Tech Talk

[Firefox v3.0 released]

FYI...

Firefox v3.0 released
- http://www.mozilla.com/firefox/

Release notes:
- http://www.mozilla.com/firefox/3.0/releasenotes/

Download:
- http://www.mozilla.com/firefox/all.html
(over 45 languages)

 

[known problems with Firefox 3]

Suggested reading prior to install:

Release notes / Known Issues:
- http://www.mozilla.com/firefox/3.0/releasenotes/
(Includes)...known problems with Firefox 3...


.

[Firefox vuln - unpatched]

FYI...

Firefox vuln - unpatched
- http://secunia.com/advisories/30761/
Release Date: 2008-06-19
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 2.0.x, Mozilla Firefox 3.x...
The vulnerability is reported in versions 3.0 and 2.0.x. Other versions may also be affected.
Solution: Do not follow untrusted links nor browse untrusted web sites...
Original Advisory:
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
"...Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page. While Mozilla is working on a fix, we wont be divulging anything else until a patch is available..."
- http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/

 

- http://preview.tinyurl.com/47o8yg
June 26, 2008 (arstechnica.com) - "...Mozilla told us that they have not finalized the schedule for when Firefox 3 will be made available to Firefox 2 users through the update channel, but they suspect that it will happen within the next two or three months..."

[Firefox v2.0.0.15 released]

FYI...

Firefox v2.0.0.15 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.15:
- http://www.mozilla.com/en-US/firefox/2.0.0.15/releasenotes/
July 1, 2008

- http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

- http://secunia.com/advisories/30911/
Last Update: 2008-07-03
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information,
Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 2.0.0.15...

 

[Firefox v2.0.0.16 released]

FYI...

Firefox v2.0.0.16 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download
- http://www.mozilla.com/en-US/firefox/all-older.html

What's New in Firefox 2.0.0.16:
- http://www.mozilla.com/en-US/firefox/2.0.0.16/releasenotes/
July 15, 2008

- http://www.mozilla.org/security/known-vulnerabilities/firefox20.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2933

//

[Firefox v3.0.1 released]

FYI...

Firefox v3.0.1 released
- http://www.mozilla.com/firefox/
July 16, 2008

Upgrading Firefox
- http://support.mozilla.com/en-US/kb/Upgrading+Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."

If "Check for Updates is disabled", see:
- http://support.mozilla.com/en-US/kb/Check+for+Updates+is+disabled

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.1

Known Issues
- http://www.mozilla.com/en-US/firefox/3.0.1/releasenotes/

Fixes in v3.0.1:
- http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
- http://www.mozilla.org/security/announce/2008/mfsa2008-36.html

- http://secunia.com/advisories/31106/
Last Update: 2008-07-17
Critical: Highly critical
Impact: Security Bypass, Spoofing, System access
Where: From remote
...The vulnerabilities are reported in versions prior to 3.0.1.
Solution: Update to version 3.0.1 ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2785
CVSS v2 Base score: 9.3 (High)

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2933

 

[Firefox v3.0.2 released]

FYI...

Firefox v3.0.2 released
- http://www.mozilla.com/firefox/
Upgrading Firefox
- http://support.mozilla.com/en-US/kb/Upgrading+Firefox
"To manually check for a Firefox update, click the Help menu at the top of the Firefox window, and select Check for Updates..."
If "Check for Updates is disabled", see:
- http://support.mozilla.com/en-US/kb/Check+for+Updates+is+disabled
Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.2
Known Issues
- http://www.mozilla.com/en-US/firefox/3.0.2/releasenotes/
---

Firefox v2.0.0.17 released
From an admin account, start Firefox, then >Help >Check for Updates
-or-
Download
- http://www.mozilla.com/en-US/firefox/all-older.html
What's New in Firefox 2.0.0.17:
- http://www.mozilla.com/en-US/firefox/2.0.0.17/releasenotes/
September 23, 2008
- http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.17
---

FF3: http://secunia.com/advisories/32011/

FF2: http://secunia.com/advisories/31984/

 

[Firefox v3.0.3 released]

FYI...

Firefox v3.0.3 released
- http://en-us.www.mozilla.com/firefox/3.0.3/releasenotes/
September 26, 2008 - "Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708*)"
* https://bugzilla.mozilla.org/show_bug.cgi?id=454708

- http://www.mozilla.com/firefox/all.html

 

[Firefox v3.0.4 - v2.0.0.18 released]

FYI...

Firefox v3.0.4 - v2.0.0.18 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.4
- http://www.mozilla.com/firefox/all.html
Download Firefox v2.0.0.18
- http://www.mozilla.com/firefox/all-older.html

Release Notes
- http://www.mozilla.com/firefox/3.0.4/releasenotes/
Also see "Known Issues..." for v3: All Systems - 9 items, Microsoft Windows - 2...

Security issues
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4
___

Firefox 3
- http://secunia.com/advisories/32713/
Release Date: 2008-11-13
Critical: Highly critical...

Firefox 2
- http://secunia.com/advisories/32693/
Release Date: 2008-11-13
Critical: Highly critical...

[Firefox v2.0.0.19]

FYI...

Firefox v2.0.0.19...
- https://wiki.mozilla.org/WeeklyUpdates/2008-12-01#Branch_work:_Firefox_2.0.0.19_.2F_3.0.5_.2F_Major_Update
2008-12-01 - "...Firefox 2.0.0.19 / 3.0.5 / Major Update...
• On track for December 16 release (possible day slip for major update)
• Firefox 2.0.0.19 will be the last release of Firefox 2 and will not include Phishing Protection..."

- http://news.cnet.com/8301-1009_3-10115852-83.html
December 5, 2008 - "...Google asked Mozilla to disable the feature in Firefox 2.0.0.19 that warns users of sites suspected of hosting identity fraud scams because the older browsers rely on an outdated SafeBrowsing protocol that Google is not supporting anymore..."

 

[Firefox v3.0.5 released]

FYI...

Firefox v3.0.5 released
- http://www.mozilla.com/firefox/
Dec. 16, 2008

Release Notes
- http://www.mozilla.com/firefox/3.0.5/releasenotes/

Security Advisories
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.5
Fixed in Firefox 3.0.5
MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
___

Firefox v2.0.0.19 released
- http://www.mozilla.com/en-US/firefox/all-older.html

- http://www.mozilla.com/en-US/firefox/2.0.0.19/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3.
Firefox 2.0.0.19 does -not- include Phishing Protection.
___

- http://secunia.com/advisories/33203/

- http://secunia.com/advisories/33184/

 

[Firefox v2.0.0.20 released]

FYI...

Firefox v2.0.0.20 released
- http://www.mozilla.com/en-US/firefox/all-older.html
December 18, 2008

Release Notes:
- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/
Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3. Firefox 2.0.0.20 does not include Phishing Protection.
- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/#issues

Security Update:
- http://www.mozilla.com/en-US/firefox/2.0.0.20/releasenotes/
Firefox 2.0.0.20 includes an additional security fix over Firefox 2.0.0.19 for users of the Windows platform. The following security issue* was fixed.

* http://www.mozilla.org/security/known-vulnerabilities/firefox20.html#firefox2.0.0.20
MFSA 2008-65  Cross-domain data theft via script redirect error message (Windows)
- http://preview.tinyurl.com/3mvadg
"...Mozilla omitted one of the security patches that was supposed to be included in the Windows version of Tuesday's Firefox 2.0 .0.19 release..."

Firefox 3
- http://secunia.com/advisories/33203/
...Solution: Update to version 3.0.5.
http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.5

 

[Firefox v3.0.6 released]

FYI...

Firefox v3.0.6 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.6
- http://www.mozilla.com/firefox/all.html

Security Advisories for Firefox v3.0.6
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.6
Fixed in Firefox 3.0.6
MFSA 2009-06 Directives to not cache pages ignored
MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
MFSA 2009-04 Chrome privilege escalation via local .desktop files
MFSA 2009-03 Local file stealing with SessionStore
MFSA 2009-02 XSS using a chrome XBL method and window.eval
MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

- http://secunia.com/advisories/33799/
Critical: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0352
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0353
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0354
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0355
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0356
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0357
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0358

 

[Firefox v3.0.7 released]

FYI...

Firefox v3.0.7 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.7
- http://www.mozilla.com/firefox/all.html

Fixed in Firefox 3.0.7
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7
MFSA 2009-11  URL spoofing with invisible control characters
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776

- http://secunia.com/advisories/34145/2/
Release Date: 2009-03-05
Critical: Highly critical
Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x ...
Solution: Update to version 3.0.7 ...

 

[Firefox v3.0.8 released]

FYI...

Firefox v3.0.8 released

From an admin account, start Firefox, then >Help >Check for Updates
-or-

Download Firefox v3.0.8
- http://www.mozilla.com/firefox/all.html

Fixed in Firefox 3.0.8
- http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.8
MFSA 2009-13  Arbitrary code execution through XUL <tree> element
MFSA 2009-12 XSL Transformation vulnerability

- http://secunia.com/advisories/34471/2/
Last Update: 2009-03-28
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Mozilla Firefox 3.x ...
Solution: Update to version 3.0.8...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169