Tag Archives: Mozilla

Mozilla Releases Firefox 47 and Firefox ESR 45.2

In early June Mozilla released their scheduled security updates for Firefox and Firefox ESR (Extended Support Release) raising their version numbers to 47 and 45.2 respectively.

Firefox 47 resolves 17 security issues more formally known as CVEs (defined). Individually the severity of these issues are as follows:

====================
3x critical severity CVEs
5x high severity CVEs
4x moderate severity CVEs (includes 1x CVE that addresses 4 issues, making 7x issues in total)
2x low severity CVEs
====================

Firefox ESR 45.2 resolves 9 security issues:
====================
3x critical severity CVEs (2 of these CVEs address multiple issues, exact number is unknown)
5x high severity CVEs
1x moderate severity CVE
====================

As always full details of the security issues resolved by these updates are available in the following links:

Firefox 47
Firefox ESR 45.2

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

In general, Mozilla Firefox updates install without any issues, however as always I would recommend backing up the data on any critical device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Mozilla Releases Firefox 46 and Firefox ESRs 45.1 and 38.8

As scheduled; earlier today Mozilla released security updates for Firefox and Firefox ESR (Extended Support Release) raising their version numbers to 46, 38.8 and 45.1 (both ESR) respectively.

Firefox 46 resolves 15 security issues more formally known as CVEs (defined). Individually the severity of these issues are as follows:

====================
4x critical severity CVEs
5x high severity CVEs and 1 high severity issue (not assigned a CVE)
5x moderate severity CVEs
====================

Firefox ESR 45.1 resolves 6 security issues:
====================
4x critical severity CVEs
2x high severity CVEs
====================

Moreover; Firefox ESR 38.8 resolves 10 security issues:
====================
4x critical severity CVEs
5x high severity CVEs
1x moderate CVE
====================

As always full details of the security issues resolved by these updates are available in the following links:

Firefox 46
Firefox ESR 45.1
Firefox ESR 38.8

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Mozilla Releases Firefox 45 and Firefox ESR 38.7

Earlier today Mozilla made available their scheduled security updates for Firefox and Firefox ESR (Extended Support Release) bringing them to versions 45 and 38.7 respectively.

Firefox 45 resolves 40 security issues more formally known as CVEs (defined). Individually the severity of these issues are as follows:

====================
22x critical severity CVEs
7x high severity CVEs
10x moderate severity CVEs
1x low severity CVE
====================

Moreover; Firefox ESR 38.7 resolves 30 security issues:
====================
22x critical severity CVEs
4x high severity CVEs and 1 high severity issue (not assigned a CVE)
2x moderate CVEs
1x low severity CVE
====================

Full details of the security issues resolved by these updates are available in the following links:

Firefox 45
Firefox ESR 38.7

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

Generally, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Mozilla Releases Firefox 44.0.2 and Firefox ESR 38.6.1

Earlier today Mozilla made available unscheduled security updates for Firefox and Firefox ESR (Extended Support Release) bringing them to versions 44.0.2 and 38.6.1 respectively. Firefox 44.0.2 addresses a critical severity CVE (defined). 2 other critical security issues (1 of which was assigned a CVE) were resolved by Firefox ESR 38.6.1.

These security issues were reported to Mozilla by 2 security researchers (Jason Pang of OneSignal and Holger Fuhrmannek) and the Cisco Talos Security Intelligence and Research Group.

The first issue affecting Firefox 44.0 and 44.0.1 involves the violation of the same-origin policy (defined) of the browser due to how the crossdomain.xml file is open to being forged which can lead to a service worker forging responses to network requests to the network requests made initially by plugins of the browser.

The first issue addressed by Firefox ESR 38.6.1 involves the bypassing of validation of internal instruction parameters within the Graphite 2 library of Firefox when special CNTXT_ITEM instructions are used. The other issues reported by the Cisco Talos group were also addressed but no further details were provided.

Further details of these updates (and the issues they address) are available here and here. If Firefox is installed on any computer that you use, please install the appropriate update as soon as possible. Details of how to install updates for Firefox are here.

Mozilla Firefox updates generally install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Mozilla Releases Firefox 44 and Firefox ESR 38.6

Earlier today saw Mozilla release Firefox 44 and Firefox ESR (Extended Support Release) 38.6. This release sees the end of support for the RC4 cipher. This was also discussed in a previous blog post of mine. For details of the new features added to Firefox 44, please see this release notes page.

Firefox 44 resolves 17 security issues more formally known as CVEs (defined). Individually the severity of these issues are as follows:

====================
6x critical severity CVEs
3x high severity CVEs
7x moderate severity CVEs
1x low severity CVE
====================

Meanwhile, Firefox ESR 38.6 resolves 4 security issues:
====================
3x critical severity CVEs
1x moderate severity CVE
====================
Full details of the security issues resolved by these updates are available in the following links:

Firefox 44
Firefox ESR 38.6

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Mozilla Releases Firefox 43.0.2 and Firefox ESR 38.5.2

In late December 2015 Mozilla released security updates for Firefox bringing it to version 43.0.2 and Firefox ESR (Extended Support Release) 38.5.2.

At that time the release notes for these updates didn’t reference any further security issues resolved since the previous updates (described in a previous post of mine). The above mentioned Firefox version numbers were not present in late December. I was aware of these updates but since they didn’t contain further security related changes I didn’t create a post about them. In future I will need to re-check those pages again in the days following such updates in order to avoid such a delay in posting.

Since that time the security advisory pages for Firefox and Firefox ESR (linked to below) now include details of a moderate severity security issue (assigned 1 CVE number (defined)) resolved by these updates. The issue relates to the Network Security Services (NSS) component of Firefox still accepting TLS 1.2 ServerKeyExchange messages with MD5 digital signatures. As discussed here and here, the use of MD5 is discouraged and Mozilla has rectified this issue using these updates.

Full details of the security issues resolved by these updates are available in the following links:

Firefox 43.0.2
Firefox ESR 38.5.2

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve this security issue.

Note: The most recent version of Firefox 43 at the time of writing is 43.0.4. It has since been updated following the release of 43.0.2. Please ensure you are using the most up to date version available. 43.0.4 re-enables SHA-1 certificates for “man-in-the-middle” (defined) devices. More details are provided here.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Mozilla Releases Firefox 43 and Firefox ESR 38.5

Earlier today Mozilla made available Firefox 43 and Firefox ESR (Extended Support Release) 38.5.

Firefox 43 resolves 24 security issues more formally known as CVEs (defined). This includes 3 high severity issues (not yet assigned a CVE). Individually the severity of these issues is as follows:

====================
5x critical severity CVEs
7x high severity CVEs and 3x high severity issues
6x moderate severity CVEs
3x low severity CVEs
====================

Meanwhile, Firefox ESR 38.5 resolves 9 security issues (8x CVEs and 1x issue not assigned a CVE):
====================
4x critical severity CVEs
4x high severity CVEs and 1x high severity issue
====================

Full details of the security issues resolved by these updates are available in the following links:

Firefox 43
Firefox ESR 38.5

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.