| Author |
Topic: Mozilla has just released Firefox 2.0.0.10/11 |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 26 Nov 2007 8:55 pm |
|
I just discovered that Firefox was updated tonight. The new version is 2.0.0.10 and it is purely a security update.
Fixed in Firefox 2.0.0.10
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard
You can download the full install version here, or, if you have a previous version 2 Firefox browser, just go to Help > "Check for Updates" and let it download what parts it needs and install them for you.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Last edited by Wiz Feinberg on 3 Dec 2007 6:10 pm; edited 1 time in total |
|
|
 |
Bent Romnes
From:
London,Ontario, Canada
|
Posted 28 Nov 2007 10:21 am
|
|
Wiz,
I have been running Firefox now for 9 or 10 months and must say it offers a lot more stability than the Internet Explorer.
My first love in browsers was Netscape. I never did like the idea of someone forcing a web browser on us by bundling it with their operating system. Therefor Netscape. After about 8 years with Netscape it really was time for a change. Firefox is so close to Netscape in look and feel that I never had a transitional period. Seeing how Firefox is free and gives me all the updates automatically, plus is stable as a rock in every way, there is no other option for me.
Couple Firefox with AVG virus scanner (also free) and you have yourself a winner's package |
|
|
|
Craig Stenseth
From:
Naperville, Illinois, USA
|
Posted 30 Nov 2007 5:12 pm
|
|
| now up to 2.0.0.11 ... which you all probably know if you are running 2.0.0.10 ... |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 30 Nov 2007 6:37 pm
|
|
| Craig Stenseth wrote: |
| now up to 2.0.0.11 ... which you all probably know if you are running 2.0.0.10 ... |
Correct Craig! I just received notice that Firefox 2.0.0.11 was available and installed it. Here is the reason for this update:
| Quote: |
What's New in Firefox 2.0.0.11
Release Date:
November 30, 2007
Stability Update:
This release corrects a problem that was found in the previous release, Firefox 2.0.0.10.
|
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Bob Hickish
From:
Port Ludlow, Washington, USA, R.I.P.
|
Posted 1 Dec 2007 6:28 am
|
|
Wiz
is there some kind of vireos control program as part of
firefox ?
Last evening Firefox quit , and a flag come up saying
i had something attached to my computer . It had the
Firefox logo / icon . & it appeared to run a scan on the
files to locate the problem .
Do you know if this is part of Firefox or another scam ?
Hick PS I use a Mac OS 10.3.9 |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 1 Dec 2007 7:38 am
|
|
| Bob Hickish wrote: |
Wiz
is there some kind of vireos control program as part of irefox ?
Last evening Firefox quit , and a flag come up saying i had something attached to my computer . It had the Firefox logo / icon . & it appeared to run a scan on the files to locate the problem .
Do you know if this is part of Firefox or another scam?
Hick PS I use a Mac OS 10.3.9 |
Firefox does not have any such program included in it's build. Either this program has been added onto Firefox, by methods unknown, or uses a similar icon, or is a fake anti-virus or anti-spyware program.
Note, that is is possible that you somehow got sent to a virus or spyware scanning site, either real or fake. Do not fool yourself into thinking that because your OS is MacIntosh, you are immune to malware threats. People are writing exploits for Macs and they are in the Wild.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 1 Dec 2007 7:47 am
|
|
This blows. I've totally lost FF. As has happened before, I had trouble installing the update. I get to the extracting files process, then the wizard comes up, I go thru that to the 'standard' installion option then the box comes up:
| Quote: |
| "error opening file for writing: C:\Program Files\Mozilla Firefox\firefox.exe Click Retry"....etc. |
So I uninstalled FF, tried the installation again and got the same error message. Tried to delete firefox.exe in Program Files and was denied permission--it was "being used by something else". So I had no FF and couldn't install it. I did a system restore (XP home) but FF will not start up when I click the icon (or when I try in the Start menu) and I still get the same error message. I'm totally stuck (and using IE right now). |
|
|
|
Bob Hickish
From:
Port Ludlow, Washington, USA, R.I.P.
|
Posted 1 Dec 2007 8:15 am
|
|
Something is going on with this ! Firefox has been
acting strange on this mac for a week or two .
what ever it was that flagged this machine must have
done what it intended to do -- although ! its all still working .
Maybe its time to do a clean install .
Man ! there goes a week or two of your life .
Hick |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 1 Dec 2007 8:25 am
|
|
| Jon Light wrote: |
This blows. I've totally lost FF. As has happened before, I had trouble installing the update. I get to the extracting files process, then the wizard comes up, I go thru that to the 'standard' installion option then the box comes up:
| Quote: |
| "error opening file for writing: C:\Program Files\Mozilla Firefox\firefox.exe Click Retry"....etc. |
So I uninstalled FF, tried the installation again and got the same error message. Tried to delete firefox.exe in Program Files and was denied permission--it was "being used by something else". So I had no FF and couldn't install it. I did a system restore (XP home) but FF will not start up when I click the icon (or when I try in the Start menu) and I still get the same error message. I'm totally stuck (and using IE right now). |
This sounds like a permissions/ownership issue. Anytime you are denied access to alter, modify, or delete a file, or program, the reason is one of the following:
- It is still active in memory, whether visible or not
- It was installed by switching to another administrator level account
- You are not the Computer Administrator, but are a Limited User
- You do not own the file or program (NTFS permissions)
- The program was corrupted during a previous install/uninstall and the corruption persists across subsequent install/uninstalls
- An Add-On, or plug-in is causing corruption to the browser
To begin troubleshooting this, press CTRL + ALT + DEL and if you see Firefox.exe in the list of running Processes, highlight it and click on "End Process." Next, try to uninstall Firefox, via Control Panel, including removing your profile and preferences. Delete the entire program folder. In Windows this is at: C:\Program Files\Mozilla Firefox\. Delete everything and the directory itself. The Firefox Profile is found in: Documents and Settings\your-login-identity\Application Data\Mozilla\. Delete that folder and its contents.
If you are unable to delete any of these files it is because either they are in use, in a hidden process, or you do not have ownership of them. You might try Switching" to another Administrator level account, if there is one already on the computer. This may solve the problem. If so, remove all vestiges of Firefox, then reboot, then enter you normal identity and try installing a fresh copy.
If none of the above works try performing these tasks from a reboot into Safe Mode, into your usual account, or, if necessary, into the "Administrator" account. If you are successful, restart Windows and reinstall a fresh copy from your usual identity account.
You can determine who owns a file or directory by right-clicking on it, choosing "Sharing and Security" > "Security" > "Advanced" button > "Owner." If your identity is not the Owner, but is listed in the field below, change it by highlighting your name, then click Apply. Before closing this box click on "Permissions" and ensure that your usual identity is listed and that it has "Full Control." If it is not listed, "add" it to the list and give it Full Control (checkbox). If it is listed, but lacks Full Control, grant it now. Click Apply, the OK, to exit the Permissions box. Try again to uninstall and reinstall the program from your identity.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 1 Dec 2007 8:39 am
|
|
"in use" seems to be the issue----I can't delete FF.exe because of it even though I've got nothing apparent that is running. What on earth could be 'using' it?
As to the other stuff--I have only one account and I am the administrator. I've changed nothing along those lines. I'm going to reboot and then go get my boots. Something's needing a good stomping. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 1 Dec 2007 9:39 am
|
|
| Jon Light wrote: |
| "in use" seems to be the issue----I can't delete FF.exe because of it even though I've got nothing apparent that is running. What on earth could be 'using' it? |
By any chance, are you launching Firefox from a Quick Launch icon? If so, are you accidentally double clicking on the Quick Launch icon? Those icons only need a single click to launch and some programs develop phantom second processes when double launched.
You can check for phantom copies by pressing CTRL + ALT +DEL and looking for Firefox.exe under the list of running processes. If it is listed twice, use the End Process button on one of them. If Firefox is running but invisible, use End Process anyway.
There may be other reasons why a browser runs in invisible mode, most of which you won't like to hear. Can you spell "rootkit?"
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 1 Dec 2007 9:42 am
|
|
| Well----several reboots, attempted manual deletions and swear words later I am now running 2.0.0.11. My system is so messed up I don't what's what. 'generic Win something host' failed on bootup and had to shut down, WinExplorer did the same on my last bootup. But FF is running. nothing like holding a big boot up to the monitor and saying 'I'm not messing around mutha'. |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 1 Dec 2007 9:47 am
|
|
near-simultaneous posts----
--moot point, I guess. Yes, I do launch from the quick launch bar. Yes, double click could be possible. But during all this, FF was not in the running processes. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 1 Dec 2007 9:50 am
|
|
I should also mention that Firefox 2.x has a special recovery feature that is installed with it. If you go to Start > (All) Programs > Mozilla Firefox > Mozilla Firefox (Safe Mode), you can launch the browser without any add-ons, or plug-ins. When this mode starts up you will be presented with a box full of options to disable various items during the regular launch process. You can ignore them for the moment to see if the browser will launch in it's Safe Mode. If it does launch in this mode you can begin disabling various Add-ons and plug-ins and restart Firefox in normal mode. You may find one particular add-on or plug-in was causing all of these problems. There may be an update available for that application, or you may want to simply uninstall that item completely.
The Safe Mode I am referring to for Firefox is NOT Windows Safe Mode. This is a special feature of the browser itself, where it launches without plug-ins or add-ons. It is a very useful troubleshooting feature of the browser.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jon Light
From:
Saugerties, NY
|
Posted 1 Dec 2007 10:57 am
|
|
Yeah--I saw that when I was flailing around. Duly noted. As long as I'm up & running, I'm not in the mood to be mucking around.
As always, thanks, Wiz. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Bob Hickish
From:
Port Ludlow, Washington, USA, R.I.P.
|
Posted 2 Dec 2007 7:42 am
|
|
Wiz
The event I referred to above was documented ,
I have it converted to a PDF . so I think it is benign .
there is a web address in it , --- usertrust(dot)com
in Salt Lake .
I can eMail this to you if you wish to see it .
Hope your snow is not to deep !
Hick |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 2 Dec 2007 8:30 am
|
|
| Bob Hickish wrote: |
Wiz
The event I referred to above was documented ,
I have it converted to a PDF. so I think it is benign.
there is a web address in it , --- usertrust(dot)com
in Salt Lake.
I can eMail this to you if you wish to see it.
Hope your snow is not to deep !
Hick |
Bob;
I checked out usertrust.com and here is what they say they are about:
| Quote: |
USERTrust provides Internet privacy and security solutions that enable companies and industries to migrate business processes to the Internet. While low-value Internet B2C transactions have become common, insufficient levels of privacy and security have hindered the growth of complex B2B and B2C transactions. USERTrust's end-to-end infrastructure product suite provides clients with the same legal, privacy, and security protections afforded them in the physical world. |
I don't know what program was scanning, or what it scanned for, but if it came with a digital signature from this company it might well be a legit application. You should see what plug-ins and add-ons are included with your installation of Firefox, or what security programs were included with the computer.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Bob Hickish
From:
Port Ludlow, Washington, USA, R.I.P.
|
Posted 2 Dec 2007 9:28 am
|
|
Wiz
It would be my best guess , What ever it was ! it was
designed for PC's & was not able to do anything with
Mac OS . here is what it said ( in part ). on my PDF there
are over 200 pages most pages only have a couple items
of computer gobble de gook
��
TLOSS error���SING error����DOMAIN error ��R6028- unable to initialize heap����R6027 - not enough space for lowio initialization����R6026- not enough space for stdio initialization ����R6025- pure virtual function call���R6024 - not enough space for _onexit/atexit table����R6019- unable to open console device ����R6018- unexpected heap error����R6017 - unexpected multithread lock error����R6016- not enough space for thread data �abnormal program termination����R6009 - not enough space for environment�R6008- not enough space for arguments ���R6002- floating point not loaded����Microsoft Visual C++ Runtime Library���� ��Runtime Error!
as far as I know there are no add ons to Firefox , all
I have done is install the browser .
Maybe I don't understand your question / comment !
Quote
"You should see what plug-ins and add-ons are included with your
installation of Firefox, or what security programs were included with the computer."
The OS on this mac is updated by automatic download
so I have no clue as to what it initials .
So far I have seen no harm to the system - maybe I'm hooked up to NSA now
who knows !!
Hick |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 3 Dec 2007 11:29 am The reason for the Firefox 2.0.0.11 release
|
|
I have just read the real reason for Mozilla.org releasing Firefox 2.0.0.11 just 4 days after pushing out version 2.0.0.10. It is because one of the security fixes broke the rendering of the HTML "canvas.drawImage" element. Canvas is an advanced HTML element natively included in Firefox that is used for on-the-fly rendering of bitmap images.
Here is a quote from Bugzilla:
| Quote: |
"We are using drawImage alot in our web shop and now in Firefox 2.0.0.10 everything is broken," Bugzilla commenter Klaus Reimer wrote. "Customers are complaining because their Firefox automatically updated to 2.0.0.10 and now they can no longer order photo prints in our shop. I think this is a very serious problem and I hope it will be fixed immediately in a 2.0.0.11 update." |
AS you all know, Firefox 2.0.0.11 was released on November 30, as a "stability" update, but now you know the rest of the story!
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
