox v17.0.1 released
FYI...
Firefox v17.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Nov 30, 2012
What's new...
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefo...s/buglist.html
Security Advisories for v17.0.1:
- https://www.mozilla.org/security/kno...#firefox17.0.1
Not available as date/time of this post
Last edited by AplusWebMaster; 2012-12-02 at 03:12.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v18.0 released
FYI...
Firefox v18.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Jan 8, 2013
What's new...
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefo...s/buglist.html
Security Advisories for v18.0:
- https://www.mozilla.org/security/kno...html#firefox18
Fixed in Firefox 18
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
MFSA 2012-98 Firefox installer DLL hijacking
___
- http://www.securitytracker.com/id/1027955
CVE Reference: CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0751, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756, CVE-2013-0757, CVE-2013-0758, CVE-2013-0759, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0764, CVE-2013-0766, CVE-2013-0767, CVE-2013-0768, CVE-2013-0769, CVE-2013-0770, CVE-2013-0771
Jan 9 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 18.0
Solution: The vendor has issued a fix (ESR 10.0.12, ESR 17.0.2, 18.0)...
- http://h-online.com/-1780088
9 Jan 2013 - "Mozilla has fixed 20 security holes with the release... 12 of these vulnerabilities have been rated critical by the organisation, the rest are classified as having high impact..."
Last edited by AplusWebMaster; 2013-01-09 at 15:10.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v18.0.1 released ...
FYI...
Firefox v18.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
What's new...
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Jan 18, 2013
18.0.1: Problems involving HTTP Proxy Transactions (Associated bugs)
18.0.1: Unity player crashes on Mac OS X (bug 828954)
18.0.1: Disabled HIDPI support on external monitors to avoid rendering glitches (bug 814434)
FIXED
___
- http://h-online.com/-1787497
19 Jan 2013
Last edited by AplusWebMaster; 2013-01-26 at 15:38.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v18.0.2 released
FYI...
Firefox v18.0.2 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
- https://www.mozilla.org/en-US/firefo.../releasenotes/
Feb 5, 2013 - 18.0.2: Fix JavaScript related stability issues
___
- https://wiki.mozilla.org/Releases#Upcoming_Releases
Firefox 19 - Week of 2013-02-18
Last edited by AplusWebMaster; 2013-02-06 at 08:45.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v19.0 released
FYI...
Firefox v19.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Feb 19, 2013
What's new...
- https://www.mozilla.org/en-US/firefo.../releasenotes/
... NEW: Built-in PDF viewer*...
CHANGED, DEVELOPER, HTML5, FIXED, Known Issues...
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefo...s/buglist.html
Security Advisories for v19.0:
- https://www.mozilla.org/security/kno...html#firefox19
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
___
- http://www.securitytracker.com/id/1028162
CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
Feb 20 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 19.0...
- http://h-online.com/-1806437
19 Feb 2013
___
* How to disable pdf viewer?
Type about:config in the address bar and press Enter.
Press the big button to bypass the warning.
In the Filter bar, paste pdfjs.disabled
In the search results, double-click pdfjs.disabled to set its value to -true-
Restart Firefox for the changes to take effect.
- https://github.com/mozilla/pdf.js/wi...ning-Resources
Last edited by AplusWebMaster; 2013-02-21 at 14:11.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v19.0.2 released
FYI...
Firefox v19.0.2 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Mar 7, 2013
Security Advisories for v19.0.2:
- https://www.mozilla.org/security/kno...#firefox19.0.2
Fixed in Firefox 19.0.2
MFSA 2013-29 Use-after-free in HTML Editor CVE-2013-0787
- https://www.mozilla.org/en-US/firefo.../releasenotes/
- https://secunia.com/advisories/52538/
Release Date: 2013-03-08
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to a fixed version.
Original Advisory: MFSA 2013-29:
- http://www.mozilla.org/security/anno...sa2013-29.html
Last edited by AplusWebMaster; 2013-03-08 at 13:50.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v20.0 released
FYI...
Firefox v20.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
April 2, 2013
Security Advisories for v20.0:
- https://www.mozilla.org/security/kno...html#firefox20
Fixed in Firefox 20
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
- https://www.mozilla.org/en-US/firefo.../releasenotes/
FIXED 20.0: Security fixes ...
NEW Per-window Private Browsing...
NEW New download experience...
NEW Ability to close hanging plugins, without the browser hanging
___
- http://h-online.com/-1833854
2 April 2013
- http://www.theinquirer.net/inquirer/...ivate-browsing
Apr 03 2013
- http://www.securitytracker.com/id/1028379
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0798, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 20.0 ...
Last edited by AplusWebMaster; 2013-04-03 at 16:32.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v20.0.1 released
FYI...
Firefox v20.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
April 11, 2013
- https://www.mozilla.org/en-US/firefo.../releasenotes/
FIXED: 20.0.1 - Windows-only update to handle issues around handling UNC paths...
- https://en.wikipedia.org/wiki/Path_%...ing_Convention
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v21.0 released
FYI...
Firefox v21.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
May 14, 2013
Security Advisories for v21.0:
* https://www.mozilla.org/security/kno...html#firefox21
Fixed in Firefox 21
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
NEW The Social API now supports multiple providers
NEW Enhanced three-state UI for Do Not Track (DNT)
NEW Firefox will suggest how to improve your application startup time if needed
NEW Preliminary implementation of Firefox Health Report
CHANGED Ability to restore removed thumbnails on New Tab Page
CHANGED CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
CHANGED Graphics related performance improvements (bug 809821)
CHANGED Removed E4X support from Spidermonkey
DEVELOPER Implemented Remote Profiling
DEVELOPER Integrated add-on SDK loader and API libraries into Firefox
HTML5 Added support for <main> element
HTML5 Implemented scoped stylesheets
FIXED Some function keys may not work when pressed (833719)
FIXED Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627)
FIXED 21.0: Security fixes can be found here* ...
- https://secunia.com/advisories/53400/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to version 21.0.
- http://www.securitytracker.com/id/1028555
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1672, CVE-2013-1673, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.6 and 21.0...
Last edited by AplusWebMaster; 2013-05-15 at 11:50.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Firefox v22.0 released
FYI...
Firefox v22.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
June 25, 2013
Security Advisories for v22.0:
* https://www.mozilla.org/security/kno...html#firefox22
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Release notes
- https://www.mozilla.org/en-US/firefo.../releasenotes/
... complete list of changes in this release... 510 bugs found.
___
- https://secunia.com/advisories/53970/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 22.0.
Solution: Upgrade to version 22.0.
- http://www.securitytracker.com/id/1028702
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699, CVE-2013-1700
Jun 26 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to ESR 17.0.7; prior to 22.0 ...
Last edited by AplusWebMaster; 2013-06-26 at 17:01.
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Posting Permissions
