dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2307
SUMware2
Premium Member
join:2002-05-21

1 recommendation

SUMware2

Premium Member

Firefox 3.0.2 Released

Fixed in Firefox 3.0.2
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag

DrModem
Trust Your Doctor
Premium Member
join:2006-10-19
USA

DrModem

Premium Member

Hopefully this will fix those annoying crashes that wipe my cache all the time.

JTM1051
MVM
join:2000-07-08
Terrell, TX

JTM1051 to SUMware2

MVM

to SUMware2

Re: Firefox 3.0.2 & 2.0.0.17 Released

Also Fx 2.0.0.17 released:

Vulnerabilities Fixed
MFSA 2008-45 XBM image uninitialized memory reading
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-40 Forced mouse drag
MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

Fx 2.x Download Page

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD to SUMware2

Premium Member

to SUMware2

Re: Firefox 3.0.2 Released

3.0.2 build 6

roc5955
Premium Member
join:2005-11-26
Rosendale, NY

roc5955 to SUMware2

Premium Member

to SUMware2
Strange, as I was reading this message, I decided to see what version I have, and ver. 3.02 is downloading itself, as I type this!

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

1 recommendation

FFH5 to JTM1051

Premium Member

to JTM1051

Re: Firefox 3.0.2 & 2.0.0.17 Released

More English like description of the security vulnerabilities that were patched.

»news.cnet.com/8301-1009_ ··· 1_3-0-20

JTM1051
MVM
join:2000-07-08
Terrell, TX

JTM1051

MVM

said by FFH5:

More English like description of the security vulnerabilities that were patched.

»news.cnet.com/8301-1009_ ··· 1_3-0-20
Just a FYI, at the Vulnerabilities Fixed, the links (e.g., "MFSA 2008-45) have more detailed descriptions -- IMHO looks like CNET basically used the same descriptions.
Expand your moderator at work
SUMware2
Premium Member
join:2002-05-21

2 recommendations

SUMware2

Premium Member

Firefox 3.0.3 required and underway

From mozilla.dev.planning

From: Mike Beltzner
Date: Wed, 24 Sep 2008 21:38:37 -0400
Local: Wed, Sep 24 2008 9:38 pm
Subject: Firefox 3.0.3 required and underway

Hey everyone,

Shortly after releasing Firefox 3.0.2 our QA and Support teams began seeing reports of problems certain users were having with the Firefox Password Manager. This was being caused by non-ASCII data (in domains, logins or passwords) saved as something other than UTF-8 failing to convert back to Unicode (see bug 454708) which was a regression from a fix to make the Password Manager work on IDN sites with characters over U+0100 (see bug 451155).

The symptom is that users who have password data stores with non-ASCII data saved as something other than UTF-8 (more common for people who have saved passwords on IDN domains or non en-US domains) will not be able to access their saved passwords or create any new saved passwords. There is no permanent dataloss, the saved data is just inaccessible. While this doesn't affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix for this issue. Once released, this will restore the functionality for all users.

The fix has been landed and tested, and builds are coming out and being delivered to QA today. We hope to be releasing updates on the beta channel by early next week and issuing a release soon thereafter.

cheers,
mike

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong to SUMware2

Premium Member

to SUMware2

Re: Firefox 3.0.2 Released

quote:
Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.

Am I the only one that finds some of the vulnerability scenarios these days to be a stretch to the point that they're funny?

BKayrac
Premium Member
join:2001-09-29

BKayrac

Premium Member

said by jdong:

quote:
Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions.

Am I the only one that finds some of the vulnerability scenarios these days to be a stretch to the point that they're funny?
a stretch maybe, but alot of stupid users, and alot of smart bad guys these days

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

jdong

Premium Member

Indeed it's good to patch up all of these holes, but also this means that when reading stats on number of discovered vulnerabilities, one needs to keep in mind the severity of those discovered too.... Being able to fool someone into dragging their mouse is not quite the same as a drive-by download and execution vulnerability.
Expand your moderator at work

chachazz
Premium Member
join:2003-12-14

1 edit

1 recommendation

chachazz to jdong

Premium Member

to jdong

Re: Firefox 3.0.2 Released

The candidate builds are already 'ready for testing':
Firefox 3.0.3: »ftp://ftp.mozilla.org/pub/fire ··· /build1/
quote:
Please hammer on this build mercilessly to make sure that your stuff works with it! If you notice things that worked in Firefox 3 or Firefox 2.0.0.17 and do not work in this release, we would like to know about it right away.

Read the Release Notes:
Firefox 3.0.3: »en-us.www.mozilla.com/en ··· senotes/

Bugs specifically addressed in this build:
# bug 451155 - Password manager does not work correctly on IDN site whose name contains any character over U+0100
# bug 454708 - storage-Legacy can throw when calling ConvertToUnicode

(email)
marcia, on behalf of
Team Mozilla QA