196 replies to this topic

[AplusWebMaster]

FYI...

Firefox v3.6.10 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Sep. 15, 2010

What’s new
- http://www.mozilla.c...0/releasenotes/
• Fixed a single stability issue affecting a limited number of users

2 bugs found.
- https://bugzilla.moz.....9.2:.10-fixed

[AplusWebMaster]

FYI...

Firefox v3.6.11 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Oct. 19, 2010

What’s new
- http://www.mozilla.c...1/releasenotes/
• Fixed several security issues.
• Fixed several stability issues.

Fixed in Firefox 3.6.11
- http://www.mozilla.o...l#firefox3.6.11

Complete list of changes: 40 bugs found.
- https://bugzilla.moz.....9.2:.11-fixed

- http://www.securityt....com/id?1024605
Oct 20 2010
CVE Reference: CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3181, CVE-2010-3182, CVE-2010-3183
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network ...
... prior to 3.6.11
Solution: The vendor has issued a fix (3.5.14, 3.6.11)...

Edited by AplusWebMaster, 20 October 2010 - 02:45 AM.

[AplusWebMaster]

FYI...

Firefox v3.6.12 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Oct. 27, 2010

Fixed in Firefox 3.6.12
- http://www.mozilla.o...l#firefox3.6.12

- http://www.mozilla.o...fsa2010-73.html
• Critical: Heap buffer overflow mixing document.write and DOM insertion

[AplusWebMaster]

FYI...

Firefox v3.6.13 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
Dec. 9, 2010

Fixed in Firefox 3.6.13
- http://www.mozilla.o...l#firefox3.6.13
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

- https://bugzilla.moz...1.9.2:.13-fixed
68 bugs fixed...

- http://secunia.com/advisories/42517/
Release Date: 2010-12-10
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 3.6.13 or 3.5.16.

- http://www.securityt....com/id?1024848
- http://www.securityt....com/id?1024850
- http://www.securityt....com/id?1024851
Dec 10 2010

Edited by AplusWebMaster, 10 December 2010 - 06:58 AM.

[AplusWebMaster]

FYI...

Firefox v.3.6.14 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
March 1st, 2011

Fixed in Firefox 3.6.14
- http://www.mozilla.o...l#firefox3.6.14
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-09 Crash caused by corrupted JPEG image
MFSA 2011-08 ParanoidFragmentSink allows java script: URLs in chrome documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

Bug fixes:
- https://bugzilla.moz...1.9.2:.14-fixed
41 bugs found.
___

- http://secunia.com/advisories/43550/
Release Date: 2011-03-02
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, DoS, System access
Where: From remote
Solution: Update to Mozilla Firefox version 3.5.17 or 3.6.14

- http://www.securityt....com/id/1025134
Mar 2 2011

Edited by AplusWebMaster, 02 March 2011 - 06:18 AM.

[AplusWebMaster]

FYI...

Firefox v.3.6.15 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
March 4, 2011

- http://www.mozilla.c...5/releasenotes/
• Fixed an issue where some Java applets would fail to load in Firefox 3.6.14

- https://bugzilla.moz...1.9.2:.15-fixed
24 bugs found.
___

- https://wiki.mozilla...fox_3.6_and_3.5
WeeklyUpdates/2011-03-07
Shipped 3.6.15 on Friday, fixing an issue where Firefox 3.6.14 would fail to load certain Java applets
Bugs will be adjusted to reflect the current state of branch fixes ...

Edited by AplusWebMaster, 07 March 2011 - 11:58 PM.

[AplusWebMaster]

FYI...

Firefox 4 next week ...
- http://www.informati...cleID=229301231
March 18, 2011 - "Firefox 4... will be officially released on March 22, 2011..."

- http://blogs.compute..._install_it_yet
March 16, 2011 - "... Firefox version 4.. give it a couple months before installing it; not only to let the browser get battle tested but also to give authors of extensions more time to get the kinks out..."

- https://wiki.mozilla...rities_for_2011

Edited by AplusWebMaster, 18 March 2011 - 12:04 PM.

[AplusWebMaster]

FYI...

Firefox v4.0 released

From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
March 22, 2011

- http://www.mozilla.c...0/releasenotes/

- http://www.mozilla.c...m-requirements/
"... Please note that while the 32-bit and 64-bit versions of Windows Vista and Windows 7 can be used to run Firefox 4, only 32-bit builds of Firefox 4 are supported at this time..."
___

What happened to the Status Bar?
- http://support.mozil...-new-status-bar

Where are my Add-ons?
- http://support.mozil...-are-my-add-ons
"... Status-4-Evar** is an Add-on that recreates all of the features of the old Status Bar and lets you put them in the new Add-on Bar*..."
* http://support.mozil...kb/what-add-bar
"... The Add-on Bar is a toolbar that holds all of your add-on shortcuts, giving you quick and easy access to their features. This article shows you how to use and customize the Add-on Bar... How do I show or hide the Add-on Bar?
If you don't have any add-ons that use the Add-on Bar, it won't be shown by default but you can easily show or hide it whenever you want.
> To show or hide the Add-on Bar, right-click on an empty section of the Tab Strip and check or uncheck it in the pop-up menu.
You can also use the keyboard shortcut Ctrl + / .

** https://addons.mozil...x/addon/235283/

How do I put tabs back on bottom like they used to be?
- http://support.mozil...they-used-to-be
"At the top of the Firefox window, click on the Firefox button, go over to the Options... arrow and uncheck Tabs on Top".
-or-
"... By default, the Tab Strip is above the Navigation Toolbar. If you want it below, right-click on an empty section of the Tab Strip and uncheck 'Tabs on Top'..."
___

Adblock Plus v1.3.5
- https://addons.mozil...efox/addon/1865

- http://adblockplus.o...us-135-released

- http://adblockplus.o...changelog-1.3.5
___

.

Edited by AplusWebMaster, 27 March 2011 - 11:36 AM.

[AplusWebMaster]

FYI...

Firefox v3.6.16 and 3.5.18...
- http://isc.sans.edu/...extension/10597
Last Updated: 2011-03-23 13:01:43 UTC - "At the heels of yesterday's Firefox 4 release, we today got 3.6.16 and 3.5.18. As usual, Mozilla will provide security updates for some older browsers after the release of a new major version. If you are not planning to update to Firefox 4 soon, you should update to the newest 3.x version..."
>> http://www.mozilla.c.../all-older.html
('Should also be available thru the 'Help > Check for Updates' function.)

- http://www.mozilla.o...fsa2011-11.html
March 22, 2011

- http://www.securityt....com/id/1025243
Mar 23 2011

What’s New in Firefox 3.6.16...
- http://www.mozilla.c...6/releasenotes/
v.3.6.16, released March 22nd, 2011 - "... blacklists a few invalid HTTPS certificates."

- https://bugzilla.moz...1.9.2:.16-fixed
One bug found... bogus certs issued by Comodo partner.

- http://isc.sans.edu/...l?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC

Edited by AplusWebMaster, 24 March 2011 - 04:54 AM.

[AplusWebMaster]

FYI...

Firefox v4.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
April 28, 2011
> Release notes
- http://www.mozilla.c...1/releasenotes/
> Security Advisories
- http://www.mozilla.o...ml#firefox4.0.1
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-17 WebGLES vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.moz.....s2.0:.1-fixed
55 bugs found.
___

v3.6.17
- http://www.mozilla.c...7/releasenotes/
April 28, 2011
>Help >Check for Updates
-or-
- http://www.mozilla.c.../all-older.html
> Security Advisories
- http://www.mozilla.o...l#firefox3.6.17
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-14 Information stealing via form history
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- https://bugzilla.moz.....9.2:.17-fixed
59 bugs found
___

- http://www.securityt....com/id/1025456
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
CVE Reference:
- http://nvd.nist.gov/...e=CVE-2011-0065 - 10.0
- http://nvd.nist.gov/...e=CVE-2011-0066 - "
- http://nvd.nist.gov/...e=CVE-2011-0069 - "
- http://nvd.nist.gov/...e=CVE-2011-0070 - "
- http://nvd.nist.gov/...e=CVE-2011-0072 - "
- http://nvd.nist.gov/...e=CVE-2011-0073 - "
- http://nvd.nist.gov/...e=CVE-2011-0074 - "
- http://nvd.nist.gov/...e=CVE-2011-0075 - "
- http://nvd.nist.gov/...e=CVE-2011-0076 - 7.5
- http://nvd.nist.gov/...e=CVE-2011-0077 - 10.0
- http://nvd.nist.gov/...e=CVE-2011-0078 - "
- http://nvd.nist.gov/...e=CVE-2011-0079 - "
- http://nvd.nist.gov/...e=CVE-2011-0080 - "
- http://nvd.nist.gov/...e=CVE-2011-0081 - "
Version(s): -prior- to 3.5.19, 3.6.17, 4.0.1
Apr 29 2011
___

- https://developer.mo...-now-available/
April 28, 2011 - "... This is the last planned security and stability release for Firefox 3.5. All users are encouraged to upgrade..."

Edited by AplusWebMaster, 10 May 2011 - 10:49 AM.

[AplusWebMaster]

FYI...

Firefox 5 ...
- http://www.h-online....te-1261711.html
16 June 2011 - "... the final version of Firefox 5 will be released on Tuesday 21 June alongside Firefox 3.6.18 and Thunderbird 3.1.11..."
- https://wiki.mozilla...eases#Firefox_5

- http://secunia.com/advisories/44972/
... The weakness is reported in version 4.0.1. Other versions may also be affected.
Solution: The vendor recommends to disable WebGL. The vendor has scheduled a fix for 2011-06-21...
Original Advisory: Mozilla:
http://blog.mozilla....stealing-issue/

- http://www.securityt....com/id/1025676
Jun 17 2011 ... fix, tentatively scheduled for June 21, 2011...
___

Firefox v3.5 forced upgrade...
- http://isc.sans.org/...l?storyid=10885
Last Updated: 2011-05-16 21:39:57 UTC - "With Firefox 4 released not too long ago and Firefox 5 supposed to be released on June 21st... seems to be 12 million users still on Firefox 3.5... Firefox will start issuing warning on Google's default pages for users of version 3.5 and planning to push out 3.6.18 as an update (if auto update is enabled) once Firefox 5 is out... More info*..."
* http://www.theregist...forced_upgrade/

- https://wiki.mozilla...EOL#Assumptions
11 May 2011

Edited by AplusWebMaster, 17 June 2011 - 03:10 PM.

[AplusWebMaster]

FYI...

Firefox v5.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- http://www.mozilla.c...irefox/all.html
June 21, 2011
> Release notes
- http://www.mozilla.c...0/releasenotes/
> Security Advisories
- http://www.mozilla.o...x.html#firefox5
Bug list
- http://www.mozilla.c...es/buglist.html
... -long- list...

- http://blog.mozilla....iple-platforms/
June 21, 2011 - "... The latest version of Firefox includes more than 1,000 improvements and performance enhancements..."

- http://secunia.com/advisories/44972/
2011-06-21
Criticality level: Highly critical
Impact: Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote ...
Solution: Upgrade to version 5.0.

- http://www.securityt....com/id/1025684
CVE Reference: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2367, CVE-2011-2368, CVE-2011-2369, CVE-2011-2370, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
Updated: Jun 22 2011
Version(s): prior to 3.6.18, prior to 5...
___

v3.6.18
- http://www.mozilla.c...8/releasenotes/
June 21, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
- http://www.mozilla.c.../all-older.html
> Security Advisories
- http://www.mozilla.o...l#firefox3.6.18
Bug list
- https://bugzilla.moz.....9.2:.18-fixed
19 bugs found.

- http://secunia.com/advisories/44982/
2011-06-21
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to Firefox version 3.6.18...
Original Advisory: Mozilla:
http://www.mozilla.o...fsa2011-19.html
http://www.mozilla.o...fsa2011-20.html
http://www.mozilla.o...fsa2011-21.html
http://www.mozilla.o...fsa2011-22.html
http://www.mozilla.o...fsa2011-23.html
http://www.mozilla.o...fsa2011-24.html

Edited by AplusWebMaster, 30 June 2011 - 05:25 AM.

[AplusWebMaster]

FYI...

Firefox v5.0.1 released for Mac OS/X...
- http://www.mozilla.o...x.html#firefox5
June 12, 2011 - "Fixed in Firefox 5.0.1:
Firefox 5.0.1 addresses promblems with recent Mac OS X releases*. It does -not- contain security fixes."
* http://www.mozilla.c...otes/#whatsnew2
• Worked around an issue in Mac OS X 10.7 that could cause Firefox to crash
• Worked around an issue caused by Apple's "Java for Mac OS X 10.6 Update 5" where the Java plugin would not be loaded

.

[AplusWebMaster]

FYI...

Firefox v6.0 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
August 16, 2011
> Release notes
- https://www.mozilla....0/releasenotes/
What's New...
> https://hacks.mozill...11/08/firefox6/
Security Advisories
- https://www.mozilla....x.html#firefox6
MFSA 2011-29 Security issues addressed in Firefox 6
- https://www.mozilla....fsa2011-29.html
... 8 critical and 2 high severity issues
Bug list
- https://www.mozilla....es/buglist.html
___

Firefox v3.6.20 released
August 16, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
- https://www.mozilla..../all-older.html
> Security Advisories
- https://www.mozilla....l#firefox3.6.20
MFSA2011-30 Security issues addressed in Firefox 3.6.20
- https://www.mozilla....fsa2011-30.html
Bug list
- https://bugzilla.moz.....9.2:.20-fixed
5 bugs found
___

- http://www.securityt....com/id/1025938
Aug 16 2011
CVE Reference: CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2990, CVE-2011-2991, CVE-2011-2992, CVE-2011-2993
Version(s): 3.6.x prior to 3.6.20; 4.x and 5.x prior to 6
Solution: The vendor has issued a fix (3.6.20, 6)...
- http://www.mozilla.o...fsa2011-29.html
- http://www.mozilla.o...fsa2011-30.html

- https://www.us-cert....s_firefox_6_and
August 17, 2011

Edited by AplusWebMaster, 17 August 2011 - 06:58 AM.

[AplusWebMaster]

FYI...

- https://blog.mozilla...oval-follow-up/
09.02.11
___

Firefox v6.0.1 released
From an admin. account, start Firefox, then >Help >About >Check for Updates
-or-
Download:
- https://www.mozilla....irefox/all.html
August 30, 2011
> Release notes
- https://www.mozilla....1/releasenotes/
Security Advisories
- https://www.mozilla....ml#firefox6.0.1
MFSA 2011-34 Protection against fraudulent DigiNotar certificates
- https://www.mozilla....fsa2011-34.html
___

Firefox v3.6.21 released
August 30, 2011
From an admin. account, start Firefox, then >Help >Check for Updates
-or-
Download:
- https://www.mozilla..../all-older.html
> Security Advisories
- https://www.mozilla....l#firefox3.6.21
MFSA 2011-34 Protection against fraudulent DigiNotar certificates
- https://www.mozilla....fsa2011-34.html

Edited by AplusWebMaster, 03 September 2011 - 02:38 PM.