Web White Noise

Firefox 3.6.9 has been released to fix the following issues:

• Introduced support for the X-FRAME-OPTIONS HTTP response header. Site owners can use this to mitigate clickjacking attacks by ensuring that their content is not embedded into other sites.
• Fixed several security issues.
• Fixed several stability issues.

I know it’s been only a few days since 3.6.7 was released but Mozilla have releases Firefox 3.6.8 to fix a stability issue affecting some pages containing plugins. It would be wise to update if you want your browser to be stable.

Firefox 3.6.7 has been realased to fix some stability issues & some security issues in 3.6.6:

• MFSA 2010-47 Cross-origin data leakage from script filename in error messages
• MFSA 2010-46 Cross-domain data theft using CSS
• MFSA 2010-45 Multiple location bar spoofing vulnerabilities
• MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
• MFSA 2010-43 Same-origin bypass using canvas context
• MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
• MFSA 2010-41 Remote code execution using malformed PNG image
• MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
• MFSA 2010-39 nsCSSValue::Array index integer overflow
• MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
• MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
• MFSA 2010-36 Use-after-free error in NodeIterator
• MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
• MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

Well that didn’t take long. Firefox has been update to version 3.6.6,  don’t’ know what happened to Firefox 3.6.5 but anyway 3.6.6 is now available. The new version fixes some issues with the new plug-in crash protection feature.

Download

Firefox 3.6.4 has been released and fixes 7 vulnerabilities of various severity. In addition, Firefox now allows plugins to crash without taking down the entire browser.

Release Notes

Firefox has revived a security update, so it’s time to download Firefox 3.6.3.

Fixed in Firefox 3.6.3:

• Firefox 3.6.3 fixes a critical security issue that could potentially allow remote code execution

Firefox Download

Firefox has revived a security update, so it’s time to download Firefox 3.6.2.

Fixed in Firefox 3.6.2:

• MFSA 2010-08 – WOFF heap corruption due to integer overflow

Release Notes

Time to move on to Mozilla Firefox 3.6.

Some of the new features include:

• Changes were made that prevent other programs from adding their own toolbar to Firefox without your permission.
• Firefox 3.6 will alert you about out of date and insecure plugins.
• Private browsing also removes TEMP files

Release Notes

Mozilla Firefox 3.5.7 has been released to fix stability issues in 3.5.6.

Security Advisories for Firefox 3.5

Mozilla Firefox 3.5.6 has been released to fix a number of security issues in 3.5.5.

• MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
• MFSA 2009-70 Privilege escalation via chrome window.opener
• MFSA 2009-69 Location bar spoofing vulnerabilities
• MFSA 2009-68 NTLM reflection vulnerability
• MFSA 2009-67 Integer overflow, crash in libtheora video library
• MFSA 2009-66 Memory safety fixes in liboggplay media library
• MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)

Security Advisories for Firefox 3.5