Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firefox 16 / Thunderbird 16 updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox 16 / Thunderbird 16 updates

Thanks Mike and others for digging in to the security fixes and changes in the recent Firefox 16 and Thunderbird 16 updates (earlier this week).  Find these details here:

https://www.mozilla.org/security/known-vulnerabilities/firefox.html

https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

 

.. And thanks to our reader Paul, who let us know that this latest update has been pulled (if you download the lastest version right now, it's 15.0.1).  It seems that a critical security vulnerability slipped past in 16.0.  (version 15.0.1 is not affected).  Good on the Firefox / Mozilla teams for pulling it so quickly, and posting on it immediately.   More info here:

https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/

Final Update (we hope):

Another reader has just let us know that 16.01 has just been posted - this should get us all back on track!  Happy updating everyone!  The two original links (above) have the security-specific info for version 16.01

===============
Rob VandenBrink
Metafore

Rob VandenBrink

458 Posts
ISC Handler
Looks like an out of band security update is looming. Both links are forbidden for now, but that's about to change soon it seems.

https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/16.0.1/

https://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/16.0.1/
Anonymous

Posts
PSI from Secunia had 'updated' my Firefox to 16.0 from 15.0.1 earlier today and Firefox just recently (2:38PM EDT Oct 11, 2012) pushed an updated version 16.0.1 to my system.
Anonymous

Posts
The download links at Mozilla were still showing 15.0.1 as the version being offered after my update though . . .
Anonymous

Posts
I suggest considering Firefox Extended Support Release (ESR). It contains security and bug fixes each cycle, but not new features. As such, when FF 16.0.0 shipped FF ESR 10.0.8 shipped. FF ESR was not vulnerable to this issue and was not pulled.

https://www.mozilla.org/en-US/firefox/organizations/all.html

<a href="https://www.mozilla.org/en-US/firefox/organizations/all.html">https://www.mozilla.org/en-US/firefox/organizations/all.html</a>
Anonymous

Posts
I still can't find confirmation if Firefox 10.0.8 is affected or not. I assume not as it's not been pulled.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!