Page 6 of 11 FirstFirst ... 2345678910 ... LastLast
Results 51 to 60 of 105

Thread: Firefox updated...

  1. #51
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 37.0 released

    FYI...

    Firefox 37.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    March 31, 2015

    - https://www.mozilla.org/en-US/securi...fox/#firefox37
    Fixed in Firefox 37.0
    2015-42 Windows can retain access to privileged content on navigation to unprivileged pages
    2015-41 PRNG weakness allows for DNS poisoning on Android
    2015-40 Same-origin bypass through anchor navigation
    2015-39 Use-after-free due to type confusion flaws
    2015-38 Memory corruption crashes in Off Main Thread Compositing
    2015-37 CORS requests should not follow 30x redirections after preflight
    2015-36 Incorrect memory management for simple-type arrays in WebRTC
    2015-35 Cursor clickjacking with flash and images
    2015-34 Out of bounds read in QCMS library
    2015-33 resource:// documents can load privileged pages
    2015-32 Add-on lightweight theme installation approval bypassed through MITM attack
    2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
    2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)

    ... complete list of changes in this release... 2817 bugs found.
    ___

    - http://www.securitytracker.com/id/1031996
    CVE Reference: CVE-2015-0800, CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0810, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
    Apr 1 2015
    Original Entry Date: Mar 31 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 37.0 ...

    Last edited by AplusWebMaster; 2015-04-03 at 18:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #52
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 37.0.1 released

    FYI...

    Firefox 37.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    April 3, 2015

    - https://www.mozilla.org/en-US/securi...#firefox37.0.1
    Fixed in Firefox 37.0.1
    2015-44 Certificate verification bypass through the HTTP/2 Alt-Svc header*
    2015-43 Loading privileged content through Reader mode

    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0799
    ___

    - https://www.us-cert.gov/ncas/current...Update-Firefox
    April 06, 2015 - "... Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates."

    Last edited by AplusWebMaster; 2015-04-08 at 14:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #53
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 37.0.2 released

    FYI...

    Firefox 37.0.2 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    April 20, 2015

    - https://www.mozilla.org/en-US/securi...#firefox37.0.2
    Fixed in Firefox 37.0.2
    2015-45 Memory corruption during failed plugin initialization
    IMPACT: High
    ___

    - http://www.securitytracker.com/id/1032171
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-2706 - 6.8
    Apr 21 2015
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 37.0.2...

    - https://www.us-cert.gov/ncas/current...Update-Firefox
    Apr 21 2015

    Last edited by AplusWebMaster; 2015-04-27 at 22:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #54
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 38 released

    FYI...

    Firefox 38 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    May 12, 2015

    - https://www.mozilla.org/en-US/securi...fox/#firefox38
    Fixed in Firefox 38
    2015-58 Mozilla Windows updater can be run outside of application directory
    2015-57 Privilege escalation through IPC channel messages
    2015-56 Untrusted site hosting trusted page can intercept webchannel responses
    2015-55 Buffer overflow and out-of-bounds read while parsing MP4 video metadata
    2015-54 Buffer overflow when parsing compressed XML
    2015-53 Use-after-free due to Media Decoder Thread creation during shutdown
    2015-52 Sensitive URL encoded information written to Android logcat
    2015-51 Use-after-free during text processing with vertical text enabled
    2015-50 Out-of-bounds read and write in asm.js validation
    2015-49 Referrer policy ignored when links opened by middle-click and context menu
    2015-48 Buffer overflow with SVG content and CSS
    2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
    2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)

    ... complete list of changes in this release... 3660 bugs found.
    ___

    - http://www.securitytracker.com/id/1032301
    CVE Reference: CVE-2011-3079, CVE-2015-0797, CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2711, CVE-2015-2712, CVE-2015-2713, CVE-2015-2714, CVE-2015-2715, CVE-2015-2716, CVE-2015-2717, CVE-2015-2718, CVE-2015-2720
    May 13 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 38.0 ...

    Last edited by AplusWebMaster; 2015-05-13 at 14:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #55
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 38.0.1 released

    FYI...

    Firefox 38.0.1 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    May 14, 2015
    Fixed: Systems with first generation NVidia Optimus graphics cards may crash on start-up
    Fixed: Users who import cookies from Google Chrome can end up with broken websites
    Fixed: WebRTC H264 video streams from CiscoSpark native clients are not decoded correctly.
    (Fixed in Firefox ESR 38.0.1; was already fixed in Firefox 38.0)
    Fixed: Large animated images may fail to play and may stop other images from loading

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #56
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 38.0.5 released

    FYI...

    Firefox 38.0.5 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    June 2, 2015
    New: Keep track of articles and videos with Pocket
    New: Clean formatting for articles and blog posts with Reader View
    New: Share the active tab or window in a Hello conversation
    Fixed: A race condition that would cause Firefox to stop painting when switching tabs
    Fixed: Fixed graphics performance when using the built-in VGA driver on Windows 7
    ___

    > https://wiki.mozilla.org/RapidReleas...e_branch_dates
    release date: release
    2015-06-30 - Firefox 39

    V39.0 bugs...
    - https://bugzilla.mozilla.org/show_bug.cgi?id=1151506
    Status: REOPENED
    Keywords: crash
    Modified: 2015-07-01
    Importance: critical ...
    status-firefox39: fixed
    - https://bugzilla.mozilla.org/showdep...cgi?id=1151506
    ___

    Firefox Blocklist: https://addons.mozilla.org/en-US/firefox/blocked/

    Last edited by AplusWebMaster; 2015-07-02 at 19:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #57
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 39.0 released

    FYI...

    Firefox 39.0 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    - https://www.mozilla.org/en-US/securi...fox/#firefox39
    Fixed in Firefox 39
    2015-71 NSS incorrectly permits skipping of ServerKeyExchange
    2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
    2015-69 Privilege escalation in PDF.js
    2015-68 OS X crash reports may contain entered key press information
    2015-67 Key pinning is ignored when overridable errors are encountered
    2015-66 Vulnerabilities found through code inspection
    2015-65 Use-after-free in workers while using XMLHttpRequest
    2015-64 ECDSA signature validation fails to handle some signatures correctly
    2015-63 Use-after-free in Content Policy due to microtask execution error
    2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
    2015-61 Type confusion in Indexed Database Manager
    2015-60 Local files or privileged URLs in pages can be opened into new tabs
    2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

    ... complete list of changes in this release 3279 bugs found.
    ___

    - http://www.securitytracker.com/id/1032783
    CVE Reference: CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2742, CVE-2015-2743, CVE-2015-4000
    Jul 3 2015
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 39.0 ...

    Last edited by AplusWebMaster; 2015-07-03 at 15:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #58
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 39.0.3 released

    FYI...

    Firefox 39.0.3 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/

    > https://www.mozilla.org/en-US/securi...s/mfsa2015-78/
    Aug 6, 2015 - "... violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild."
    Critical
    Products: Firefox, Firefox ESR

    Fixed in Firefox 39.0.3
    > https://www.mozilla.org/en-US/securi...#firefox39.0.3
    Fixed in Firefox ESR 38.1.1
    > https://www.mozilla.org/en-US/securi...refoxesr38.1.1
    ___

    - http://www.securitytracker.com/id/1033216
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-4495
    "... as exploited in the wild in August 2015."
    Aug 7 2015
    Impact: Disclosure of system information, Disclosure of user information
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 39.0.3...
    Solution: The vendor has issued a fix (39.0.3, ESR 38.1.1).

    - https://blog.mozilla.org/security/20...d-in-the-wild/
    Aug 6, 2015 - "... an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine... Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context... The exploit leaves no trace it has been run on the local machine..."

    Last edited by AplusWebMaster; 2015-08-08 at 04:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #59
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 40 released

    FYI...

    Firefox 40 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    What’s New:
    - Support for Windows 10
    - Added protection against unwanted software downloads
    (More at the URL above.)

    Fixed in Firefox 40.0
    - https://www.mozilla.org/en-US/securi...fox/#firefox40
    2015-92 Use-after-free in XMLHttpRequest with shared workers
    2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
    2015-90 Vulnerabilities found through code inspection
    2015-89 Buffer overflows on Libvpx when decoding WebM video
    2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
    2015-87 Crash when using shared memory in JavaScript
    2015-85 Out-of-bounds write with Updater and malicious MAR file
    2015-83 Overflow issues in libstagefright
    2015-82 Redefinition of non-configurable JavaScript object properties
    2015-81 Use-after-free in MediaStream playback
    2015-80 Out-of-bounds read with malformed MP3 file
    2015-79 Miscellaneous memory safety hazards (rv:40.0/rv:38.2)

    ... complete list of changes in this release - 3453 bugs found.

    Fixed in Firefox ESR 38.2
    - https://www.mozilla.org/en-US/securi...firefoxesr38.2
    ___

    Expanded Malware Protection in Firefox
    - https://blog.mozilla.org/security/20...on-in-firefox/
    Aug 11, 2015
    ___

    - http://www.securitytracker.com/id/1033247
    CVE Reference: CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4477, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482, CVE-2015-4483, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4490, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493
    Aug 11 2015
    Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 40.0...
    Solution: The vendor has issued a fix (40.0, ESR 38.2)...

    Last edited by AplusWebMaster; 2015-08-12 at 03:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #60
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 40.0.3 released

    FYI...

    Firefox 40.0.3 released

    From an admin. account, start Firefox, then >Help >About >Check for Updates ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Aug 27, 2015

    - https://www.mozilla.org/en-US/securi...#firefox40.0.3
    Fixed in Firefox 40.0.3
    2015-95 Add-on notification bypass through data URLs
    2015-94 Use-after-free when resizing canvas element during restyling

    - https://www.mozilla.org/en-US/securi...refoxesr38.2.1
    ___

    - http://www.securitytracker.com/id/1033396
    CVE Reference: CVE-2015-4498
    Aug 27 2015
    Impact: Modification of system information
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 40.0.3 ...
    Solution: The vendor has issued a fix (40.0.3, ESR 38.2.1).

    - http://www.securitytracker.com/id/1033397
    CVE Reference: CVE-2015-4497
    Aug 27 2015
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 40.0.3 ...
    Solution: The vendor has issued a fix (40.0.3, ESR 38.2.1).

    Last edited by AplusWebMaster; 2015-08-28 at 13:23.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •