Firefox updated...

AplusWebMaster

AplusWebMaster

New member
Advisor Team
Firefox v13 released

FYI...

Firefox v13 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla.com/firefox/all.html
June 5, 2012

What's new...
- https://www.mozilla.org/firefox/13.0/releasenotes/
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
- https://www.mozilla.org/firefox/13.0/releasenotes/buglist.html
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox13
Fixed in Firefox 13
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
___

- http://www.securitytracker.com/id/1027120
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0441 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1937 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1938 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1939 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1940 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1941 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1942 - 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1943 - 6.9
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1944 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1945 - 2.9
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1946 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1947 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3105 - 9.3 (HIGH)
Jun 6 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 13.0

- https://secunia.com/advisories/49368/
Release Date: 2012-06-06
Criticality level: Highly critical
Impact: Unknown, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Upgrade to Firefox version 13.0...

:fear:
 
Last edited:
Firefox v14.0.1 released

FYI...

Firefox v14.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
July 17, 2012

What's new...
- https://www.mozilla.org/firefox/14.0.1/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/14.0.1/releasenotes/buglist.html

Security Advisories for v14.0.01:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox14
Fixed in Firefox 14
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-55 feed: URLs with an innerURI inherit security context of page
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-46 XSS through data: URLs
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
___

- http://www.securitytracker.com/id/1027256
CVE Reference: CVE-2012-1948, CVE-2012-1949, CVE-2012-1950, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1965, CVE-2012-1966, CVE-2012-1967
Jul 17 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14...

- https://secunia.com/advisories/49965/
Release Date: 2012-07-18
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14...

:fear:
 
Last edited:
Firefox v15.0 released

FYI...

Firefox v15.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
August 28, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/15.0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/15.0/releasenotes/buglist.html

Security Advisories for v15.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox15
Fixed in Firefox 15
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-71 Insecure use of __android_log_print
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-60 Escalation of privilege through about:newtab
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
___

- http://www.securitytracker.com/id/1027450
CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3979, CVE-2012-3980
Aug 29 2012
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): prior to 15.0 ...

- https://secunia.com/advisories/50088/
Release Date: 2012-08-29
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 15.

:fear:
 
Last edited:
Firefox v15.0.1 released

FYI...

Firefox v15.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
September 6, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/15.0.1/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/15.0.1/releasenotes/buglist.html

- http://www.ghacks.net/2012/09/06/firefox-15-0-1-update-reader-expect-distribution-soon/
Sep 6, 2012 - "... unfortunate bug in Mozilla Firefox 15 stable that is preventing the browser’s private browsing mode from working correctly. The bug was discovered shortly after Firefox 15 was distributed to users of the stable channel of the browser, and Mozilla has been working diligently ever since to resolve the issue... It is a issue of trust for Mozilla mainly, which can easily be lost if sensitive features are not working like they should. For users the situation may have been even more precarious as it may have forced them to explain their browsing activities to third parties..."
- http://cdn.ghacks.net/wp-content/uploads/2012/09/firefox-15.0.1.jpg
___

- http://h-online.com/-1702798
7 Sep 2012

:fear: :sad:
 
Last edited:
Firefox v16.0 released

FYI...

Firefox v16.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
Oct 9, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/16.0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/16.0/releasenotes/buglist.html

Security Advisories for v16.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox16
Fixed in Firefox 16
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-78 Reader Mode pages have chrome privileges
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards ...
___

- https://secunia.com/advisories/50856/
Release Date: 2012-10-10
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote...
Solution: Upgrade to version 16...

- http://www.securitytracker.com/id/1027631
CVE Reference: CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3987, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188
Oct 10 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network...
Solution: The vendor has issued a fix (ESR 10.0.8; 16.0).

:fear::fear:
 
Last edited:
Firefox v16.0.1 released

FYI...

Firefox v16.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
Oct 11, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/16.0.1/releasenotes/

- https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
"Impact: The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters..."

Security Advisories for v16.0.1:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox16.0.1
Fixed in Firefox 16.0.1
MFSA 2012-89 defaultValue security checks not applied
"... regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object... CVE-2012-4192, CVE-2012-4193..."
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
"... bugs showed evidence of memory corruption under certain circumstances... some of these could be exploited to run arbitrary code... websockets crash affecting Firefox 16... CVE-2012-4190, CVE-2012-4191..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4190 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4191 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4192 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4193 - 9.3 (HIGH)
12 Oct 2012
___

- http://www.securitytracker.com/id/1027653
CVE Reference: CVE-2012-4190, CVE-2012-4191
Oct 12 2012
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.1).

- https://secunia.com/advisories/50932/
Last Update: 2012-10-12
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2012-4190, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193
... vulnerabilities are reported in Firefox and Thunderbird versions -prior- to 16.0.1 and SeaMonkey versions -prior- to 2.13.1.
Solution: Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.

- http://h-online.com/-1728382
12 Oct 2012

:fear::fear:
 
Last edited:
Firefox v16.0.2 released

FYI...

Firefox v16.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates then Apply Update
-or-
Download: https://www.mozilla.com/firefox/all.html
Oct 26, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/16.0.2/releasenotes/

Security Advisories for v16.0.2:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox16.0.2
MFSA 2012-90 Fixes for Location object issues
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4194 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4195 - 5.1
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4196 - 5.0
... before 16.0.2...
___

- http://www.securitytracker.com/id/1027701
CVE Reference: CVE-2012-4194, CVE-2012-4195, CVE-2012-4196
Oct 27 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Solution: The vendor has issued a fix (16.0.2, ESR 10.0.10).

- https://secunia.com/advisories/51144/
Release Date: 2012-10-29
Impact: Security Bypass, Cross Site Scripting
Where: From remote
Original Advisory: Mozilla:
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html

:fear:
 
Last edited:
Firefox v17.0 released

FYI...

Firefox v17.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Nov 20, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/17.0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/17.0/releasenotes/buglist.html

Security Advisories for v17.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) ...
___

- http://www.securitytracker.com/id/1027791
CVE Reference: CVE-2012-4201, CVE-2012-4202, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4206, CVE-2012-4207, CVE-2012-4208, CVE-2012-4209, CVE-2012-4210, CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5836, CVE-2012-5837, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842, CVE-2012-5843
Nov 21 2012
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (17.0)...

- https://secunia.com/advisories/51358/
Release Date: 2012-11-21
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote...
Solution: Upgrade to version 17.0...
___

- http://h-online.com/-1754171
21 Nov 2012

:fear:
 
Last edited:
Firefox v17.0.1 released

FYI...

Firefox v17.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Nov 30, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/17.0.1/releasenotes/

Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/17.0.1/releasenotes/buglist.html

Security Advisories for v17.0.1:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox17.0.1
Not available as date/time of this post

:confused:
 
Last edited:
Firefox v18.0 released

FYI...

Firefox v18.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Jan 8, 2013

What's new...
- https://www.mozilla.org/en-US/firefox/18.0/releasenotes/
Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/18.0/releasenotes/buglist.html

Security Advisories for v18.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox18
Fixed in Firefox 18
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
MFSA 2012-98 Firefox installer DLL hijacking
___

- http://www.securitytracker.com/id/1027955
CVE Reference: CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0751, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756, CVE-2013-0757, CVE-2013-0758, CVE-2013-0759, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0764, CVE-2013-0766, CVE-2013-0767, CVE-2013-0768, CVE-2013-0769, CVE-2013-0770, CVE-2013-0771
Jan 9 2013
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 18.0
Solution: The vendor has issued a fix (ESR 10.0.12, ESR 17.0.2, 18.0)...

- http://h-online.com/-1780088
9 Jan 2013 - "Mozilla has fixed 20 security holes with the release... 12 of these vulnerabilities have been rated critical by the organisation, the rest are classified as having high impact..."

:spider:
 
Last edited:
Firefox v18.0.1 released ...

FYI...

Firefox v18.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html

What's new...
- https://www.mozilla.org/en-US/firefox/18.0.1/releasenotes/
Jan 18, 2013
18.0.1: Problems involving HTTP Proxy Transactions (Associated bugs)
18.0.1: Unity player crashes on Mac OS X (bug 828954)
18.0.1: Disabled HIDPI support on external monitors to avoid rendering glitches (bug 814434)
FIXED
___

- http://h-online.com/-1787497
19 Jan 2013

:fear::fear:
 
Last edited:
Firefox v19.0 released

FYI...

Firefox v19.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Feb 19, 2013

What's new...
- https://www.mozilla.org/en-US/firefox/19.0/releasenotes/
... NEW: Built-in PDF viewer*...
CHANGED, DEVELOPER, HTML5, FIXED, Known Issues...

Complete list of Bug fixes:
- https://www.mozilla.org/en-US/firefox/19.0/releasenotes/buglist.html

Security Advisories for v19.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox19
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
___

- http://www.securitytracker.com/id/1028162
CVE Reference: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784
Feb 20 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 19.0...

- http://h-online.com/-1806437
19 Feb 2013
___

* How to disable pdf viewer?
Type about:config in the address bar and press Enter.
Press the big button to bypass the warning.
In the Filter bar, paste pdfjs.disabled
In the search results, double-click pdfjs.disabled to set its value to -true-
Restart Firefox for the changes to take effect.

- https://github.com/mozilla/pdf.js/wiki/Additional-Learning-Resources

:fear:
 
Last edited:
Firefox v19.0.2 released

FYI...

Firefox v19.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
Mar 7, 2013

Security Advisories for v19.0.2:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox19.0.2
Fixed in Firefox 19.0.2
MFSA 2013-29 Use-after-free in HTML Editor CVE-2013-0787

- https://www.mozilla.org/en-US/firefox/19.0.2/releasenotes/

- https://secunia.com/advisories/52538/
Release Date: 2013-03-08
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to a fixed version.
Original Advisory: MFSA 2013-29:
- http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

:fear:
 
Last edited:
Firefox v20.0 released

FYI...

Firefox v20.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
April 2, 2013

Security Advisories for v20.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox20
Fixed in Firefox 20
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

- https://www.mozilla.org/en-US/firefox/20.0/releasenotes/
FIXED 20.0: Security fixes ...
NEW Per-window Private Browsing...
NEW New download experience...
NEW Ability to close hanging plugins, without the browser hanging
___

- http://h-online.com/-1833854
2 April 2013

- http://www.theinquirer.net/inquirer...s-firefox-20-with-per-window-private-browsing
Apr 03 2013

- http://www.securitytracker.com/id/1028379
CVE Reference: CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0798, CVE-2013-0799, CVE-2013-0800
Apr 3 2013
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 20.0 ...

:fear:
 
Last edited:
Firefox v21.0 released

FYI...

Firefox v21.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
May 14, 2013

Security Advisories for v21.0:
* https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox21
Fixed in Firefox 21
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Release notes
- https://www.mozilla.org/en-US/firefox/21.0/releasenotes/
NEW The Social API now supports multiple providers
NEW Enhanced three-state UI for Do Not Track (DNT)
NEW Firefox will suggest how to improve your application startup time if needed
NEW Preliminary implementation of Firefox Health Report
CHANGED Ability to restore removed thumbnails on New Tab Page
CHANGED CSS -moz-user-select:none selection changed to improve compatibility with -webkit-user-select:none (bug 816298)
CHANGED Graphics related performance improvements (bug 809821)
CHANGED Removed E4X support from Spidermonkey
DEVELOPER Implemented Remote Profiling
DEVELOPER Integrated add-on SDK loader and API libraries into Firefox
HTML5 Added support for <main> element
HTML5 Implemented scoped stylesheets
FIXED Some function keys may not work when pressed (833719)
FIXED Browsing and Download history clearing needs unification to avoid confusion on clearing download history (847627)
FIXED 21.0: Security fixes can be found here* ...

- https://secunia.com/advisories/53400/
Release Date: 2013-05-15
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to version 21.0.

- http://www.securitytracker.com/id/1028555
CVE Reference: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1672, CVE-2013-1673, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
May 14 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 17.0.6 and 21.0...

:fear:
 
Last edited:
Firefox v22.0 released

FYI...

Firefox v22.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html
June 25, 2013

Security Advisories for v22.0:
* https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox22
Fixed in Firefox 22
MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
MFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-52 Arbitrary code execution within Profiler
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

Release notes
- https://www.mozilla.org/en-US/firefox/22.0/releasenotes/

... complete list of changes in this release... 510 bugs found.
___

- https://secunia.com/advisories/53970/
Release Date: 2013-06-26
Criticality level: Highly Critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
... vulnerabilities are reported in versions prior to 22.0.
Solution: Upgrade to version 22.0.

- http://www.securitytracker.com/id/1028702
CVE Reference: CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699, CVE-2013-1700
Jun 26 2013
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to ESR 17.0.7; prior to 22.0 ...

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top