Archive for the 'firefox' Category

Firefox 21.0

Published May 15, 2013 firefox , patch , Patch_Tuesday , security Leave a Comment

Firefox v.21.0 was offered to release channel users on May 14, 2013

FF21

Fixed in Firefox 21.0 [4]
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Vulnerability ratings: 3 Critical, 3 High , 1 Moderate
Evaluation: Test and update.

LINKS:
[1] Firefox Updated: Firefox 21.0 (2013-May-14) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 21.0 Release Notes (2013-May-14) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 20.0

Published April 3, 2013 firefox , patch , security Leave a Comment

Firefox v.20.0 was offered to release channel users on April 02, 2013

FF20

Fixed in Firefox 20.0 [4]
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

Vulnerability ratings: 3 Critical, 4 High , 4 Moderate
Evaluation: There’s a fair number of changes in this update; test and update.

This update breaks the WordPress.com HTML5 audio plugin; no player and shows as Download :(

LINKS:
[1] Firefox Updated: Firefox 20.0 (2013-Apr-02) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 20.0 Release Notes (2013-Apr-02) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 19.0.2

Published March 11, 2013 firefox , patch , security Leave a Comment

Firefox v.19.0.2 was offered to release channel users on March 07, 2013

FF19-0-2

Fixed in Firefox 19.0.2 [4]
MFSA 2013-29 Use-after-free in HTML Editor

Fixed in Firefox 19
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

Vulnerability ratings: 1 Critical
Evaluation: 19.0.2 is a security-driven release, it is time to update again.

LINKS:
[1] Firefox Updated: Firefox 19.0.2 (2013-Mar-07) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 19.0.2 Release Notes (2013-Mar-07) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 17.0.1

Published December 4, 2012 firefox , patch , security Leave a Comment

Firefox v.17.0.1 was offered to release channel users on November 30, 2012

Fixed in Firefox 17.0.1 [4]
No security updates, performance update only

LINKS:
[1] Firefox Updated: Firefox 17.0.1 (2012-Nov-30) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 17.0.1 Release Notes (2012-Nov-30) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 17.0

Published November 21, 2012 firefox , patch , security Leave a Comment

Firefox v.17.0. was offered to release channel users on November 20, 2012

Fixed in Firefox 17.0 [4]
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-103 Frames can shadow top.location
<a href="http://www.mozilla.org/security/announce/2011/mfsa2012-102.html"MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-98 Firefox installer DLL hijacking
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

Vulnerability ratings: 6 Critical, 9 High, and 1 Moderate
Evaluation: it is time to update again.

LINKS:
[1] Firefox Updated: Firefox 17.0 (2012-Nov-20) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 17.0 Release Notes (2012-Nov-20) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 16.0.1

Published October 12, 2012 firefox , patch , security Leave a Comment

Firefox v.16.0.1 was offered to release channel users on October 11, 2012
(Version 16.0 didn’t last very long did it!)

Fixed in Firefox 16.0.1 [4]
MFSA 2012-89 defaultValue security checks not applied
MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

Vulnerability ratings: 2 Critical
Evaluation: it is time to update again.

The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild. [5]

LINKS:
[1] Firefox Updated: Firefox 16.0.1 (2012-Oct-11) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 16.0.1 Release Notes (2012-Oct-11) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]
[5] Security Vulnerability in Firefox 16 (2012-Oct-11) [blog.mozilla.org]

Firefox 16.0

Published October 11, 2012 firefox , patch , security Leave a Comment

Firefox v.16.0. was offered to release channel users on October 09, 2012

Fixed in Firefox 16.0 [4]
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-78 Reader Mode pages have chrome privileges
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

Vulnerability ratings: 11 Critical, 3 High
Evaluation: it is time to update again.

LINKS:
[1] Firefox Updated: Firefox 16.0 (2012-Oct-09) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 16.0 Release Notes (2012-Oct-09) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 15.0

Published August 29, 2012 firefox , patch , security Leave a Comment

Firefox v.15.0. was offered to release channel users on August 28, 2012

Firefox 15 includes silent, background updates [3].
pref(“app.update.mode”, 1)

Fixed in Firefox 15.0 [4]
MFSA 2012-72 Web console eval capable of executing chrome-privileged code
MFSA 2012-71 Insecure use of __android_log_print
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-67 Installer will launch incorrect executable following new installation
MFSA 2012-66 HTTPMonitor extension allows for remote debugging without explicit activation
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-60 Escalation of privilege through about:newtab
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)

Vulnerability ratings: 7 Critical, 6 High, 3 Moderate
Evaluation: it is time to update again.

LINKS:
[1] Firefox Updated: Firefox 15.0 (2012-Aug-28) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 15.0 Release Notes (2012-Aug-28) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Firefox 13.0.1

Published June 20, 2012 firefox , patch , security Leave a Comment

Firefox v.13.0.1 was offered to release channel users on June 15, 2012

Fixed in Firefox 13.0.1 [4]
No Security fixes, this release has 3 functionality fixes;
FIXED: Windows Messenger did not load in Hotmail, and the Hotmail inbox did not auto-update (764546, fixed in 13.0.1)
FIXED: Hebrew text sometimes rendered incorrectly (756850, fixed in 13.0.1)
FIXED: Flash 11.3 sometimes caused a crash on quit (747683, fixed in 13.0.1)

Vulnerability ratings: None

Evaluation: Apply the patch if/when it is offered as this update provides some functionality fixes.

LINKS:
[1] Firefox Updated: Firefox 13.0.1 (2012-Jun-15) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 13.0.1 Release Notes (2012-Jun-15) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]
[5] Firefox 13.0.1 Update (2012-Jun-19) [SANS]

Firefox 13.0

Published June 7, 2012 firefox , patch , security Leave a Comment

Firefox v.13.0 was offered to release channel users on June 05, 2012

What’s New?
* When opening a new tab, users are now presented with their most visited pages
* The default home page now has quicker access to bookmarks, history, settings, and more

Fixed in Firefox 13 [4]
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards

Vulnerability ratings: 4 Critical, 2 High, 1 Moderate
Evaluation: it is time to update again.

LINKS:
[1] Firefox Updated: Firefox 13 (2012-Jun-05) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 13.0 Release Notes (2012-Apr-24) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]
May 2013
M T W T F S S
« Apr    
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 Australia License.

del.icio.us

Flickr Photos

LaserForce

Birthday Dragon

Birthday Dragon

Birthday Dragon

Birthday Dragon

New Bow

Day 10 | stars | #FMSphotoadayMAY 2013

2013 Mother's Day Classic

More Photos

Twittering

Cluster Map

Locations of visitors to this page
hacker emblem
Follow

Get every new post delivered to your Inbox.

Join 27 other followers