Mozilla Firefox Vulns

win32sux · 08-03-2009, 06:12 PM

Firefox 3.5.2 and 3.0.13 have been released.

They address the aforementioned security vulnerabilities.

win32sux · 09-09-2009, 06:18 PM

Firefox 3.5.3 and 3.0.14 have been released.

They include fixes for several security vulnerabilities (three which are rated as Critical).

win32sux · 10-14-2009, 07:59 AM

This new initiative is destined to have a positive impact on the overall security of the Firefox user community. To read the Mozilla Security Blog article, click here. You can use the Web-based version of the tool right now, or you can wait for Firefox 3.6 to be released, which will have this functionality built into it.

win32sux · 10-28-2009, 02:37 AM

Firefox 3.5.4 and 3.0.15 have been released.

They include fixes for many security vulnerabilities (several which are rated as Critical).

BTW, the corresponding Secunia Advisory is here.

win32sux · 12-16-2009, 09:56 AM

Firefox 3.5.6 and 3.0.16 have been released.

They include fixes for many security vulnerabilities (several which are rated as Critical).

The corresponding Secunia Advisory is here.

win32sux · 01-05-2010, 07:47 PM

Firefox 3.5.7 and 3.0.17 have been released, but they don't seem to address any security problems AFAICT.

win32sux · 02-17-2010, 04:07 PM

Firefox 3.5.8 and 3.0.18 have been released.

They include fixes for many security vulnerabilities (several which are rated as Critical).

The corresponding Secunia Advisory is here.

win32sux · 02-20-2010, 02:18 AM

Quote:

A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.

The vulnerability is reported in version 3.6. Other versions may also be affected.

Secunia Advisory

win32sux · 02-20-2010, 06:37 PM

Am I the only one who finds it a bit sad that Mozilla doesn't use their security blog to provide some kind of official statement regarding zero-day vulnerabilities such as the one above?

GazL · 02-21-2010, 07:26 AM

Quote:

Originally Posted by win32sux

Am I the only one...

Nope, not just you. Knowing whether running with javascript off mitigates this, or even whether it's platform specific would certainly help while waiting for them to sort it out.

win32sux · 02-21-2010, 08:06 AM

Quote:

Originally Posted by GazL

Knowing whether running with javascript off mitigates this, or even whether it's platform specific would certainly help while waiting for them to sort it out.

My thoughts exactly.

win32sux · 02-22-2010, 06:42 AM

An article posted today on The Inquirer makes it sound like this is Windows-specific.

Anyone here been able to get any particulars on this vulnerability yet?

Stroker · 02-22-2010, 12:27 PM

Quote:

Originally Posted by win32sux

An article posted today on The Inquirer makes it sound like this is Windows-specific.

Anyone here been able to get any particulars on this vulnerability yet?

From your link
Secunia Advisory

Follow the "Original Advisory" url in which it states:

Quote:

clientside/vd_ff - 0day Firefox exploit (XP SP3, Vista)

Apparently, it's a MS problem and limited to XP an Vista only.

GazL · 02-22-2010, 02:31 PM

Quote:

Originally Posted by Stroker

Follow the "Original Advisory" url in which it states:

Call me paranoid, but for some strange reason I didn't quite fancy going to the site of some unknown (to me at any rate) Russian hacker who found this vulnerability with my potentially vulnerable browser to read about it.

win32sux · 02-23-2010, 12:07 AM

Well, they've finally posted on their blog.

The post essentially boils down to them not being totally sure what's going on yet.