Firefox updates

AplusWebMaster · Mar 22, 2011

Firefox v4.0 released

FYI...

Firefox v4.0 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
March 22, 2011

- http://www.mozilla.com/en-US/firefox/4.0/releasenotes/

- http://www.mozilla.com/en-US/firefox/4.0/system-requirements/
"... Please note that while the 32-bit and 64-bit versions of Windows Vista and Windows 7 can be used to run Firefox 4, only 32-bit builds of Firefox 4 are supported at this time..."
___

What happened to the Status Bar?
- http://support.mozilla.com/en-US/kb...r?s=show+status+bar&as=s#w_the-new-status-bar

Where are my Add-ons?
- http://support.mozilla.com/en-US/kb...s=show+status+bar&as=s#w_where-are-my-add-ons
"... Status-4-Evar** is an Add-on that recreates all of the features of the old Status Bar and lets you put them in the new Add-on Bar*..."
* http://support.mozilla.com/en-US/kb/what-add-bar
"... The Add-on Bar is a toolbar that holds all of your add-on shortcuts, giving you quick and easy access to their features. This article shows you how to use and customize the Add-on Bar... How do I show or hide the Add-on Bar?
If you don't have any add-ons that use the Add-on Bar, it won't be shown by default but you can easily show or hide it whenever you want.
> To show or hide the Add-on Bar, right-click on an empty section of the Tab Strip and check or uncheck it in the pop-up menu.
You can also use the keyboard shortcut Ctrl + / .

** https://addons.mozilla.org/en-US/firefox/addon/235283/

How do I put tabs back on bottom like they used to be?
- http://support.mozilla.com/en-US/kb...-put-tabs-back-on-bottom-like-they-used-to-be
"At the top of the Firefox window, click on the Firefox button, go over to the Options... arrow and uncheck Tabs on Top".
-or-
"... By default, the Tab Strip is above the Navigation Toolbar. If you want it below, right-click on an empty section of the Tab Strip and uncheck 'Tabs on Top'..."
___

Adblock Plus v1.3.5
- https://addons.mozilla.org/en-US/firefox/addon/1865

- http://adblockplus.org/releases/adblock-plus-135-released

- http://adblockplus.org/en/changelog-1.3.5
___

.

AplusWebMaster · Mar 23, 2011

Firefox v3.6.16 and 3.5.18...

FYI...

Firefox v3.6.16 and 3.5.18...
- http://isc.sans.edu/diary/Firefox+3+Updates+and+SSL+Blacklist+extension/10597
Last Updated: 2011-03-23 13:01:43 UTC - "At the heels of yesterday's Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. If you are not planning to update to Firefox 4 soon, you should update to the newest 3.x version..."
>> http://www.mozilla.com/en-US/firefox/all-older.html
('Should also be available thru the 'Help > Check for Updates' function.)

- http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
March 22, 2011

- http://www.securitytracker.com/id/1025243
Mar 23 2011

What’s New in Firefox 3.6.16...
- http://www.mozilla.com/en-US/firefox/3.6.16/releasenotes/
v.3.6.16, released March 22nd, 2011 - "... blacklists a few invalid HTTPS certificates."

- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.16-fixed
One bug found... bogus certs issued by Comodo partner.

- http://isc.sans.edu/diary.html?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC

:spider:

AplusWebMaster · Apr 28, 2011

Firefox v4.0.1/3.6.17 released ...

FYI...

Firefox v4.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- http://www.mozilla.com/firefox/all.html
April 28, 2011
>Release notes
- http://www.mozilla.com/en-US/firefox/4.0.1/releasenotes/
> Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox40.html#firefox4.0.1
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-17 WebGLES vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status2.0:.1-fixed
55 bugs found.
___

v3.6.17
- http://www.mozilla.com/en-US/firefox/3.6.17/releasenotes/
April 28, 2011
>Help >Check for Updates
-or-
- http://www.mozilla.com/en-US/firefox/all-older.html
> Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-14 Information stealing via form history
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.17-fixed
59 bugs found
___

- http://www.securitytracker.com/id/1025456
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
CVE Reference:
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 - 10.0
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 - 7.5
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 - 10.0
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 - "
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 - "
Version(s): -prior- to 3.5.19, 3.6.17, 4.0.1
Apr 29 2011
___

- https://developer.mozilla.org/devne...17-and-3-5-19-security-updates-now-available/
April 28, 2011 - "... This is the last planned security and stability release for Firefox 3.5. All users are encouraged to upgrade..."

:fear:

AplusWebMaster · May 17, 2011

Firefox v3.5 forced upgrade ...

FYI...

Firefox 5 ...
- http://www.h-online.com/open/news/item/Firefox-5-nears-with-release-candidate-1261711.html
16 June 2011 - "... the final version of Firefox 5 will be released on Tuesday 21 June alongside Firefox 3.6.18 and Thunderbird 3.1.11..."
- https://wiki.mozilla.org/Releases#Firefox_5

- http://secunia.com/advisories/44972/
... The weakness is reported in version 4.0.1. Other versions may also be affected.
Solution: The vendor recommends to disable WebGL. The vendor has scheduled a fix for 2011-06-21...
Original Advisory: Mozilla:
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/

- http://www.securitytracker.com/id/1025676
Jun 17 2011 ... fix, tentatively scheduled for June 21, 2011...
___

Firefox v3.5 forced upgrade...
- http://isc.sans.org/diary.html?storyid=10885
Last Updated: 2011-05-16 21:39:57 UTC - "With Firefox 4 released not too long ago and Firefox 5 supposed to be released on June 21st... seems to be 12 million users still on Firefox 3.5... Firefox will start issuing warning on Google's default pages for users of version 3.5 and planning to push out 3.6.18 as an update (if auto update is enabled) once Firefox 5 is out... More info*..."
* http://www.theregister.co.uk/2011/05/16/mozilla_firefox_3_5_forced_upgrade/

- https://wiki.mozilla.org/Releases/3.5_EOL#Assumptions
11 May 2011

:fear::spider:

AplusWebMaster · Jun 21, 2011

AplusWebMaster · Jul 17, 2011

Firefox v5.0.1 released for Mac OS-X bug...

FYI...

Firefox v5.0.1 released for Mac OS/X...
- http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox5
June 12, 2011 - "Fixed in Firefox 5.0.1:
Firefox 5.0.1 addresses promblems with recent Mac OS X releases*. It does -not- contain security fixes."
* http://www.mozilla.com/firefox/5.0.1/releasenotes/#whatsnew2
• Worked around an issue in Mac OS X 10.7 that could cause Firefox to crash
• Worked around an issue caused by Apple's "Java for Mac OS X 10.6 Update 5" where the Java plugin would not be loaded

:cleaning:

AplusWebMaster · Aug 16, 2011

Firefox v6.0 released

FYI...

Firefox v6.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
August 16, 2011
> Release notes
- https://www.mozilla.com/en-US/firefox/6.0/releasenotes/
What's New...
> https://hacks.mozilla.org/2011/08/firefox6/
Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox6
MFSA 2011-29 Security issues addressed in Firefox 6
- https://www.mozilla.org/security/announce/2011/mfsa2011-29.html
... 8 critical and 2 high severity issues
Bug list
- https://www.mozilla.com/en-US/firefox/6.0/releasenotes/buglist.html
___

Firefox v3.6.20 released
August 16, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
- https://www.mozilla.com/en-US/firefox/all-older.html
> Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.20
MFSA2011-30 Security issues addressed in Firefox 3.6.20
- https://www.mozilla.org/security/announce/2011/mfsa2011-30.html
Bug list
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.20-fixed
5 bugs found
___

- http://www.securitytracker.com/id/1025938
Aug 16 2011
CVE Reference: CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2990, CVE-2011-2991, CVE-2011-2992, CVE-2011-2993
Version(s): 3.6.x prior to 3.6.20; 4.x and 5.x prior to 6
Solution: The vendor has issued a fix (3.6.20, 6)...
- http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-30.html

:fear:

AplusWebMaster · Aug 31, 2011

Firefox v6.0.1 released

FYI...

- https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/
09.02.11
___

Firefox v6.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
August 30, 2011
> Release notes
- https://www.mozilla.org/en-US/firefox/6.0.1/releasenotes/
Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox6.0.1
MFSA 2011-34 Protection against fraudulent DigiNotar certificates
- https://www.mozilla.org/security/announce/2011/mfsa2011-34.html
___

Firefox v3.6.21 released
August 30, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all-older.html
> Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.21
MFSA 2011-34 Protection against fraudulent DigiNotar certificates
- https://www.mozilla.org/security/announce/2011/mfsa2011-34.html

:fear:

AplusWebMaster · Sep 6, 2011

Firefox v6.0.2, v3.6.22 released

FYI...

Firefox v6.0.2 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
September 6, 2011
> Release notes
- https://www.mozilla.org/en-US/firefox/6.0.2/releasenotes/
Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox6.0.2
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificates
- https://www.mozilla.org/security/announce/2011/mfsa2011-35.html
___

Firefox v3.6.22 released
September 6, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all-older.html
> Security Advisories
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.22
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificates
- https://www.mozilla.org/security/announce/2011/mfsa2011-35.html

:fear:

AplusWebMaster · Sep 27, 2011

Firefox v7.0 released

FYI...

Firefox v7.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
September 27, 2011
> Release notes
- https://www.mozilla.org/en-US/firefox/7.0/releasenotes/
Security Advisories - Fixed in Firefox 7
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox7
Bugs fixed
- https://www.mozilla.org/en-US/firefox/7.0/releasenotes/buglist.html

- https://blog.mozilla.com/blog/2011/...duces-memory-use-to-make-web-browsing-faster/
September 27, 2011

- https://secunia.com/advisories/46171/
Release Date: 2011-09-28
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
Solution: Upgrade to version 7.0.

- http://www.securitytracker.com/id/1026121
CVE Reference: CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3002, CVE-2011-3003, CVE-2011-3004, CVE-2011-3005, CVE-2011-3232
... prior to 3.6.23; 6.x
Updated: Sep 29 2011

- http://h-online.com/-1350870
28 September 2011
___

Firefox v3.6.23 released
September 27, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all-older.html
Security Advisories- Fixed in Firefox 3.6.23
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23
Bugs fixed
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.23-fixed

- https://secunia.com/advisories/46203/
Release Date: 2011-09-28
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote...
Solution: Update to version 3.6.23.

:spider:

AplusWebMaster · Sep 30, 2011

Firefox v7.0.1 released

FYI...

Firefox v7.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
September 29, 2011
Issue discovered with Firefox add-on upgrades
- https://blog.mozilla.com/addons/2011/09/28/issue-discovered-with-firefox-add-on-upgrades/
"... some users may have one or more of their add-ons hidden after upgrading to the latest Firefox version, affecting both desktop and mobile. These add-ons and their data are still intact and haven’t actually been removed... update to Firefox will fix this and restore any hidden add-ons..."
> https://support.mozilla.com/en-US/kb/add-ons-hidden-after-updating-firefox-7
> https://addons.mozilla.org/en-US/firefox/addon/fx7-recovery/

Release notes
- https://www.mozilla.org/en-US/firefox/7.0.1/releasenotes/

:fear:

AplusWebMaster · Nov 8, 2011

Firefox v8.0 released

FYI...

Firefox v8.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
November 8, 2011

- https://www.mozilla.org/en-US/firefox/8.0/releasenotes/
Security Advisories :
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox8
Fixed in Firefox 8:
MFSA 2011-52 Code execution via NoWaiverWrapper
MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3649 - 2.6
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3653 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3650 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3655 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3651 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3652 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3654 - 10.0 (HIGH)
CVSS v2 Base Score: 10.0 (HIGH)
"... Firefox before 8.0..."

Bugs fixed
- https://www.mozilla.org/en-US/firefox/8.0/releasenotes/buglist.html
___

Firefox v3.6.24 released
November 8, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all-older.html
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.24
Fixed in Firefox 3.6.24:
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-47 Potential XSS against sites using Shift-JIS
MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3648 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3647 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3650 - 9.3 (HIGH)
CVSS v2 Base Score: 9.3 (HIGH)
"... Firefox before 3.6.24..."

Bugs fixed
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.24-fixed
___

- https://secunia.com/advisories/46773/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Solution: Upgrade to version 8.0...

- https://secunia.com/advisories/46757/
Release Date: 2011-11-09
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Solution: Update to Firefox version 3.6.24 ...

- http://www.securitytracker.com/id/1026298
Date: Nov 9 2011
CVE Reference: CVE-2011-3647, CVE-2011-3648, CVE-2011-3649, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3653, CVE-2011-3654, CVE-2011-3655
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network...
Solution: The vendor has issued a fix (3.6.24, 8.0)...

:fear::fear:

AplusWebMaster · Dec 21, 2011

Firefox v9.0 released ...

FYI...

Firefox v9.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all.html
December 20, 2011

- https://www.mozilla.org/en-US/firefox/9.0/releasenotes/
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9
Fixed in Firefox 9:
MFSA 2011-58 Crash scaling <video> to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

Bugs fixed
- https://www.mozilla.org/en-US/firefox/9.0/releasenotes/buglist.html

- https://secunia.com/advisories/47302/
Release Date: 2011-12-21
Criticality level: Highly critical
Impact: Unknown, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3658 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3660 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3661 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3663 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3664 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3665 - 7.5 (HIGH)
Last revised: 12/21/2011
... exploitation of vulnerabilities... may allow execution of arbitrary code.
Solution: Upgrade to version 9.0.

- http://www.securitytracker.com/id/1026445
Dec 21 2011
___

Firefox v3.6.25 released
December 20, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/en-US/firefox/all-older.html
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.25
Fixed in Firefox 3.6.25:
MFSA 2011-59 .jar not treated as executable in Firefox 3.6 on Mac

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3666
Last revised: 12/21/2011
CVSS v2 Base Score: 6.8 (MEDIUM)
"... Firefox before 3.6.25..."

Bugs fixed
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.25-fixed

.

AplusWebMaster · Dec 22, 2011

Firefox v9.0.1 ? ...

FYI...

- https://wiki.mozilla.org/Releases#Firefox_10
"... Firefox 10... January 31, 2012..."
___

Firefox v9.0.1 ?
- https://www.mozilla.org/en-US/firefox/9.0.1/releasenotes/buglist.html
December 21st, 2011

- http://forums.mozillazine.org/viewtopic.php?f=7&t=2391989
Dec. 21 4:51 pm - "... 9.0.1 the next day?... Apparently Mac users were experiencing crashes on startup..."

- https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/9.0.1-candidates/build1/
Index of /pub/mozilla.org/firefox/nightly/9.0.1-candidates/build1

- https://bugzilla.mozilla.org/show_bug.cgi?id=711794#c96
2011-12-21 19:17:51 PST
___

Mozilla and Google Sign New Agreement for Default Search in Firefox
- https://blog.mozilla.com/blog/2011/...-new-agreement-for-default-search-in-firefox/
December 20, 2011 - "... we have negotiated a significant and mutually beneficial revenue agreement with Google. This new agreement extends our long term search relationship with Google for at least three additional years..."

- http://h-online.com/-1400943
23 December 2011

:secret:

AplusWebMaster · Jan 31, 2012

Firefox v10.0 released ...

FYI...

Firefox v10.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/firefox/all.html
Jan 31, 2012

What's new...
- https://www.mozilla.org/en-US/firefox/10.0/releasenotes/
Release Notes/Bug fixes ... complete list of changes in this release.
- https://www.mozilla.org/en-US/firefox/10.0/releasenotes/buglist.html
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox10
Fixed in Firefox 10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)

- http://www.securitytracker.com/id/1026605
Updated: Feb 1 2012
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3659 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0442 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0443 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0444 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0445 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0446 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0447 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0449 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0450 - 2.1
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 3.2.26; prior to 10.0

- http://www.securitytracker.com/id/1026608
Date: Feb 1 2012
CVE Reference: CVE-2011-3670
Impact: Disclosure of system information, Disclosure of user information
Version(s): prior to 3.6.26, prior to 7.0

- https://secunia.com/advisories/47816/
Release Date: 2012-02-01
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Firefox version 10.0...

- https://secunia.com/advisories/47839/
Release Date: 2012-02-01
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote...
Solution: Update to Firefox version 3.6.26...

- http://h-online.com/-1425611
31 January 2012
___

Firefox v3.6.26 released
Jan 31, 2012

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla.com/firefox/all-older.html
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.26
Fixed in Firefox 3.6.26:
MFSA 2012-08 Crash with malformed embedded XSLT stylesheets
MFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-02 Overly permissive IPv6 literal syntax
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)

Bugs fixed
- https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL status1.9.2:.26-fixed

.

AplusWebMaster · Feb 11, 2012

Firefox v10.0.1 released

FYI...

Firefox v10.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/firefox/all.html

- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox10.0.1
Impact: Critical
Feb 10, 2012
Fixed in Firefox 10.0.1:
MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings

- https://www.mozilla.org/security/announce/2012/mfsa2012-10.html
References:
. use after free in nsXBLDocumentInfo::ReadPrototypeBindings
. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0452 - 7.5 (HIGH)
Last revised: 02/13/2012 - "... allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code..."
__

- https://secunia.com/advisories/48008/
Release Date: 2012-02-13
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2012-0452
Solution:
Update Firefox and Thunderbird to version 10.0.1 and SeaMonkey to version 2.7.1

- http://www.securitytracker.com/id/1026663
Date: Feb 13 2012
CVE Reference: CVE-2012-0452
Impact: Execution of arbitrary code via network, User access via network
Solution: The vendor has issued a fix (10.0.1).

:fear:

AplusWebMaster · Feb 17, 2012

Firefox v10.0.2 released

FYI...

Firefox v10.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla.com/firefox/all.html

- https://www.mozilla.org/security/announce/2012/mfsa2012-11.html
Impact:Critical
Fixed in: Firefox 10.0.2 or 3.6.27**, Thunderbird 10.0.2 or 3.1.19, or SeaMonkey 2.7.2.
** https://www.mozilla.org/en-US/firefox/all-older.html

Mozilla release to address CVE-2011-3026
- https://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/
2.17.12 - Issue: The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.
Impact to users: This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.
Status: Mozilla is aware of this bug and has issued a fix that will be released today for Firefox -and- Thunderbird*.
Credit: The bug was reported by RedHat representatives..."

> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3026 - 7.5 (HIGH)
Last revised: 02/17/2012 - "Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation..."

* https://www.mozilla.org/thunderbird/10.0.2/releasenotes/
v. 10.0.2, released: Feb 16, 2012
___

Firefox...
- http://www.securitytracker.com/id/1026707
Date: Feb 18 2012
CVE Reference: CVE-2011-3026
Version(s): ... prior to 3.6.27; prior to 10.0.2...
Impact: A remote user can create a PNG image that, when loaded by the target user, will execute arbitrary code on the target user's system...

Thunderbird...
- http://www.securitytracker.com/id/1026706
Date: Feb 18 2012
CVE Reference: CVE-2011-3026
Version(s): ... prior to 3.1.19; prior to 10.0.2
Impact: A remote user can create a PNG image that, when loaded by the target user, will execute arbitrary code on the target user's system...

- https://secunia.com/advisories/48089/
Release Date: 2012-02-17
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to Firefox 10.0.2 or 3.6.27, Thunderbird 10.0.2 or 3.1.19, or SeaMonkey 2.7.2.
Original Advisory: Mozilla:
http://www.mozilla.org/security/announce/2012/mfsa2012-11.html
http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/

Vuln in libpng ...
- http://h-online.com/-1436810
17 Feb 2012

>> https://secunia.com/advisories/48026/

:fear::fear:

AplusWebMaster · Mar 14, 2012

Firefox v11.0 released

FYI...

Firefox v11.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download: https://www.mozilla.com/firefox/all.html
March 13, 2012

What's new...
- https://www.mozilla.org/firefox/11.0/releasenotes/
Release Notes/Bug fixes ... See: Known Issues...
Complete list of changes in this release:
- https://www.mozilla.org/firefox/11.0/releasenotes/buglist.html
Security Advisories:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox11
Fixed in Firefox 11
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)
MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll

- https://secunia.com/advisories/48402/
Release Date: 2012-03-14
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2012-0451, CVE-2012-0454, CVE-2012-0455, CVE-2012-0456 CVSS, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464
Solution: Update or upgrade to Firefox versions 11.0 or 10.0.3, Thunderbird versions 11.0 or 10.0.3, and SeaMonkey version 2.8.

- http://www.securitytracker.com/id/1026801
Date: Mar 14 2012
CVE Reference: CVE-2012-0451, CVE-2012-0454, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 11
Solution: The vendor has issued a fix (3.6.28, ESR 10.0.3, 11.0)...
___

Firefox v3.6.28 released
March 13, 2012

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download: https://www.mozilla.com/firefox/all-older.html

- https://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.28
Fixed in Firefox 3.6.28

- https://secunia.com/advisories/48414/
Release Date: 2012-03-14
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
CVE Reference(s): CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
Original Advisory:
http://www.mozilla.org/security/announce/2012/mfsa2012-13.html
http://www.mozilla.org/security/announce/2012/mfsa2012-14.html
http://www.mozilla.org/security/announce/2012/mfsa2012-16.html
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
Solution: Update to Firefox version 3.6.28 and Thunderbird version 3.1.20.

:fear::fear:

AplusWebMaster · Mar 27, 2012

Firefox 3.6.x EOL

FYI...

Firefox 3.6.x EOL
- http://h-online.com/-1479643
26 March 2012 - "The Mozilla Project has announced* that... the 3.6.x branch of its open source Firefox web browser will reach its end of life on Tuesday 24 April... from that date onwards, no new updates, including security updates and critical fixes, will be released for Firefox 3.6.x... version 3.6.28 from earlier this month will be the final 3.6.x release of Firefox... All Firefox 3.6.x users are strongly advised to upgrade..."
* http://blog.mozilla.com/futurereleases/2012/03/23/upcoming-firefox-support-changes/

- https://wiki.mozilla.org/Releases#Upcoming_Releases
"Firefox 12... Moves to RELEASED on April 24, 2012..."

:fear:

AplusWebMaster · Apr 3, 2012

Firefox blocklist includes vulnerable Java versions

FYI...

Firefox blocklist now includes vulnerable Java versions...
- https://www.computerworld.com/s/art...le_Java_plug_in_versions_to_Firefox_blocklist
April 3, 2012 - "Mozilla has blacklisted* unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. Mozilla can add extensions or plug-ins to the Firefox add-on blocklist if they cause significant security or performance issues. Firefox installations automatically query the blocklist and notify users before disabling the targeted add-ons..."
* https://blog.mozilla.com/addons/2012/04/02/blocking-java/
"... vulnerability - present in the older versions of the JDK and JRE - is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist**. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms..."
** https://addons.mozilla.org/en-US/firefox/blocked/p80

- https://bugzilla.mozilla.org/show_bug.cgi?id=739955

:fear:

Firefox updates

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member