Firefox updates

FYI...

- http://developer.mozilla.org/devnews/index.php/2007/10/22/firefox-2008-update-to-be-updated/
October 22nd, 2007 at 9:47 pm - "...The 2.0.0.8 release fixed some 200 issues, but accidentally regressed a few things. Most users won’t see any difference or experience any problems, and those 200 fixes make the 2.0.0.8 update very valuable, but you should never have to choose functionality over security. So we’re working fast to understand and fix these problems, and will shortly be issuing a 2.0.0.9 update to address them..."

:oops:
 
Firefox v2.0.0.11 released

FYI...

Firefox v2.0.0.11 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html

What's New in Firefox 2.0.0.11
- http://www.mozilla.com/en-US/firefox/2.0.0.11/releasenotes/
Release Date:
November 30, 2007
Stability Update:
This release corrects a compatibility issue with some websites and extensions discovered in Firefox 2.0.0.10.

Two bugs fixed in 2.0.0.11:
- http://preview.tinyurl.com/3djrk3

:eek:
 
Last edited:
Firefox v2.0.0.12 released

FYI...

Firefox v2.0.0.12 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download: http://www.mozilla.com/firefox/all.html

What's New in Firefox 2.0.0.12
- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Release Date: February 7, 2008
-------------------------------

- http://secunia.com/advisories/28758/
Release Date: 2008-02-08
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information,
DoS, System access
Where: From remote...
Solution: Update to version 2.0.0.12.
-------------------------------

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0419
Last revised: 2/11/2008 - "...Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via a crafted page that uses designMode frames, which triggers memory corruption...
Impact: ...CVSS v2 Base score: 10.0 (High)..."

> http://www.mozilla.org/security/announce/2008/mfsa2008-06.html
Fixed in: Firefox 2.0.0.12, SeaMonkey 1.1.8...

> http://www.mozilla.org/download.html

:fear:
 
Last edited:
Firefox v2.0.0.13 released

FYI...

Firefox v2.0.0.13 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/firefox/

What's new:
- http://www.mozilla.com/en-US/firefox/2.0.0.13/releasenotes/

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

- http://secunia.com/advisories/29526/
Release Date: 2008-03-26
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.13...

:fear:
 
Last edited:
Firefox v2.0.0.14 released

FYI...

Firefox v2.0.0.14 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/firefox/

What's new:
- http://www.mozilla.com/en-US/firefox/2.0.0.14/releasenotes/
April 16, 2008

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.14

- http://secunia.com/advisories/29787/
Release Date: 2008-04-17
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.14.

:fear:
 
Last edited:
Hi. Not so long ago, Firefox came highly recommended by a friend and writer who switched from IE to Firefox with great results and resolve to numerous complaints.

This morning, I am so happy about installing Firefox, which I use at local public libraries and really like.

Unless this is not recommended, I am considering downloading Bugzilla, for added security.

Just want to thank you.
Rhonda


"When learning, there are no dull moments so long as there is interest, resource, and effort there is potential for growth and progress. Thanks for your help and contribution to this humble learning process which somehow blesses my life with a feeling of purpose."
 
Firefox vuln - unpatched

FYI...

Firefox vuln - unpatched
- http://secunia.com/advisories/30761/
Release Date: 2008-06-19
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 2.0.x, Mozilla Firefox 3.x...
The vulnerability is reported in versions 3.0 and 2.0.x. Other versions may also be affected.
Solution: Do not follow untrusted links nor browse untrusted web sites...
Original Advisory:
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
"...Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page. While Mozilla is working on a fix, we wont be divulging anything else until a patch is available..."
- http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2786
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785

:fear:

- http://preview.tinyurl.com/47o8yg
June 26, 2008 (arstechnica.com) - "...Mozilla told us that they have not finalized the schedule for when Firefox 3 will be made available to Firefox 2 users through the update channel, but they suspect that it will happen within the next two or three months..."
 
Last edited:
Firefox v2.0.0.15 released

FYI...

Firefox v2.0.0.15 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.15:
- http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
July 1, 2008

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

- http://secunia.com/advisories/30911/
Last Update: 2008-07-03
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information,
Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.15...

:fear:
 
Last edited:
Firefox v2.0.0.16 released

FYI...

Firefox v2.0.0.16 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.16:
- http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
July 15, 2008

- http://www.mozilla.org/security/known-vulnerabilities/firefox20.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2933

:fear:
 
Last edited:
Firefox v3.0.1 released

FYI...

Firefox v3.0.1 released
- http://www.mozilla.com/firefox/
July 16, 2008

Upgrading Firefox
- http://support.mozilla.com/en-US/kb/Upgrading+Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."

If "Check for Updates is disabled", see:
- http://support.mozilla.com/en-US/kb/Check+for+Updates+is+disabled

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

Known Issues
- http://www.mozilla.com/en-US/firefox/3.0.1/releasenotes/

Fixes in v3.0.1:
- http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

- http://secunia.com/advisories/31106/
Last Update: 2008-07-17
Critical: Highly critical
Impact: Security Bypass, Spoofing, System access
Where: From remote
...The vulnerabilities are reported in versions prior to 3.0.1.
Solution: Update to version 3.0.1 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2933

:fear:
 
Last edited:
FYI...

Firefox v3.0.2 released
- http://www.mozilla.com/firefox/
Upgrading Firefox
- http://support.mozilla.com/en-US/kb/Upgrading+Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."
If "Check for Updates is disabled", see:
- http://support.mozilla.com/en-US/kb/Check+for+Updates+is+disabled
Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2
Known Issues
- http://www.mozilla.com/en-US/firefox/3.0.2/releasenotes/
---

Firefox v2.0.0.17 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.com/en-US/firefox/all-older.html
What's New in Firefox 2.0.0.17:
- http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
September 23, 2008
- http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.17
---

FF3: http://secunia.com/advisories/32011/
Software: Mozilla Firefox 3.x
CVE reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3837
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4058
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4060
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4061
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4062
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4063
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4064
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4068

FF2: http://secunia.com/advisories/31984/
Software: Mozilla Firefox 2.0.x
CVE reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0016
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3835
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3836
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3837
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4058
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4059
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4060
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4061
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4062
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4065
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4069

.
 
Last edited:
Firefox v3.0.4 - v2.0.0.18 released

FYI...

Firefox v3.0.4 - v2.0.0.18 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.4
- http://www.mozilla.com/firefox/all.html
Download Firefox v2.0.0.18
- http://www.mozilla.com/firefox/all-older.html

Release Notes
- http://www.mozilla.com/firefox/3.0.4/releasenotes/
Also see "Known Issues..." for v3: All Systems - 9 items, Microsoft Windows - 2...

Security issues
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4
___

Firefox 3
- http://secunia.com/advisories/32713/
Release Date: 2008-11-13
Critical: Highly critical...

Firefox 2
- http://secunia.com/advisories/32693/
Release Date: 2008-11-13
Critical: Highly critical...
 
Last edited:
Firefox updated...

FYI...

Firefox v2.0.0.19...
- https://wiki.mozilla.org/WeeklyUpda...:_Firefox_2.0.0.19_.2F_3.0.5_.2F_Major_Update
2008-12-01 - "...Firefox 2.0.0.19 / 3.0.5 / Major Update...
• On track for December 16 release (possible day slip for major update)
• Firefox 2.0.0.19 will be the last release of Firefox 2 and will not include Phishing Protection..."

- http://news.cnet.com/8301-1009_3-10115852-83.html
December 5, 2008 - "...Google asked Mozilla to disable the feature in Firefox 2.0.0.19 that warns users of sites suspected of hosting identity fraud scams because the older browsers rely on an outdated SafeBrowsing protocol that Google is not supporting anymore..."

:fear:
 
Firefox v3.0.5 released

FYI...

Firefox v3.0.5 released
- http://www.mozilla.com/firefox/
Dec. 16, 2008

Release Notes
- http://www.mozilla.com/firefox/3.0.5/releasenotes/

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.5
Fixed in Firefox 3.0.5
MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
___

Firefox v2.0.0.19 released
- http://www.mozilla.com/en-US/firefox/all-older.html

- http://www.mozilla.com/en-US/firefox/2.0.0.19/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3.
Firefox 2.0.0.19 does -not- include Phishing Protection.
___

- http://secunia.com/advisories/33203/

- http://secunia.com/advisories/33184/

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top