FYI...Firefox 33.0 releasedFrom an admin. account, start Firefox, then >Help >About >Check for Updates ...
Security Advisories for 33.0:
Fixed in Firefox 33
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypassesMFSA 2014-79
Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF MFSA 2014-77
Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulationMFSA 2014-74
Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
Oct 14, 2014
... complete list of changes in this release... 3422 bugs found.
CVE Reference: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582, CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586
Oct 14 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 33.0 ...
___Mozilla to disable encryption feature in next Firefox browser due to 'Poodle' bug
Oct 14, 2014 - "Mozilla said it will -disable- Secure Sockets Layer (SSL) encryption in the latest version of its Firefox web browser that will be released on Nov. 25 after a security bug called "Poodle" was discovered in a web encryption technology. "By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user's private account data on a website," Mozilla said in its blog*. SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. The code to disable the security protocol will be available shortly via Mozilla Nightly, an in-development version of Mozilla's browser. Mozilla also said that Firefox 35 will support a generic Transport Layer Security (TLS) downgrade protection mechanism called SCSV (Signaling Cipher Suite Value), as a precautionary measure..."
Oct 14, 2014 - "Summary: SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information. We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a critical flaw in SSLv3
, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the “Secure Sockets Layer” (SSL) or “Transport Layer Security” (TLS)..."Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
Oct 14, 2014
Last revised: 10/14/2014