196 replies to this topic

[AplusWebMaster]

FYI...

Firefox 29.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....1/releasenotes/
May 9, 2014
 

[AplusWebMaster]

FYI...

Firefox 30.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 30.0:
- https://www.mozilla.....html#firefox30
Fixed in Firefox 30
MFSA 2014-54 Buffer overflow in Gamepad API
MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-51 Use-after-free in Event Listener Manager
MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

Release notes
- https://www.mozilla....0/releasenotes/
June 10, 2014

... complete list of changes in this release... 3622 bugs found.
___

- http://www.securityt....com/id/1030388
CVE Reference: CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1539, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542, CVE-2014-1543
Jun 11 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 30.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can conduct clickjacking attacks.
Solution: The vendor has issued a fix (30.0)...
 

Edited by AplusWebMaster, 11 June 2014 - 02:38 AM.

[AplusWebMaster]

FYI...

Firefox 31.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 31.0:
- https://www.mozilla.....html#firefox31
Fixed in Firefox 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

Release notes
- https://www.mozilla....0/releasenotes/
July 22, 2014

... complete list of changes in this release... 3025 bugs found.
___

- http://www.securityt....com/id/1030619
CVE Reference: CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1551, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560, CVE-2014-1561
Jul 22 2014
Impact: Denial of service via network, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 31.0 ...
 

Edited by AplusWebMaster, 23 July 2014 - 02:40 AM.

[AplusWebMaster]

FYI...

Firefox 32.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 32.0:
- https://www.mozilla.....html#firefox32
Fixed in Firefox 32
MFSA 2014-72 Use-after-free setting text directionality
MFSA 2014-71 Profile directory file access through file: protocol
MFSA 2014-70 Out-of-bounds read in Web Audio audio timeline
MFSA 2014-69 Uninitialized memory use during GIF rendering
MFSA 2014-68 Use-after-free during DOM interactions with SVG
MFSA 2014-67 Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8 )

Release notes
- https://www.mozilla....0/releasenotes/
Sep 2, 2014

... complete list of changes in this release... 3198 bugs found.
___

- http://www.securityt....com/id/1030793
CVE Reference: CVE-2014-1553, CVE-2014-1554, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
Sep 3 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 31.1, 32.0 ...
 

Edited by AplusWebMaster, 03 September 2014 - 05:40 AM.

[AplusWebMaster]

FYI...

Firefox 32.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....1/releasenotes/
Sep 12, 2014
Fixed: 32.0.1 - Stability issues for computers with multiple graphics cards
Fixed: 32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites
Fixed: 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified...

Mobile:
- https://www.mozilla....1/releasenotes/
Fixed: 32.0.1 - Link tap selection is offset on some Android devices
Fixed: 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified...
 

Edited by AplusWebMaster, 13 September 2014 - 07:05 AM.

[AplusWebMaster]

FYI...

Firefox 32.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....2/releasenotes/
Sep 18, 2014
Fixed: 32.0.2 - Corrupt installations cause Firefox to crash on update
 

[AplusWebMaster]

FYI...

Firefox 32.0.3 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....3/releasenotes/
September 24, 2014
Fixed: 32.0.3: New security fixes can be found here*
* https://www.mozilla....l#firefox32.0.3
MFSA 2014-73 RSA Signature Forgery in NSS
> https://www.mozilla....fsa2014-73.html

> https://www.us-cert....y-Vulnerability
Sep 24, 2014

- http://www.kb.cert.org/vuls/id/772676
24 Sep 2014 - "... This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate..."

- http://www.securityt....com/id/1030901
CVE Reference: https://web.nvd.nist...d=CVE-2014-1568 - 7.5 (HIGH)
Sep 24 2014
Impact: Disclosure of system information, Disclosure of user information, Modification of authentication information, Modification of system information, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes  
Version(s): prior to versions ESR 24.8.1, ESR 31.1.1, 32.0.3 ...
 

Edited by AplusWebMaster, 26 September 2014 - 03:04 PM.

[AplusWebMaster]

FYI...

Firefox 33.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 33.0:
- https://www.mozilla.....html#firefox33
Fixed in Firefox 33
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypasses
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

Release notes
- https://www.mozilla....0/releasenotes/
Oct 14, 2014

... complete list of changes in this release... 3422 bugs found.
___

- http://www.securityt....com/id/1031028
CVE Reference: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582, CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586
Oct 14 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 33.0 ...
___

Mozilla to disable encryption feature in next Firefox browser due to 'Poodle' bug
- http://www.reuters.c...N0SA04O20141015
Oct 14, 2014 - "Mozilla said it will -disable- Secure Sockets Layer (SSL) encryption in the latest version of its Firefox web browser that will be released on Nov. 25 after a security bug called "Poodle" was discovered in a web encryption technology. "By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user's private account data on a website," Mozilla said in its blog*. SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. The code to disable the security protocol will be available shortly via Mozilla Nightly, an in-development version of Mozilla's browser. Mozilla also said that Firefox 35 will support a generic Transport Layer Security (TLS) downgrade protection mechanism called SCSV (Signaling Cipher Suite Value), as a precautionary measure..."
* https://blog.mozilla...end-of-ssl-3-0/
Oct 14, 2014 - "Summary: SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information. We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a critical flaw in SSLv3, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the “Secure Sockets Layer” (SSL) or “Transport Layer Security” (TLS)..."

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.micr...ty/3009008.aspx
Oct 14, 2014

- https://web.nvd.nist...d=CVE-2014-3566
Last revised: 10/14/2014
 

Edited by AplusWebMaster, 15 October 2014 - 07:02 AM.

[AplusWebMaster]

FYI...

Firefox 33.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....1/releasenotes/
Oct 24, 2014
Fixed: 33.0.1: Firefox displays a black screen at start-up with certain graphics drivers
 

[AplusWebMaster]

FYI...

Firefox 33.0.2 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....2/releasenotes/
Oct 28, 2014
Fixed: 33.0.2: Fix a startup crash with some combination of hardware and drivers
 

[AplusWebMaster]

FYI...

Firefox 33.0.3 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....3/releasenotes/
Nov 6, 2014
Fixed:
33.0.3: Blacklisted graphics drivers that were causing black screens with OMTC enabled...
33.0.3: Fix two startup crashes with some combination of hardware and drivers
 

Edited by AplusWebMaster, 07 November 2014 - 06:50 AM.

[AplusWebMaster]

FYI...

Firefox 33.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....1/releasenotes/
Nov 10, 2014
New:
- Forget Button added
- Enhanced Tiles
- Privacy tour introduced
- Adding DuckDuckGo as a search option
 

[AplusWebMaster]

FYI...

Firefox 33.1.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Release notes
- https://www.mozilla....1/releasenotes/
Nov 14, 2014
Fixed: 33.1.1 - Fixed startup crash
 

[AplusWebMaster]

FYI...

Firefox 34.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 34.0:
- https://www.mozilla.....html#firefox34
Fixed in Firefox 34
2014-91 Privileged access to security wrapped protected objects
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-86 CSP leaks redirect data via violation reports
2014-85 XMLHttpRequest crashes with some input streams
2014-84 XBL bindings accessible via improper CSS declarations
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

Release notes
- https://www.mozilla....0/releasenotes/
Dec 1, 2014

... complete list of changes in this release... 3749 bugs found.
___

- http://www.securityt....com/id/1031286
CVE Reference: CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595, CVE-2014-8631, CVE-2014-8632
Dec 3 2014
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 34.0 ...
Solution: The vendor has issued a fix (34.0).

Edited by AplusWebMaster, 16 December 2014 - 07:41 AM.

[AplusWebMaster]

FYI...

Firefox 35.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla....irefox/all.html

Security Advisories for 35.0:
- https://www.mozilla.....html#firefox35
Fixed in Firefox 35
2015-09 XrayWrapper bypass through DOM objects
2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
2015-07 Gecko Media Plugin sandbox escape
2015-06 Read-after-free in WebRTC
2015-05 Read of uninitialized memory in Web Audio
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-02 Uninitialized memory use during bitmap rendering
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

Release notes
- https://www.mozilla....0/releasenotes/
Jan 13, 2015

... complete list of changes in this release... 3589 bugs found.
___

- http://www.securityt....com/id/1031533
CVE Reference: CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642, CVE-2014-8643
Jan 14 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of authentication information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 35.0 ...
Solution: The vendor has issued a fix (35.0).
 

Edited by AplusWebMaster, 14 January 2015 - 12:02 AM.