Page 7 of 11 FirstFirst ... 34567891011 LastLast
Results 61 to 70 of 105

Thread: Firefox updated...

  1. #61
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 41.0 released

    FYI...

    Firefox 41.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Sep 22, 2015

    - https://www.mozilla.org/en-US/securi...fox/#firefox41
    Fixed in Firefox 41
    2015-114 Information disclosure via the High Resolution Time API
    2015-113 Memory safety errors in libGLES in the ANGLE graphics library
    2015-112 Vulnerabilities found through code inspection
    2015-111 Errors in the handling of CORS preflight request headers
    2015-110 Dragging and dropping images exposes final URL after redirects
    2015-109 JavaScript immutable property enforcement can be bypassed
    2015-108 Scripted proxies can access inner window
    2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
    2015-106 Use-after-free while manipulating HTML media content
    2015-105 Buffer overflow while decoding WebM video
    2015-104 Use-after-free with shared workers and IndexedDB
    2015-103 URL spoofing in reader mode
    2015-102 Crash when using debugger with SavedStacks in JavaScript
    2015-101 Buffer overflow in libvpx while parsing vp9 format video
    2015-100 Arbitrary file manipulation by local user through Mozilla updater
    2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
    2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
    2015-97 Memory leak in mozTCPSocket to servers
    2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

    ... complete list of changes in this release... 3502 bugs found.

    Fixed in Firefox ESR 38.3
    - https://www.mozilla.org/en-US/securi...firefoxesr38.3
    ___

    - http://www.securitytracker.com/id/1033640
    CVE Reference: CVE-2015-4476, CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4503, CVE-2015-4504, CVE-2015-4505, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4512, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180
    Sep 22 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 41.0...
    Solution: The vendor has issued a fix (41.0, ESR 38.3).

    Last edited by AplusWebMaster; 2015-09-23 at 05:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #62
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 41.0.2 released

    FYI...

    Firefox 41.0.2 released

    Start Firefox, then >Help >About >Apply Update ...

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Oct 15, 2015

    - https://www.mozilla.org/en-US/securi...#firefox41.0.2
    2015-115 Cross-origin restriction bypass using Fetch
    ___

    - http://www.securitytracker.com/id/1033820
    CVE Reference: CVE-2015-7184
    Oct 16 2015
    Impact: Disclosure of user information
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 41.0.2 ...
    Impact: A remote user can obtain potentially sensitive information from other origins on the target system.
    Solution: The vendor has issued a fix (41.0.2)...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #63
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 42.0 released

    FYI...

    Firefox 42.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Nov 3, 2015

    ... complete list of changes in this release... 3230 bugs found.

    Fixed in Firefox 42.0
    - https://www.mozilla.org/en-US/securi...fox/#firefox42
    MFSA 2015-133 NSS and NSPR memory corruption issues
    MFSA 2015-132 Mixed content WebSocket policy bypass through workers
    MFSA 2015-131 Vulnerabilities found through code inspection
    MFSA 2015-130 JavaScript garbage collection crash with Java applet
    MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
    MFSA 2015-128 Memory corruption in libjar through zip files
    MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
    MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X
    MFSA 2015-125 XSS attack through intents on Firefox for Android
    MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files
    MFSA 2015-123 Buffer overflow during image interactions in canvas
    MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
    MFSA 2015-121 disabling scripts in Add-on SDK panels has no effect
    MFSA 2015-120 Reading sensitive profile files through local HTML file on Android
    MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode
    MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist
    MFSA 2015-117 Information disclosure through NTLM authentication
    MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

    Fixed in Firefox ESR 38.4
    - https://www.mozilla.org/en-US/securi...firefoxesr38.4
    ___

    - http://www.securitytracker.com/id/1034069
    CVE Reference: CVE-2015-4513, CVE-2015-4514, CVE-2015-4515, CVE-2015-4518, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7185, CVE-2015-7186, CVE-2015-7187, CVE-2015-7188, CVE-2015-7189, CVE-2015-7190, CVE-2015-7191, CVE-2015-7192, CVE-2015-7193, CVE-2015-7194, CVE-2015-7195, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
    Nov 5 2015
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 42.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (ESR 38.4; 42.0).

    Last edited by AplusWebMaster; 2015-11-05 at 14:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #64
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 43.0 released

    FYI...

    Firefox 43.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Dec 15, 2015

    ... complete list of changes in this release... 3067 bugs found.

    Fixed in Firefox 43.0
    - https://www.mozilla.org/en-US/securi...fox/#firefox43
    2015-149 Cross-site reading attack through data and view-source URIs
    2015-148 Privilege escalation vulnerabilities in WebExtension APIs
    2015-147 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
    2015-146 Integer overflow in MP4 playback in 64-bit versions
    2015-145 Underflow through code inspection
    2015-144 Buffer overflows found through code inspection
    2015-143 Linux file chooser crashes on malformed images due to flaws in Jasper library
    2015-142 DOS due to malformed frames in HTTP/2
    2015-141 Hash in data URI is incorrectly parsed
    2015-140 Cross-origin information leak through web workers error events
    2015-139 Integer overflow allocating extremely large textures
    2015-138 Use-after-free in WebRTC when datachannel is used after being destroyed
    2015-137 Firefox allows for control characters to be set in cookies
    2015-136 Same-origin policy violation using perfomance.getEntries and history navigation
    2015-135 Crash with JavaScript variable assignment with unboxed objects
    2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)

    Fixed in Firefox ESR 38.5
    - https://www.mozilla.org/en-US/securi...firefoxesr38.5
    ___

    - http://www.securitytracker.com/id/1034426
    CVE Reference: CVE-2015-7201, CVE-2015-7202, CVE-2015-7203, CVE-2015-7204, CVE-2015-7205, CVE-2015-7207, CVE-2015-7208, CVE-2015-7210, CVE-2015-7211, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7215, CVE-2015-7216, CVE-2015-7217, CVE-2015-7218, CVE-2015-7219, CVE-2015-7220, CVE-2015-7221, CVE-2015-7222, CVE-2015-7223
    Dec 16 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 43.0 ...
    Solution: The vendor has issued a fix (43.0, ESR 38.5).

    - https://www.us-cert.gov/ncas/current...nd-Firefox-ESR
    Dec 15, 2015
    ___

    - http://www.securitytracker.com/id/1034541
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2015-7575
    Dec 28 2015
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 43.0.2 ...
    Impact: A remote user can conduct hash collision forgery attacks.
    Solution: The vendor has issued a fix (43.0.2, ESR 38.5.2).

    - https://www.mozilla.org/en-US/securi.../mfsa2015-150/
    Fixed in: Firefox 43.0.2, Firefox ESR 38.5.2

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-7575
    Last revised: 01/08/2016
    ___

    - https://blog.mozilla.org/security/20...ased-security/
    Jan 6, 2016

    Last edited by AplusWebMaster; 2016-01-09 at 05:46.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #65
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 44.0 released

    FYI...

    Firefox 44.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Jan 26, 2015
    New:
    Improved warning pages for certificate errors and untrusted connections
    Enable H.264 if system decoder is available
    Enable WebM/VP9 video support on systems that don't support MP4/H.264
    In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread
    Support the brotli compression format via HTTPS content-encoding
    Screenshot commands allow user choice of pixel ratio in Developer Tools
    Fixed:
    Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610)

    Fixed in Firefox 44.0
    - https://www.mozilla.org/en-US/securi...fox/#firefox44
    2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
    2016-11 Application Reputation service disabled in Firefox 43
    2016-10 Unsafe memory manipulation found through code inspection
    2016-09 Addressbar spoofing attacks
    2016-08 Delay following click events in file download dialog too short on OS X
    2016-06 Missing delay following user click events in protocol handler dialog
    2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
    2016-04 Firefox allows for control characters to be set in cookie names
    2016-03 Buffer overflow in WebGL after out of memory allocation
    2016-02 Out of Memory crash when parsing GIF format images
    2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

    Fixed in Firefox ESR 38.6
    - https://www.mozilla.org/en-US/securi...firefoxesr38.6
    ___

    - http://www.securitytracker.com/id/1034825
    CVE Reference: CVE-2015-7208, CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935, CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1940, CVE-2016-1941, CVE-2016-1942, CVE-2016-1943, CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947, CVE-2016-1948
    Jan 27 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 44.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can cause denial of service conditions.
    A remote user can bypass security controls on the target system.
    A remote user can spoof a URL.
    Solution: The vendor has issued a fix (44; ESR 38.6)...
    ___

    44.0.1
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Feb 8, 2016
    Fixed:
    Fix issue which could lead to the removal of stored passwords under certain circumstances (1242176)
    Allows spaces in cookie names (1244505)
    Fix WebSockets when used in a Service Worker context (1243942)
    Disable opus/vorbis audio with H.264 (1245696)
    Require NSS 3.21 (1244069)
    Ship the Gecko SDK (1243740)
    Fix for graphics startup crash (GNU/Linux) (1222171)
    Fix a crash in cache networking (1244076).

    Last edited by AplusWebMaster; 2016-02-12 at 14:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #66
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 44.0.2 released

    FYI...

    Firefox 44.0.2 released

    Start Firefox, then >Help >About >Apply Update ...

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Feb 11, 2016
    Fixed:
    Firefox hangs or crashes on startup (1243098)
    Various security fixes:
    > https://www.mozilla.org/en-US/securi...#firefox44.0.2
    2016-13 Same-origin-policy violation using Service Workers with plugins
    Critical - https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-1949
    Fixed in: Firefox 44.0.2

    Firefox ESR 38.6.1
    - https://www.mozilla.org/en-US/securi...refoxesr38.6.1
    2016-14 Vulnerabilities in Graphite 2
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-1523

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Feb 11, 2016

    Last edited by AplusWebMaster; 2016-02-15 at 16:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #67
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox v45.0 released

    FYI...

    Firefox v45.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    Mar 8, 2016
    New:
    Instant browser tab sharing through Hello
    Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
    Synced Tabs button in button bar
    Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
    Guarani [gn] locale added
    Fixed:
    URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
    Various security fixes*

    * https://www.mozilla.org/en-US/securi...fox/#firefox45
    Fixed in Firefox 45
    2016-37 Font vulnerabilities in the Graphite 2 library
    2016-35 Buffer overflow during ASN.1 decoding in NSS
    2016-34 Out-of-bounds read in HTML parser following a failed allocation
    2016-33 Use-after-free in GetStaticInstance in WebRTC
    2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
    2016-31 Memory corruption with malicious NPAPI plugin
    2016-30 Buffer overflow in Brotli decompression
    2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
    2016-28 Addressbar spoofing though history navigation and Location protocol property
    2016-27 Use-after-free during XML transformations
    2016-26 Memory corruption when modifying a file being read by FileReader
    2016-25 Use-after-free when using multiple WebRTC data channels
    2016-24 Use-after-free in SetBody
    2016-23 Use-after-free in HTML5 string parser
    2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
    2016-21 Displayed page address can be overridden
    2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
    2016-19 Linux video memory DOS with Intel drivers
    2016-18 CSP reports fail to strip location information for embedded iframe pages
    2016-17 Local file overwriting and potential privilege escalation through CSP reports
    2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

    - https://tinyurl.com/jm28onb
    "... 2948 bugs found."

    Fixed in Firefox ESR 38.7
    - https://www.mozilla.org/en-US/securi...firefoxesr38.7
    ___

    - http://www.securitytracker.com/id/1035215
    CVE Reference: CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1967, CVE-2016-1968, CVE-2016-1970, CVE-2016-1971, CVE-2016-1972, CVE-2016-1973, CVE-2016-1974, CVE-2016-1975, CVE-2016-1976, CVE-2016-1977, CVE-2016-1979, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
    Mar 9 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 45.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can cause denial of service conditions.
    A remote user can overwrite files on the target system.
    A remote user can bypass same-origin restrictions on the target system.
    A remote user can spoof the address bar.
    Solution: The vendor has issued a fix (ESR 38.7; 45.0)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    March 08, 2016

    Last edited by AplusWebMaster; 2016-03-09 at 15:30.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #68
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 45.0.1 released

    FYI...

    Firefox 45.0.1 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    March 18, 2016
    Fixed:
    - Fix a -regression- causing search engine settings to be lost in some context (1254694)
    - Bring back non-standard jar: URIs to fix a -regression- in IBM iNotes (1255139)
    - XSLTProcessor.importStylesheet was failing when <import> was used (1249572)
    - Fix an issue which could cause the list of search provider to be empty (1255605)
    - Fix a -regression- when using the location bar (1254503)
    - Fix some loading issues when Accept third-party cookies: was set to Never (1254856)
    Changed:
    - Disabled Graphite font shaping library

    > https://wiki.mozilla.org/Releases/Fi...ldNotes#Issues

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #69
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 45.0.2 released

    FYI...

    Firefox 45.0.2 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    April 11, 2016
    Fixed:
    Fix an issue impacting the cookie header when third-party cookies are blocked (1257861)
    Fix a web compatibility regression impacting the srcset attribute of the image tag (1259482)
    Fix a crash impacting the video playback with Media Source Extension (1258562)
    Fix a regression impacting some specific uploads (1255735)
    Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (1254980)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #70
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Firefox 46.0 released

    FYI...

    Firefox 46.0 released

    Start Firefox, then >Help >About >Apply Update ...
    -or-
    Download: https://www.mozilla.org/en-US/firefox/all/

    Release notes
    - https://www.mozilla.org/en-US/firefo.../releasenotes/
    April 26, 2016
    New:
    Improved security of the JavaScript Just In Time (JIT) Compiler
    GTK3 integration (GNU/Linux only)
    Fixed:
    Screen reader behavior with blank spaces in Google Docs corrected
    Correct rendering for scaled SVGs that use a clip and a mask
    Changed:
    WebRTC fixes to improve performance and stability
    Developer:
    Display dominator trees in Memory tool
    Allocation and garbage collection pause profiling in the performance panel
    Launch responsive mode from the Style Editor @media sidebar
    HTML5:
    Added support for document.elementsFromPoint
    Added HKDF support for Web Crypto API

    - https://www.mozilla.org/en-US/securi...fox/#firefox46
    Fixed in Firefox 46
    2016-48 Firefox Health Reports could accept events from untrusted domains
    2016-47 Write to invalid HashMap entry through JavaScript.watch()
    2016-45 CSP not applied to pages sent with multipart/x-mixed-replace
    2016-44 Buffer overflow in libstagefright with CENC offsets
    2016-43 Disclosure of user actions through JavaScript with motion and orientation sensors
    2016-42 Use-after-free and buffer overflow in Service Workers
    2016-41 Content provider permission bypass allows malicious application to access data
    2016-40 Privilege escalation through file deletion by Maintenance Service updater
    2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

    - https://bugzilla.mozilla.org/buglist...rified&limit=0
    ... 3059 bugs found.

    Fixed in Firefox ESR 38.8
    - https://www.mozilla.org/en-US/securi...firefoxesr38.8

    Fixed in Firefox ESR 45.1
    - https://www.mozilla.org/en-US/securi...firefoxesr45.1
    ___

    - http://www.securitytracker.com/id/1035692
    CVE Reference: CVE-2016-2804, CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2809, CVE-2016-2810, CVE-2016-2811, CVE-2016-2812, CVE-2016-2813, CVE-2016-2814, CVE-2016-2816, CVE-2016-2817, CVE-2016-2820
    Apr 27 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 46.0 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote or local user can gain elevated privileges on the target system.
    A remote user can bypass security controls on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (46.0; ESR 38.8, ESR 45.1)...

    Last edited by AplusWebMaster; 2016-04-27 at 12:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •