dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5769
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 edit

1 recommendation

[Mozilla] Firefox 18.0 / 17.0.2 ESR/ 10.0.12 ESR release

The Release notes are up!
First offered to release channel users on January 8, 2013.

What’s New
NEW - Faster JavaScript performance via IonMonkey compiler
NEW - Support for Retina Display on OS X 10.7 and up
NEW - Preliminary support for WebRTC

CHANGED - Experience better image quality with our new HTML scaling algorithm
CHANGED - Performance improvements around tab switching

• DEVELOPER - Support for new DOM property window.devicePixelRatio
• DEVELOPER - Improvement in startup time through smart handling of signed extension certificates

• HTML5 - Support for W3C touch events implemented, taking the place of MozTouch events

• FIXED - Disable insecure content loading on HTTPS pages 62178
• FIXED - Improved responsiveness for users on proxies 769764

If interested, please see the complete list of changes in this release.

Any new Security Fixes can be found at Firefox Security Advisories.

Available the morning of Jan 8 approx. 8 a.m. PST or shortly thereafter @ Mozilla

Downloads - All systems & languages

Firefox 17.0.2 ESR and 10.0.12 ESR will also be released.


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

Re: [Mozilla] Firefox 18.0 release

Improving performance with static themes
Or... After updating to Firefox 18, animated Personas will no longer animate.
December 11, 2012 - Add-ons Blog
quote:
In order to accommodate various screen resolutions and header heights, themes (formerly Personas) require very large image files. Header images need to be 3000 x 200 px and footer images 3000 x 100 px. As a result, loading them slows down Firefox. Animated themes pose an even more persistent problem for performance, because animated images are much larger in size, and the browser needs to redraw them continuously.

Bug 650968 was filed to address this issue, and the solution was to crop the images to your screen size when you start Firefox. Because smaller images are loaded when the browser starts, load times are much improved. However, a side-effect of the cropping is that animated images are not taken into account. For this reason, animated themes will no longer animate starting in Firefox 18. Since this was a unintended consequence, there are some edge cases where the image will animate normally until Firefox is restarted.

We understand that animated themes are very popular with some users, and people will be upset with this difficult decision. However, to keep Firefox performing optimally for the even greater number of users who care about speed, the decision was necessary. We would love to find a way to preserve animated themes, and are currently looking into alternative solutions.

In the meantime, a workaround would be to install the Personas Shuffler, which will refresh your animated themes every time Firefox loads, keeping them animating continuously.

There are still many beautiful and creative themes available to personalize your Firefox, with more added every day, and we hope you continue to enjoy them.

More.. Firefox Support: Animated Persona stops working
»support.mozilla.org/en-US/kb/ani···ser=fx18


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

1 recommendation

reply to chachazz
Thanks, just got via the internal updater


darcilicious
Cyber Librarian
Premium
join:2001-01-02
Forest Grove, OR
kudos:4

1 recommendation

reply to chachazz
Thanks, I've updated


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

1 recommendation

reply to chachazz
Thanks for the update!


mark5019
Premium
join:2002-03-30
Atlanta, GA

1 recommendation

reply to chachazz
got it thank you


rfhar
The World Sport, Played In Every Country
Premium
join:2001-03-26
Buicktown,Mi

1 recommendation

reply to chachazz
Thanks. I have Fx set to auto update but it never has. I have downloads back to Fx 3.6.


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 recommendation

reply to chachazz
Update went w/o incident. All add-ons working.


chachazz
Premium
join:2003-12-14
kudos:9
You're welcome, folks


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
Fixed in Firefox 18
MFSA 2013-20 Mis-issued TURKTRUST certificates
MFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-06 Touch events are shared across iframes
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
MFSA 2012-98 Firefox installer DLL hijacking


Grail Knight

Premium
join:2003-05-31
Valhalla
kudos:6

1 recommendation

reply to chachazz

Re: [Mozilla] Firefox 18.0 / 17.0.2 ESR/ 10.0.12 ESR release

Thank you.

The internal updater in Fx v18.0b7 said I was up to date which was wrong so I just installed a full v18 over the beta. All is well.
--
"Paranoia, the destroyer"


Racerbob
Premium
join:2001-06-24
Webster, NY
kudos:1

1 recommendation

The internal updater was correct since you had a beta version installed. Beta 7 was the most recent version. You were on the beta release channel... There are two separate channels a Beta Release Channel and a Release channel. Now with the 18.0 final you are on the Release channel.


Grail Knight

Premium
join:2003-05-31
Valhalla
kudos:6
Reviews:
·Verizon Online DSL
·Time Warner Cable

1 edit
Considering I had changed app.update.channel to release and have it coded into my user.js the updater should have known there was a new release available.

It is possible an extension conflict caused the issue which is not really an issue as I just dump new builds into the old folder after deleting the old files. Same as I have been doing is since 0.6
--
"Paranoia, the destroyer"


Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:2

1 recommendation

reply to chachazz
Thanks chazzy.


chachazz
Premium
join:2003-12-14
kudos:9
You're all welcome


chachazz
Premium
join:2003-12-14
kudos:9
reply to Grail Knight
Firefox 18.0 will be unthrottled Thursday morning PT

jsmiddleton4

join:2003-11-13
Glendale, AZ
reply to chachazz
Looking forward to my favorite theme being V18 friendly.


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to chachazz
Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript - oh, and 20 other security fixes

by Paul Ducklin on January 9, 2013 | Leave a comment

Filed Under: Featured, Firefox, Security threats

Firefox 18 has been released.

This month, there were 2917 bugs patched, with 21 security fixes.

Twelve of the security fixes were deemed critical.

There's also a brand-new JavaScript compiler (though it augments, rather than replaces, the old one), and full-on support for Retina displays on the groovier sorts of Mac.....


»nakedsecurity.sophos.com/2013/01···security

»www.mozilla.org/en-US/firefox/18···senotes/

»www.mozilla.org/en-US/firefox/all/
--
The Alien in the White House

20,196 DEADLY TERROR ATTACKS SINCE 9/11


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

1 recommendation

reply to chachazz
Thanks, got it via internal update from 17.01


90115534
Someone is sabotaging me.Finding out who
Premium
join:2001-06-03
Kenner, LA
reply to chachazz
Does Firefox now update to the next version automatically ?


MarkAW
Barry White
Premium
join:2001-08-27
Canada
kudos:16
reply to chachazz
Click for full size
Thanks chazzy got it via internal update. Installed checked add-ons and all is good.


lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2
reply to chachazz
Thanks chachazz....Updated.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

2 edits
reply to chachazz
i am concerned about the "turktrust" certificate(s).. i an not seeing that the "turktrust" certificate, or the other related certificates, are listed along with the other untrusted certificates, under "servers".. the "turktrust" certificate is still listed under "authorities", the same as it was before.. i had manaully disabled the trust for the "turktrust" certificate and the trust is still disabled..

so, i am wondering what others see when they look at the certificates? are the "turktrust" certificates listed under "server", along with the other untrusted certifcates, or is the same old "turktrust" certificate still listed under "authorities", and, if so, what are the "trust" settings for the certficate?

p.s. i scrolled through the list of certificates and noticed a second "turktrust" certificate.. it was "trusted" but i disabled the "trust"..

to me, it looks like mozilla made another stupid mistake, with FF 18, not "distrusting" the "turktrust" certificates which were suppose to be distrusted..


Boricua
Premium
join:2002-01-26
Sacramuerto
reply to chachazz
So I just got this from my job's e-mail so should I got with this?

said by Job's E-mail :

Subject: IMMEDIATE ACTION REQUIRED: MS-ISAC CYBER SECURITY ADVISORY - Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution - RISK: HIGH - TLP: WHITE
Importance: High

This information is being sent to agency Chief Information Officers, Information Security Officers, Disaster Recovery Coordinators, their backups, and other interested individuals on our contact list.

TLP: WHITE

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY

MS-ISAC ADVISORY NUMBER:
2013-005

DATE(S) ISSUED:
1/9/2012

SUBJECT:
Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

OVERVIEW:
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey applications, which could allow remote code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Thunderbird is an email client. Mozilla SeaMonkey is a cross platform Internet suite of tools ranging from a web browser to an email client. Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

SYSTEMS AFFECTED:
• Firefox versions prior to 18.0
• Firefox Extended Support Release (ESR) versions prior to 10.0.12 and 17.0.2
• Thunderbird versions prior to 17.0.2
• Thunderbird Extended Support Release (ESR) versions prior to 10.0.12 and 17.0.2
• SeaMonkey versions prior to 2.15

RISK:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: High

DESCRIPTION:
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. The details of these vulnerabilities are as follows:
• Miscellaneous memory safety hazards (MFSA 2013-01) - several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products have been identified. Some of these bugs showed evidence of memory corruption under certain circumstances, and some of these could be exploited to run arbitrary code.
• Use-after-free issue (MFSA 2013-02) - this issue affects the Address Sanitizer tool and could allow remote code execution.
• Buffer Overflow in Canvas (MFSA 2013-03) - there is an error when handling specific bad height and width values given through HTML. This issue causes a crash that may be exploitable.
• URL spoofing in address bar during page loads (MFSA 2013-04) - there is an issue where the displayed URL values within the address bar can be spoofed by a page during loading. This could allow for phishing attacks where a malicious page can spoof the identity of another site.
• Use-after-free when displaying table with many columns and column groups (MFSA 2013-05) - this issue is caused by an array containing a large number of columns and column groups that causes the array to overwrite itself during rendering leading to a crash that may be exploitable.
• Touch events are shared across iframes Android (MFSA 2013-06) - this allows for information leakage and possibilities for cross-site scripting (XSS)
• Crash due to handling of SSL on threads (MFSA 2013-07) - there is a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. The resulting crash is potentially exploitable.
• AutoWrapperChanger fails to keep objects alive during garbage collection (MFSA 2013-08) - the AutoWrapperChanger class fails to keep some Javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution.
• Compartment mismatch with quickstubs returned values (MFSA 2013-09) - there is a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash.
• Event manipulation in plugin handler to bypass same-origin policy (MFSA 2013-10) - the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages.
• Address space layout leaked in XBL objects (MFSA 2013-11) - using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections.
• Buffer overflow in Javascript string concatenation (MFSA 2013-12) - an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption.
• Memory corruption in XBL with XML bindings containing SVG (MFSA 2013-13) - when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash.
• Chrome Object Wrapper (COW) bypass through changing prototype (MFSA 2013-14) - it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution.
• Privilege escalation through plugin objects (MFSA 2013-15) - it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution.
• Use-after-free in serializeToStream (MFSA 2013-16) - there is a use-after-free issue in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited.
• Use-after-free in ListenerManager (MFSA 2013-17) - there is a use-after-free issue within the ListenerManager when garbage collection is forced after data in listener objects has been allocated in some circumstances. This results in a use-after-free, which can lead to arbitrary code execution.
• Use-after-free in Vibrate (MFSA 2013-18) - there is a use-after-free issue when using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited.
• Use-after-free in Javascript Proxy objects (MFSA 2013-19) - there is a garbage collection flaw in Javascript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution.
• Mis-issued TURKTRUST certificates (MFSA 2013-20) - TURKTRUST, a certificate authority in Mozilla’s root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. Successful exploitation of these vulnerabilities could result in either an attacker gaining the same privileges as the logged on user, or gaining session authentication credentials. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMMENDATIONS:
We recommend the following actions be taken:
• Upgrade vulnerable Mozilla products immediately after appropriate testing.
• Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
• Do not open email attachments or click on URLs from unknown or untrusted sources.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

REFERENCES:
Mozilla:


--
Illegal aliens have always been a problem in the United States. Ask any Indian. Robert Orben


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
SYSTEMS AFFECTED:
• Firefox versions prior to 18.0


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to 90115534
said by 90115534:

Does Firefox now update to the next version automatically ?

Yes - all about updating - »support.mozilla.org/en-US/kb/upd···r=2&as=s


Boricua
Premium
join:2002-01-26
Sacramuerto

1 edit
reply to La Luna
said by La Luna:

SYSTEMS AFFECTED:
• Firefox versions prior to 18.0

Thanks . I really loved the UI on the 3.6.28. I'm gonna miss you!!!

Edit: Just finished installing 18.0 (sigh). Hate the UI , but gotta have my Firefox . Can't stand IE.
--
Illegal aliens have always been a problem in the United States. Ask any Indian. Robert Orben

PrntRhd
Premium
join:2004-11-03
Fairfield, CA

1 edit
I am using Qute 3 mod version. It works.
»addons.mozilla.org/en-US/firefox···tom-mod/