196 replies to this topic

[AplusWebMaster]

FYI...

Firefox 50.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/
 

Release notes
- https://www.mozilla....0/releasenotes/
Nov 15, 2016
New:
- Updates to keyboard shortcuts
   Set a preference to have Ctrl+Tab cycle through tabs in recently used order
   View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
- Added option to Find in page that allows users to limit search to whole words only
- Added Guarani (gn) locale
- Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
- Added download protection for a large number of executable file types on Windows, Mac and Linux
- Improved performance for SDK extensions or extensions using the SDK module loader
- Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
Fixed:
- Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
- Various security fixes
Changed:
- Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
- Blocked versions of libavcodec older than 54.35.1 ...

Fixed in Firefox 50.0
- https://www.mozilla....efox/#firefox50
2016-89 Security vulnerabilities fixed in Firefox 50
- https://www.mozilla....es/mfsa2016-89/
Critical - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
High     - CVE-2016-5292: URL parsing causes crash
High     - CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log hardlink
High     - CVE-2016-5294: Arbitrary target directory for result files of update process
High     - CVE-2016-5297: Incorrect argument length checking in Javascript
High     - CVE-2016-9064: Addons update must verify IDs match between current and new versions
High     - CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
High     - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
High     - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
High     - CVE-2016-9068: heap-use-after-free in nsRefreshDriver
High     - CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
High     - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
High     - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
Moderate - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
Moderate - CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
Moderate - CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
Moderate - CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
Moderate - CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
Moderate - CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file
Moderate - CVE-2016-9070: Sidebar bookmark can have reference to chrome window
Moderate - CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
Moderate - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
Moderate - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
Low      - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat
Low      - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
Critical - CVE-2016-5289: Memory safety bugs fixed in Firefox 50
Critical - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

Firefox ESR 45.5: https://www.mozilla....#firefoxesr45.5
- https://www.mozilla....es/mfsa2016-90/
Nov 15, 2016
___

- http://www.securityt....com/id/1037298
CVE Reference: CVE-2016-5289, CVE-2016-5290, CVE-2016-5291, CVE-2016-5292, CVE-2016-5293, CVE-2016-5294, CVE-2016-5295, CVE-2016-5296, CVE-2016-5297, CVE-2016-5298, CVE-2016-5299, CVE-2016-9061, CVE-2016-9062, CVE-2016-9063, CVE-2016-9064, CVE-2016-9065, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9069, CVE-2016-9070, CVE-2016-9071, CVE-2016-9072, CVE-2016-9073, CVE-2016-9074, CVE-2016-9075, CVE-2016-9076, CVE-2016-9077
Nov 16 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 50.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can obtain data on the target system.
A local user can modify files on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix (50.0)...
___

- https://www.us-cert....ecurity-Updates
Nov 15, 2016
 

Edited by AplusWebMaster, 16 November 2016 - 08:54 AM.

[AplusWebMaster]

FYI...

Firefox 50.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

- https://www.mozilla....1/releasenotes/
Nov 28, 2016
> https://www.mozilla..../#firefox50.0.1
Security vulnerabilities fixed in Firefox 50.0.1
> https://www.mozilla....es/mfsa2016-91/
CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
Impact: Critical
___

- http://www.securityt....com/id/1037353
CVE Reference: https://cve.mitre.or...e=CVE-2016-9078
Nov 29 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 49, 50 ...
Description: A vulnerability was reported in Mozilla Firefox. A remote user can bypass security controls on the target system.
A remote user can return a specially crafted HTTP redirection to a 'data:' URL to bypass same-origin controls and allow the referring domain to access data in the 'data:' URL domain.
Impact: A remote user can bypass same-origin restrictions to potentially read or write information from 'data:' URLs.
Solution: The vendor has issued a fix (50.0.1)...
___

- https://www.us-cert....Security-Update
Nov 28, 2016
 

Edited by AplusWebMaster, 30 November 2016 - 05:26 AM.

[AplusWebMaster]

FYI...

Firefox 50.0.2 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

- https://www.mozilla....2/releasenotes/
Nov 30, 2016
> https://www.mozilla..../#firefox50.0.2
Fixed in:
 Firefox 50.0.2
 Firefox ESR 45.5.1
 Thunderbird 45.5.1
> https://www.mozilla....es/mfsa2016-92/
CVE-2016-9079: Use-after-free in SVG Animation
Critical
___

- http://www.securityt....com/id/1037370
CVE Reference: https://cve.mitre.or...e=CVE-2016-9079
Updated: Dec 1 2016
Original Entry Date: Nov 30 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 50.0.1; possibly earlier versions
Impact: A remote user can create JavaScript content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (50.0.2; ESR 45.5.1)...
___

- https://www.us-cert....ecurity-Updates
Nov 30, 2016
 

[AplusWebMaster]

FYI...

Firefox 50.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

Release notes
- https://www.mozilla....0/releasenotes/
Dec 13, 2016
- https://www.mozilla....ox/#firefox50.1
> https://www.mozilla....es/mfsa2016-94/
CVE-2016-9894: Buffer overflow in SkiaGL - Critical
CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - Critical
CVE-2016-9895: CSP bypass using marquee tag - High
CVE-2016-9896: Use-after-free with WebVR - High
CVE-2016-9897: Memory corruption in libGLES - High
CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - High
CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - High
CVE-2016-9904: Cross-origin information leak in shared atoms - High
CVE-2016-9901: Data from Pocket server improperly sanitized before execution - Moderate
CVE-2016-9902: Pocket extension does not validate the origin of events - Moderate
CVE-2016-9903: XSS injection vulnerability in add-ons SDK - Moderate
CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 - Critical
CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 - Critical
___

- http://www.securityt....com/id/1037461
CVE Reference: CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904
Dec 14 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 50.1; ESR prior to ESR 45.6
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (50.1; ESR 45.6)...

- http://www.securityt....com/id/1037462
CVE Reference: CVE-2016-9905
Dec 14 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to ESR 45.6
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (ESR 45.6)...

Firefox ESR 45.6: https://www.mozilla....#firefoxesr45.6
 

Edited by AplusWebMaster, 14 December 2016 - 10:07 AM.

[AplusWebMaster]

FYI...

Update on Firefox Support for Windows XP and Vista
- https://blog.mozilla...r-xp-and-vista/
Dec 23, 2016 - "In approximately March, 2017, Windows XP and Vista users will automatically be moved to the Firefox Extended Support Release (ESR*).
Firefox is one of the few browsers that continues to support Windows XP and Vista, and we expect to continue to provide security updates for users until September 2017. Users do not need to take additional action to receive those updates. In mid-2017, user numbers on Windows XP and Vista will be reassessed and a final support end date will be announced. In the meantime, we strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use. For planning purposes, enterprises using Firefox should consider September 2017 as the support end date for Windows XP and Vista. For more information please visit the Firefox support page**."
* https://www.mozilla..../organizations/

** https://support.mozi...ws-xp-and-vista
"... Firefox version 52 will be the last complete update for Windows XP and Windows Vista. Security updates will be released, but no new features... Firefox is one of the only browsers to offer any support for Windows XP and Vista. Microsoft itself ended support for Windows XP in 2014 and will end support for Windows Vista in 2017. Unsupported operating systems receive no security updates, have known exploits, and can be dangerous to use, which makes it difficult to maintain Firefox on those versions.
Firefox security updates for XP and Vista users will continue until September 2017, although new features will not be offered. In mid-2017, a final support end date will be announced based on the number of users still on Windows XP and Vista..."  

> https://www.mozilla....anizations/faq/
 

Edited by AplusWebMaster, 27 December 2016 - 08:59 AM.

[AplusWebMaster]

FYI...

Firefox 51.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download:  https://www.mozilla....US/firefox/all/

 

Release notes
- https://www.mozilla....0/releasenotes/
Jan 24, 2017

Security vulnerabilities fixed in Firefox 51
- https://www.mozilla....efox/#firefox51
Security vulnerabilities fixed in Firefox 51
- https://www.mozilla....es/mfsa2017-01/
Critical
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
CVE-2017-5374: Memory safety bugs fixed in Firefox 51
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

Firefox ESR 45.7: https://www.mozilla....#firefoxesr45.7
___

- http://www.securityt....com/id/1037693
CVE Reference: CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5392, CVE-2017-5393, CVE-2017-5394, CVE-2017-5395, CVE-2017-5396
Jan 25 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 51.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can gain elevated privileges on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix (51.0, ESR 45.7)...
 

Edited by AplusWebMaster, 25 January 2017 - 04:08 AM.

[AplusWebMaster]

FYI...

Firefox 52.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

Release notes
- https://www.mozilla....0/releasenotes/
Mar 7, 2017
New:
- Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.
- Enabled multi-process Firefox for Windows users with touch screens
- Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use HTTPS.
- Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the "secure" attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing "secure" cookie from the same base domain.
- Enhanced Sync to allow users to send and open tabs from one device to another...
Changed:
- Removed support for Netscape Plugin API (NPAPI) plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported:
> https://support.mozi...s-no/ta-p/31069
>> Migrated Firefox users on Windows XP and Windows Vista operating systems to the extended support release (ESR*) version of Firefox...

[Corrections:
> https://www.mozilla....m-requirements/
... Windows
Operating Systems (32-bit and 64-bit)
    Windows XP SP2
    Windows Server 2003 SP1
    Windows Vista
    Windows 7
    Windows 8
    Windows 10
Please note that 64-bit builds of Firefox are only supported on Windows 7 and higher.
Windows XP/Vista/Server 2003 are no longer supported by regular Firefox releases.
These users should migrate to ESR 52..."
[Direct download for Firefox Extended Support Release]:
>> https://www.mozilla....anizations/all/
... which -is- the new -supported- version for for XP and Vista.]

Firefox ESR Overview
- https://www.mozilla....anizations/faq/

Security vulnerabilities fixed in Firefox 52
- https://www.mozilla....efox/#firefox52
Fixed in Firefox 52
- https://www.mozilla....es/mfsa2017-05/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5399: Memory safety bugs fixed in Firefox 52
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8

- http://www.securityt....com/id/1037966
CVE Reference: CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, CVE-2017-5410, CVE-2017-5411, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5425, CVE-2017-5426, CVE-2017-5427
Mar 8 2017
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A remote user can delete files on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
Solution: The vendor has issued a fix (52.0)...

* Firefox ESR 45.8: https://www.mozilla....#firefoxesr45.8
___

- https://www.us-cert....Security-Update
Mar 7, 2017
 

Edited by AplusWebMaster, 09 March 2017 - 03:59 PM.

[AplusWebMaster]

FYI...

Firefox 52.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

ESR download: https://www.mozilla....anizations/all/

Release notes
- https://www.mozilla....1/releasenotes/
March 17, 2017
Various security fixes
- https://www.mozilla..../#firefox52.0.1

- https://www.mozilla....irefoxesr52.0.1

> https://www.mozilla....es/mfsa2017-08/
Critical

March 17, 2017
Fixed in:
- Firefox 52.0.1
- Firefox ESR 52.0.1
CVE-2017-5428: integer overflow in createImageBitmap()

- http://www.securityt....com/id/1038060
CVE Reference: CVE-2017-5428
Mar 17 2017
Version(s): 52.0; possibly prior versions...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (52.0.1, ESR 52.0.1)...
 

Edited by AplusWebMaster, 18 March 2017 - 10:37 AM.

[AplusWebMaster]

FYI...

Firefox 53.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

XP/Vista: 52.1.0 ESR download: https://www.mozilla....anizations/all/

Release notes
- https://www.mozilla....0/releasenotes/
April 19, 2017
Fixed:
 Various security fixes:
- https://www.mozilla....efox/#firefox53

- https://www.mozilla....es/mfsa2017-10/
Security vulnerabilities fixed in Firefox 53
Critical:
CVE-2017-5433: Use-after-free in SMIL animation functions
CVE-2017-5435: Use-after-free during transaction processing in the editor
CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
CVE-2017-5459: Buffer overflow in WebGL
CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

- https://www.mozilla....es/mfsa2017-12/
Security vulnerabilities fixed in Firefox ESR 52.1
___

- http://www.securityt....com/id/1038320
CVE Reference: CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5450, CVE-2017-5451, CVE-2017-5452, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5463, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469
Apr 20 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 53.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain files on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (53.0)...
___

- https://www.us-cert....ecurity-Updates
April 19, 2017
 

Edited by AplusWebMaster, 20 April 2017 - 05:21 AM.

[AplusWebMaster]

FYI...

Firefox 53.0.2 released
- https://www.mozilla....2/releasenotes/
May 5, 2017

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

XP/Vista: 52.1.1 ESR download: https://www.mozilla....anizations/all/
> https://www.mozilla....1/releasenotes/

Fixed:
 Make form validation errors and date picker panel visible to the user (Bug 1341190)
 Various security fixes*

* https://www.mozilla..../#firefox53.0.2
High
CVE-2017-5031: Use after free in ANGLE
- https://www.mozilla....es/mfsa2017-14/
___

- https://www.us-cert....ecurity-Updates
May 05, 2017
 

Edited by AplusWebMaster, 06 May 2017 - 06:41 AM.

[AplusWebMaster]

FYI...

Firefox 53.0.3 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

- https://www.mozilla....3/releasenotes/
May 19, 2017
Fixed:
- Fix excessive resource usage from the captive portal detection service (bug 1359697)
- Fix hangs when using a proxy with NTLM authentication (bug 1360574)...

XP/Vista: 52.1.2 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla....anizations/all/

- https://www.mozilla....2/releasenotes/
May 19, 2017
Fixed:
- Fix hangs when using a proxy with NTLM authentication (bug 1360574)
 

[AplusWebMaster]

FYI...

Firefox 54.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

Release notes:
- https://www.mozilla....0/releasenotes/
June 13, 2017
New:
- Simplified the download button and download status panel
- Added support for multiple content processes (e10s-multi)
Various security fixes:
- https://www.mozilla....efox/#firefox54

Security vulnerabilities fixed in Firefox 54
> https://www.mozilla....es/mfsa2017-15/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5471: Memory safety bugs fixed in Firefox 54
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
___

XP/Vista: 52.2.0 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla....anizations/all/

Release notes:
- https://www.mozilla....0/releasenotes/
June 13, 2017

- https://www.mozilla....#firefoxesr52.2

Security vulnerabilities fixed in Firefox ESR 52.2
> https://www.mozilla....es/mfsa2017-16/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
___

- https://www.us-cert....ecurity-Updates
June 13, 2017
___

- http://www.securityt....com/id/1038689
CVE Reference: CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7755, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7759, CVE-2017-7760, CVE-2017-7761, CVE-2017-7762, CVE-2017-7763, CVE-2017-7764, CVE-2017-7765, CVE-2017-7766, CVE-2017-7767, CVE-2017-7768, CVE-2017-7770, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
Jun 14 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 54.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can obtain elevated privileges on the target system.
A local user can modify files on the target system.
A remote user can obtain files on the target system.
A remote user can spoof the address bar.
Solution: The vendor has issued a fix (ESR 52.2; 54.0)...
 

Edited by AplusWebMaster, 14 June 2017 - 05:49 AM.

[AplusWebMaster]

FYI...

Firefox 54.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

Release notes:
- https://www.mozilla....1/releasenotes/
June 29, 2017
Fixed:
 Fix a display issue of tab title (bug 1357656)
 Fix a display issue of opening new tab (bug 1371995)
 Fix a display issue when opening multiple tabs (bug 1371962)
 Fix a tab display issue when downloading files (bug 1373109)
 Fix a PDF printing issue (bug 1366744)
 Fix a Netflix issue on Linux (bug 1375708)
___

XP/Vista: 52.2.1 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla....anizations/all/

Release notes:
- https://www.mozilla....1/releasenotes/
June 29, 2017

Fixed: Printing text does not work on Windows when Direct2D is disabled (Bug 1318845)
 

[Tomk]

FYI...

Firefox 55.0 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

Release notes:

-https://www.mozilla....0/releasenotes/

August 8, 2017

 

Fixed:
Various security fixes
___

XP/Vista: 52.3 ESR released
Start Firefox, then >Help >About >Apply Update ...
-or- Download: https://www.mozilla....anizations/all/

Release notes:
- https://www.mozilla....0/releasenotes/
August 8, 2017

Fixed:

• Various security fixes

• Various stability and regression fixes

 

[AplusWebMaster]

FYI...

Firefox 55.0.1 released

Start Firefox, then >Help >About >Apply Update ...
-or-
Download: https://www.mozilla....US/firefox/all/

Release notes:
- https://www.mozilla....1/releasenotes/
August 10, 2017

Fixed in 55.0.1:
- Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
- Fix a problem causing What's new pages not to be displayed (bug 1386224)
- Fix a regression the tab restoration process (bug 1388160)
- Disable the predictor prefetch (bug 1388160)