Firefox updated...

Firefox Support for XP and Vista

FYI...

Update on Firefox Support for Windows XP and Vista
- https://blog.mozilla.org/futurereleases/2016/12/23/firefox-support-for-xp-and-vista/
Dec 23, 2016 - "In approximately March, 2017, Windows XP and Vista users will automatically be moved to the Firefox Extended Support Release (ESR*).
Firefox is one of the few browsers that continues to support Windows XP and Vista, and we expect to continue to provide security updates for users until September 2017. Users do not need to take additional action to receive those updates. In mid-2017, user numbers on Windows XP and Vista will be reassessed and a final support end date will be announced. In the meantime, we strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use. For planning purposes, enterprises using Firefox should consider September 2017 as the support end date for Windows XP and Vista. For more information please visit the Firefox support page**."
* https://www.mozilla.org/en-US/firefox/organizations/

** https://support.mozilla.org/en-US/kb/end-support-windows-xp-and-vista
"... Firefox version 52 will be the last complete update for Windows XP and Windows Vista. Security updates will be released, but no new features... Firefox is one of the only browsers to offer any support for Windows XP and Vista. Microsoft itself ended support for Windows XP in 2014 and will end support for Windows Vista in 2017. Unsupported operating systems receive no security updates, have known exploits, and can be dangerous to use, which makes it difficult to maintain Firefox on those versions.
Firefox security updates for XP and Vista users will continue until September 2017, although new features will not be offered. In mid-2017, a final support end date will be announced based on the number of users still on Windows XP and Vista..."

> https://www.mozilla.org/en-US/firefox/organizations/faq/

:fear::fear:
 
Firefox 51.0 released

FYI...

Firefox 51.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes
- https://www.mozilla.org/en-US/firefox/51.0/releasenotes/
Jan 24, 2017

Security vulnerabilities fixed in Firefox 51
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox51
Security vulnerabilities fixed in Firefox 51
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
Critical
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
CVE-2017-5374: Memory safety bugs fixed in Firefox 51
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

Firefox ESR 45.7: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.7
___

- http://www.securitytracker.com/id/1037693
CVE Reference: CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5392, CVE-2017-5393, CVE-2017-5394, CVE-2017-5395, CVE-2017-5396
Jan 25 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 51.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can gain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix (51.0, ESR 45.7)...

:fear:
 
Last edited:
Firefox 52.0 released

FYI...

Firefox 52.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes
- https://www.mozilla.org/en-US/firefox/52.0/releasenotes/
Mar 7, 2017
New:
- Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
- Enabled multi-process Firefox for Windows users with touch screens
- Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
- Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
- Enhanced Sync to allow users to send and open tabs from one device to another...
Changed:
- Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported:
> https://support.mozilla.org/t5/Prob...Adobe-Acrobat-and-other-plugins-no/ta-p/31069
>> Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR*) version of Firefox...

[Corrections:
> https://www.mozilla.org/en-US/firefox/52.0/system-requirements/
... Windows
Operating Systems (32-bit and 64-bit)
Windows XP SP2
Windows Server 2003 SP1
Windows Vista
Windows 7
Windows 8
Windows 10
Please note that 64-bit builds of Firefox are only supported on Windows 7 and higher.
Windows XP/Vista/Server 2003 are no longer supported by regular Firefox releases.
These users should migrate to ESR 52..."
[Direct download for Firefox Extended Support Release]:
>> https://www.mozilla.org/en-US/firefox/organizations/all/
... which -is- the new -supported- version for for XP and Vista.]

Firefox ESR Overview
- https://www.mozilla.org/en-US/firefox/organizations/faq/

Security vulnerabilities fixed in Firefox 52
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox52
Fixed in Firefox 52
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5399: Memory safety bugs fixed in Firefox 52
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

- http://www.securitytracker.com/id/1037966
CVE Reference: CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, CVE-2017-5410, CVE-2017-5411, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5425, CVE-2017-5426, CVE-2017-5427
Mar 8 2017
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A remote user can delete files on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix (52.0)...

* Firefox ESR 45.8: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr45.8
___

- https://www.us-cert.gov/ncas/current-activity/2017/03/07/Mozilla-Releases-Security-Update
Mar 7, 2017

:fear::fear:
 
Last edited:
Firefox 52.0.1 released

FYI...

Firefox 52.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

ESR download: https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes
- https://www.mozilla.org/en-US/firefox/52.0.1/releasenotes/
March 17, 2017
Various security fixes
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox52.0.1

- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr52.0.1

> https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/
Critical
March 17, 2017
Fixed in:
- Firefox 52.0.1
- Firefox ESR 52.0.1
CVE-2017-5428: integer overflow in createImageBitmap()

- http://www.securitytracker.com/id/1038060
CVE Reference: CVE-2017-5428
Mar 17 2017
Version(s): 52.0; possibly prior versions...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (52.0.1, ESR 52.0.1)...

:fear::fear:
 
Last edited:
Firefox 53.0 released

FYI...

Firefox 53.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

XP/Vista: 52.1.0 ESR download: https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes
- https://www.mozilla.org/en-US/firefox/53.0/releasenotes/
April 19, 2017
Fixed:
Various security fixes:
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox53

- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
Security vulnerabilities fixed in Firefox 53
Critical:
CVE-2017-5433: Use-after-free in SMIL animation functions
CVE-2017-5435: Use-after-free during transaction processing in the editor
CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
CVE-2017-5459: Buffer overflow in WebGL
CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
Security vulnerabilities fixed in Firefox ESR 52.1
___

- http://www.securitytracker.com/id/1038320
CVE Reference: CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5450, CVE-2017-5451, CVE-2017-5452, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5463, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469
Apr 20 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 53.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain files on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (53.0)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/04/19/Mozilla-Releases-Security-Updates
April 19, 2017

:fear::fear:
 
Last edited:
Firefox 53.0.2, 52.1.1 ESR released

FYI...

Firefox 53.0.2 released
- https://www.mozilla.org/en-US/firefox/53.0.2/releasenotes/
May 5, 2017

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

XP/Vista: 52.1.1 ESR download: https://www.mozilla.org/en-US/firefox/organizations/all/
> https://www.mozilla.org/en-US/firefox/52.1.1/releasenotes/

Fixed:
Make form validation errors and date picker panel visible to the user (Bug 1341190)
Various security fixes*

* https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox53.0.2
High
CVE-2017-5031: Use after free in ANGLE
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-14/
___

- https://www.us-cert.gov/ncas/current-activity/2017/05/05/Mozilla-Releases-Security-Updates
May 05, 2017

:fear::fear:
 
Last edited:
Firefox 53.0.3, 52.1.2 ESR released

FYI...

Firefox 53.0.3 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

- https://www.mozilla.org/en-US/firefox/53.0.3/releasenotes/
May 19, 2017
Fixed:
- Fix excessive resource usage from the captive portal detection service (bug 1359697)
- Fix hangs when using a proxy with NTLM authentication (bug 1360574)...

XP/Vista: 52.1.2 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla.org/en-US/firefox/organizations/all/

- https://www.mozilla.org/en-US/firefox/52.1.2/releasenotes/
May 19, 2017
Fixed:
- Fix hangs when using a proxy with NTLM authentication (bug 1360574)

:fear:
 
Firefox 54.0, 52.2 ESR released

FYI...

Firefox 54.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/54.0/releasenotes/
June 13, 2017
New:
- Simplified the download button and download status panel
- Added support for multiple content processes (e10s-multi)
Various security fixes:
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox54

Security vulnerabilities fixed in Firefox 54
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5471: Memory safety bugs fixed in Firefox 54
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
___

XP/Vista: 52.2.0 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/52.2.0/releasenotes/
June 13, 2017

- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr52.2

Security vulnerabilities fixed in Firefox ESR 52.2
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
___

- https://www.us-cert.gov/ncas/current-activity/2017/06/13/Mozilla-Releases-Security-Updates
June 13, 2017
___

- http://www.securitytracker.com/id/1038689
CVE Reference: CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7755, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7759, CVE-2017-7760, CVE-2017-7761, CVE-2017-7762, CVE-2017-7763, CVE-2017-7764, CVE-2017-7765, CVE-2017-7766, CVE-2017-7767, CVE-2017-7768, CVE-2017-7770, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
Jun 14 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 54.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can obtain elevated privileges on the target system.
A local user can modify files on the target system.
A remote user can obtain files on the target system.
A remote user can spoof the address bar.
Solution: The vendor has issued a fix (ESR 52.2; 54.0)...

:fear:
 
Last edited:
Firefox 54.0.1, 52.2.1 ESR released

FYI...

Firefox 54.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/54.0.1/releasenotes/
June 29, 2017
Fixed:
Fix a display issue of tab title (bug 1357656)
Fix a display issue of opening new tab (bug 1371995)
Fix a display issue when opening multiple tabs (bug 1371962)
Fix a tab display issue when downloading files (bug 1373109)
Fix a PDF printing issue (bug 1366744)
Fix a Netflix issue on Linux (bug 1375708)
___

XP/Vista: 52.2.1 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/52.2.1/releasenotes/
June 29, 2017

Fixed: Printing text does not work on Windows when Direct2D is disabled (Bug 1318845)

:fear:
 
Mozilla Firefox Version 55.0 Released

Firefox ESR was updated to version 52.3.

Firefox Version 55.0 Released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

https://www.mozilla.org/en-US/firefox/new/

Read First-Important: via ghacks.net

"Firefox 55.0 breaks compatibility with older versions of the browser and Firefox ESR. Users who want to downgrade are advised to back up their profiles prior to installing the update."

"Executive Summary

  • You cannot restore an older version / migrate to Firefox ESR after the upgrade to Firefox 55.
  • Firefox 55.0 is the first version of Firefox that moves directly from Nightly to Beta.
  • The new WebExtensions permissions systems is enabled."

https://www.ghacks.net/2017/08/07/firefox-55-0-find-out-what-is-new/
 
Firefox 55.0.1 released

FYI...

Firefox 55.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/
August 10, 2017

Fixed in 55.0.1:
- Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
- Fix a problem causing What's new pages not to be displayed (bug 1386224)
- Fix a regression the tab restoration process (bug 1388160)
- Disable the predictor prefetch (bug 1388160)
___

Firefox 'add-on' technology is modernizing
> https://support.mozilla.org/en-US/kb/firefox-add-technology-modernizing
"'Add-ons' allow you to add extra features and functionality to Firefox. Anyone can create an extension and make it available for people to download.
>> What's happening?
In the past, add-ons often stopped working each time a new version of Firefox was released, because developers had to update them every six weeks to keep them compatible. Since add-ons could also modify Firefox internal code directly, it was possible for bad actors to include malicious code in an innocent-looking add-on.
To address these issues, and as part of broader efforts to modernize Firefox as a whole, we’ve been transitioning to a new framework for developing Firefox extensions. You can still personalize Firefox with add-ons the same way you do now, except they won’t break in new Firefox releases.
Note: Starting in Firefox 57, which will be released in November 2017, only add-ons built with this new technology will work in Firefox. These are indicated by the “Compatible with Firefox 57+” label on addons.mozilla.org (AMO). Add-ons built with the old technology are labeled “Legacy” on the about:addons tab.
If an add-on does not have the "Compatible with 57+" label or has the -Legacy- label, the developer may be in the process of transitioning to the new technology..."
___

Fixed in Firefox v55.0:
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox55

> https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
Critical:
CVE-2017-7798: XUL injection in the style editor in devtools
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
___

FF 52.3.0 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/52.3.0/releasenotes/
August 8, 2017

Fixed:
- Various security fixes*
- Various stability and regression fixes

* https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/
Critical:
CVE-2017-7798: XUL injection in the style editor in devtools
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

:fear:
 
Last edited:
Firefox 55.0.2 released

FYI...

Firefox 55.0.2 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes: https://www.mozilla.org/en-US/firefox/55.0.2/releasenotes/
August 16, 2017
Fixed:
- Fix a -regression- with the popup menu (Bug 1388682)
- Fix performance -regressions- with WebExtension (Bugs 1386937 & 1389381)
- Fix an issue with new installation notification for sideload add-ons (Bug 1372448)
- Fix a potential issue when the username had some specific characters in the path (Bug 1388584)

:fear:
 
Firefox 56, 52.4.0 ESR released

FYI...

Firefox 56 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes: https://www.mozilla.org/en-US/firefox/56.0/releasenotes/
Sep 28, 2017

New:
Launched Firefox Screenshots[1], a feature that lets users take, save, and share screenshots without leaving the browser
1] https://screenshots.firefox.com/#tour
Added support for address form autofill (en-US only)
Updated Preferences:
Added search tool so users can find a specific setting quickly
Reorganized preferences so users can more easily scan settings
Rewrote descriptions so users can better understand choices and how they affect browsing
Revised data collection choices so they align with updated Privacy Notice and data collection strategy
Media opened in a background tab will not play until the tab is selected
Improved Send Tabs feature of Sync for iOS and Android, and Send Tabs can be discovered even by users without a Firefox Account
Changed:
Replaced character encoding converters with a new Encoding Standard-compliant implementation written in Rust
Added hardware acceleration for AES-GCM
Updated the Safe Browsing protocol to version 4
Reduced update download file size by approximately 20 percent
Improved security for verifying update downloads...
Unresolved:
Startup crashes with 64-bit Firefox on Windows 7, for users of Lenovo's "OneKey Theater" software for
IdeaPad laptops. To fix this crash, please re-install 32-bit Firefox.
> https://www.mozilla.org/en-US/firefox/all/
Startup crash with RelevantKnowledge adware installed. Firefox Support has helpful instructions to remove it:
> https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware

Fixed in Firefox 56: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox56
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
Critical:
CVE-2017-7811: Memory safety bugs fixed in Firefox 56
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 ...

- http://www.securitytracker.com/id/1039465
CVE Reference: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7816, CVE-2017-7817, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825
Sep 29 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 56.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the address bar and other user interface components.
A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix (56.0)...
___

52.4.0 ESR released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes: https://www.mozilla.org/en-US/firefox/52.4.0/releasenotes/
Sep 28, 2017

Fixed:
Various security fixes*
Various stability and regression fixes
* https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr52.4
Security vulnerabilities fixed in Firefox ESR52.4
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
Critical:
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 ...
___

- https://www.us-cert.gov/ncas/current-activity/2017/09/28/Mozilla-Releases-Security-Updates
Sep 28, 2017

:fear::fear:
 
Last edited:
Fake Firefox updates

FYI...

Fake Firefox updates...
> https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update
"We have received reports from many users who were interrupted in their browsing experience and who got redirected to a -fake- page purporting to provide an "urgent" or "critical" update and prompting to download a firefox-patch.js (or .exe) file. Some people have also reported seeing -ads- prompting them to download a Firefox update. These are -scam- tactics trying to trick you into installing malware!... To our knowledge those notices are a form of "malvertising": those fake notices get triggered by code contained in -ads- that are displayed on otherwise legitimate websites you are visiting and get spread through advertisement networks. This is an example how such a fake update notice may look like - they are hosted on randomly generated and quickly changing domains:
>> https://support.cdn.mozilla.net/media/uploads/gallery/images/2016-09-15-12-37-10-c81e72.png
... -Fake-updates- have been spotted for other popular browsers. Although we cannot root out every bad actor on the web, we are continuing to improve Firefox's defenses against malware. Knowing how to recognize and report such frauds helps us keep the Internet open and safer."

:fear::fear::fear:
 
Firefox ESR E-O-L - on XP-Vista in June 2018

FYI...

Firefox ESR E-O-L - on XP-Vista in June 2018
> https://blog.mozilla.org/futurereleases/2017/10/04/firefox-support-for-windows-xp-and-vista/
Oct 4, 2017 - "... Today we are announcing June 2018 as the final end of life date for Firefox support on Windows XP and Vista. As one of the few browsers that continues to support Windows XP and Vista, Firefox users on these platforms can expect security updates until that date. Users do not need to take additional action to receive those updates..."

> https://support.mozilla.org/en-US/kb/end-support-windows-xp-and-vista

:fear::fear:
 
Firefox 56.0.2 released

FYI...

Firefox 56.0.2 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes:
- https://www.mozilla.org/en-US/firefox/56.0.2/releasenotes/
Oct 26, 2017
Fixed:
- Disable Form Autofill completely on user request (Bug 1404531)
- Fix for video-related crashes on Windows 7 (Bug 1409141)
- Correct detection for 64-bit GSSAPI authentication (Bug 1409275)
- Fix for shutdown crash (Bug 1404105)

:fear::fear:
 
Firefox 57.0, 52.5.0 ESR released

FYI...

Firefox 57.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes:
- https://www.mozilla.org/en-US/firef..._medium=firefox-browser&utm_campaign=whatsnew
Nov 14, 2017
New:
A completely new browsing engine, designed to take full advantage of the processing power in modern devices
A redesigned interface with a clean, modern appearance, consistent visual elements, and optimizations for touch screens
A unified address and search bar. New installs will see this unified bar. Learn how to add the stand-alone search bar to the toolbar
A revamped new tab page that includes top visited sites, recently visited pages, and recommendations from Pocket (in the US, Canada, and Germany)
An updated product tour to orient new and returning Firefox users
AMD VP9 hardware video decoder support for improved video playback with lower power consumption
An expanded section in preferences to manage all website permissions
Changed:
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Firefox does -not- support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience -issues- with Firefox.
Made the Adobe Flash plugin click-to-activate by default and allowed -only- on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap:
- https://developer.mozilla.org/en-US/docs/Plugins/Roadmap )

Changed: Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work..."
> https://support.mozilla.org/kb/firefox-add-technology-modernizing

Fixed: Various security fixes:
> https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox57
Security vulnerabilities fixed in Firefox 57
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
Nov 14, 2017
Critical:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7827: Memory safety bugs fixed in Firefox 57
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

> https://blog.mozilla.org/blog/2017/11/14/introducing-firefox-quantum/
___

Firefox 52.5.0 ESR released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/organizations/all/

Release notes: https://www.mozilla.org/en-US/firefox/52.5.0/releasenotes/
Nov 14, 2017
Various security fixes
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr52.5
Security vulnerabilities fixed in Firefox ESR 52.5
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/
Critical:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

Various stability and regression fixes
___

- https://www.us-cert.gov/ncas/current-activity/2017/11/14/Mozilla-Releases-Security-Updates
Nov 14, 2017
___

- https://www.securitytracker.com/id/1039803
CVE Reference: CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842
Nov 15 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 57.0 ...
(More detail at the URL above.)


- https://www.securitytracker.com/id/1039805
CVE Reference: CVE-2017-7826, CVE-2017-7828, CVE-2017-7830
Nov 15 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to ESR 52.5 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can modify data on the target system.
A local user can obtain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix for CVE-2017-7826, CVE-2017-7828, and CVE-2017-7830 for Firefox ESR (52.5)...

:fear::fear::fear:
 
Last edited:
Firefox 57.0.1 released

FYI...

Firefox 57.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla.org/en-US/firefox/all/

Release notes:
- https://www.mozilla.org/en-US/firef..._medium=firefox-browser&utm_campaign=whatsnew
Nov 29, 2017
Fixed:
Fix a video color distortion issue on YouTube and other video sites with some AMD devices (bug 1417442)
Fix an issue with prefs.js when the profile path has non-ascii characters (bug 1420427) ...
Google map crashes on OSX with Intel HD Graphics 3000
Changed:
Block injection of a client library associated with the RealPlayer Free player which is known to cause performance problems in Firefox. (Bug 1418535)

> https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/
Fixed in: Firefox 57.0.1
___

> https://www.ixquick.com/
"Firefox's latest update (57.0.1) aggressively tries to reset your default search engine to Google! To make StartPage your default search engine again after the update, please follow the instructions... You may want to bookmark this article now..."
* https://support.startpage.com/index...artpage-to-firefox-as-a-default-search-engine
___

- https://www.us-cert.gov/ncas/current-activity/2017/12/04/Mozilla-Releases-Security-Update-Firefox
Dec 04, 2017

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top