Firefox updates

"Will v.1.5.0.7 update itself to v.2":

- http://forums.mozillazine.org/viewtopic.php?t=478805
Posted: Oct Wed 25th 2006 5:16am
...I am still with 1.5.0.7 and I want to ask you If it will update itself to version 2 or I have to download it?
Posted: Oct Wed 25th 2006 5:25am
In a few days 1.5.0.8 will be released that will let you have the choice of either staying with 1.5 or Updating to 2.0 see http://forums.mozillazine.org/viewtopic.php?t=476975 ..."

- http://forums.mozillazine.org/viewtopic.php?t=477283
"What's fixed?
-Memory leaks
-Searching a page now searches within text fields
Questions...
-Does Firefox 2.0 still support Windows 98?
Yes. Firefox 3.0 is the release that is planned to drop support for Windows 98..."

Firefox Product Release Roadmap
- http://wiki.mozilla.org/ReleaseRoadmap

.
 
Last edited:
Firefox v2.0 bug status

FYI...

- http://www.infoworld.com/article/06/11/02/HNmozillatofixbug_1.html
November 02, 2006
"A second minor bug found in the Firefox 2.0 Web browser will be fixed, but users shouldn't encounter much of a problem in the mean time, a Mozilla official said Thursday. The browser will crash if it visits a Web page that been intentionally coded with JavaScript in such a way as to target the bug, said Tristan Nitot, director of European operations for Mozilla. "It's very unlikely that anyone would have put a similar page on any ordinary Web page," so users shouldn't be affected, Nitot said. The problem can't be used to steal data from a computer, he added. It's the second bug that's been found in Firefox 2.0 since its release on Oct. 24. The first bug also causes the browser to hang or crash when a very large document is loaded into an iframe -- an HTML (Hypertext Markup Language) element -- using JavaScript. The new bug will eventually be fixed. "We will fix it because we need reliability," Nitot said..."
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5633
Last revised: 11/2/2006
"...NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference..."

:blink:
 
Last edited:
Firefox v2.0.0.2, v1.5.0.10 released

FYI...

v2.0.0.2
- http://en-us.www.mozilla.com/en-US/firefox/all.html

v1.5.0.10
- http://en-us.www.mozilla.com/en-US/firefox/all-older.html

What's New
- http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/

Security Updates
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

("Auto-update/Check for update" are currently unavailable but will be soon.)
 
The "Check for updates" feature is now working (did mine minutes ago - YMMV):

While in the browser, go to >Help >Check for updates

...and that's about it! You're done!


:cool:
 
FYI...

- http://secunia.com/advisories/24205/
Release Date: 2007-02-24
Last Update: 2007-02-26
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 1.x, Mozilla Firefox 2.0.x ...
Solution: Update to version 2.0.0.2 or 1.5.0.10..."

v2.0.0.2
- http://en-us.www.mozilla.com/en-US/firefox/all.html

v1.5.0.10
- http://en-us.www.mozilla.com/en-US/firefox/all-older.html

:fear:
 
Another fix not previously listed:

Mozilla Foundation Security Advisory 2007-09
- http://www.mozilla.org/security/announce/2007/mfsa2007-09.html
Title: Privilege escalation by setting img.src to javascript: URI
Impact: Critical
Announced: March 5, 2007 ...
Fixed in:
Firefox 2.0.0.2
Firefox 1.5.0.10
SeaMonkey 1.1.1
SeaMonkey 1.0.8
Description: ...The fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI. The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences... Thunderbird is not affected by this flaw as it will not execute javascript: URIs in IMG tags.
Workaround: Upgrade to a version containing the fix. Disabling JavaScript does not protect against this flaw..."

.
 
Firefox v2.0.0.3, v1.5.0.11 released

FYI...

"Check for Updates" (now available):
From an admin account, open the Firefox browser, go to >Help >Check for Updates ...

Download sites:
v2.0.0.3
- http://en-us.www.mozilla.com/en-US/firefox/all.html
v1.5.0.11
- http://en-us.www.mozilla.com/en-US/firefox/all-older.html
What's New
- http://www.mozilla.com/en-US/firefox/2.0.0.3/releasenotes/

Description of Release
- http://wiki.mozilla.org/Firefox:1.5.0.11-2.0.0.3:Test_Plan#Description_of_Release
"This release is to address several regressions that were discovered in the Firefox 2.0.0.2/1.5.0.10 release."

.
 
Last edited:
Firefox v1.5 support ends today ...v2.0.0.4 set for release

FYI...

- http://preview.tinyurl.com/2mfox3
May 29, 2007 (Computerworld) - "Mozilla Corp. will issue the last security update for its open-source Firefox 1.5 browser today (Wednesday). It will include an automatic update mechanism to give users the option of upgrading to the newer Firefox 2.0... Today's Firefox 1.5.0.12 will be the final security patch for the 18-month-old browser. Also due for delivery is Firefox 2.0.0.4... Firefox 2.0.0.4 will be posted here*, while Firefox 1.5.0.12 will be available from this page** of the Mozilla site. A list of the vulnerabilities*** patched by both updates will be posted sometime after 2.0.0.4 and 1.5.0.12 go live..."

* http://www.mozilla.com/en-US/firefox/all.html

** http://www.mozilla.com/en-US/firefox/all-older.html

*** http://www.mozilla.org/projects/security/known-vulnerabilities.html

.
 
Firefox v2.0.0.4 and v1.5.0.12 released

FYI - Firefox updates released...

Use "Check for Updates" from an Admin account (>Help >Check for Updates... )
-or-

Download v2.0.0.4:
- http://www.mozilla.com/en-US/firefox/all.html
Download v1.5.0.12:
- http://www.mozilla.com/en-US/firefox/all-older.html

Fixes:
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

-------------------------------------------------------------------
Support for Mozilla Firefox 1.5 Extended Until Mid-May
- http://www.mozillazine.org/talkback.html?article=21543
April 24th, 2007

Release Schedule
> http://wiki.mozilla.org/Firefox:1.5.0.12-2.0.0.4#Release_Schedule
22 May 2007

.
 
Firefox v2.0.0.5 released

FYI...

- http://isc.sans.org/diary.html?storyid=3161
Last Updated: 2007-07-18 05:46:09 UTC - "Earlier today, Mozilla Firefox 2.0.0.5 was released which has a number of bug fixes including a couple of privacy related bugs and a few security related ones. Mozilla's Forum* show many of the details of these fixes for those that would like to peruse until the release notes** are updated. You can download the newest version from mozilla.com or through its automated update facility."

* http://forums.mozillazine.org/viewtopic.php?p=2965188&sid=9470fada0720570af2cc87b842eccaae

Fixed in Firefox 2.0.0.5
** http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5

Download:
> http://www.mozilla.com/en-US/firefox/all.html

------------------------------

- http://secunia.com/advisories/26095/
Release Date: 2007-07-18
Critical: Highly critical
Impact: Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.5...

- http://secunia.com/advisories/25984/

.
 
Last edited:
Last edited:
FYI...

- http://preview.tinyurl.com/ytjep2
July 18, 2007 - (Mozilla Security Blog) - "Firefox 2.0.0.5 is now available and there is a fix for the URL protocol handling issue... We warned that other Windows applications may be vulnerable to this Internet Explorer issue, and on Sunday Nate Mcfeters, Billy Rios, and Raghav Dube posted a proof of concept that demonstrates the same attack through Internet Explorer to execute code in Trillian. Additionally, Thor Larholm says*..."

* http://larholm.com/2007/07/18/firefox-fixes-internet-explorer-flaw/
July 18, 2007 - "... I can still automatically launch a wide range of external applications from Internet Explorer and provide them with arbitrary command line arguments. AcroRd32.exe (Adobe Acrobat PDF Reader), aim.exe (AOL Instant Messenger), Outlook.exe, msimn.exe (Outlook Express), netmeeting.exe, HelpCtr.exe (Windows Help Center), mirc.exe, Skype.exe, wab.exe (Windows Address Book) and wmplayer.exe (Windows Media Player) - just to name a few. I can categorically deny that this flaw has been fixed in Internet Explorer. Nicolas Robillard even detailed this flaw back in 2004 and it has remained unpatched since long before then..."

.
 
Firefox v2.0.0.6 released

FYI...

Firefox v2.0.0.6 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
> http://www.mozilla.com/firefox/all.html

Release Notes
> http://www.mozilla.com/en-US/firefox/2.0.0.6/releasenotes/
Release Date: July 30, 2007
-------------------------------

- http://blog.mozilla.com/security/2007/07/30/firefox-2.0.0.6-now-available/
30 July 2007 - "We’ve just released Firefox 2.0.0.6... The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external programs. This reduces the risk of malicious data being passed through Firefox to another application that may then trigger unexpected and potentially dangerous behavior..."

.
 
Last edited:
Firefox v2.0.0.8 released

FYI...

Firefox v2.0.0.8 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
> http://www.mozilla.com/firefox/all.html

Release Notes
> http://www.mozilla.com/en-US/firefox/2.0.0.8/releasenotes/
Release Date: October 18, 2007

- http://secunia.com/advisories/27311
Release Date: 2007-10-19
Critical: Highly critical
Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access...
Solution: Update to version 2.0.0.8.

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top