Mozilla releases Firefox 39, patches 22 security issues

Similar Messages

• I currently have Trend Micro...Does Firefox handle all the security issues like pfishing and viruses etc...I would like to cancel the other

  I cannot seem to get anyone to help me because I have asked this same question more than 6 or 7 times. Does Firefox handle all the security issues like pfishing and viruses, worms from attaching to my computer??????

  This question is a duplicate of https://support.mozilla.com/en-US/questions/884618

• Samba 3.2.6 patch for security issue

  I know the security issue is hard to trigger, but I created a new PKGBUILD for samba 3.2.6 containing the patch.
  Excerpt from the patch commentary:
  commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410
  Author: Michael Adam <[email protected]>
  AuthorDate: Thu Dec 18 18:01:55 2008 +0100
  Commit: Karolin Seeger <[email protected]>
  CommitDate: Fri Dec 19 08:30:23 2008 +0100
  smbd: prevent access to root filesystem when connecting with empty service name
  This only applies to a setup with "registry shares = yes"
  Michael
  And here's the PKGBUILD:
  # $Id: PKGBUILD 22200 2008-12-22 22:24:26Z tpowa $
  # Maintainer: judd <[email protected]>
  pkgname=samba
  pkgver=3.2.6
  # We use the 'A' to fake out pacman's version comparators. Samba chooses
  # to append 'a','b',etc to their subsequent releases, which pamcan
  # misconstrues as alpha, beta, etc. Bad samba!
  _realver=3.2.6
  pkgrel=2.1
  pkgdesc="Tools to access a server's filespace and printers via SMB"
  arch=(i686 x86_64)
  url="http://www.samba.org"
  license=('GPL3')
  backup=(etc/logrotate.d/samba etc/pam.d/samba etc/samba/smb.conf etc/xinetd.d/swat etc/conf.d/samba)
  depends=('db>=4.7' 'popt' 'libcups' 'acl' 'libldap' 'smbclient=3.2.6' 'libcap' 'heimdal>=1.2-1' 'pam' 'fam' 'gnutls>=2.4.1' 'tdb=3.2.6')
  options=(!makeflags)
  source=(http://us1.samba.org/samba/ftp/stable/${pkgname}-${_realver}.tar.gz \
  no-clients.patch samba samba.logrotate swat.xinetd samba.pam samba.conf.d \
  ftp://us1.samba.org/pub/samba/patches/security/samba-3.2.6-CVE-2009-0022.patch)
  build() {
  cd ${srcdir}/${pkgname}-${_realver}/source
  patch -Np2 -i ${srcdir}/no-clients.patch || return 1
  patch -Np2 -i ${srcdir}/samba-3.2.6-CVE-2009-0022.patch || return 1
  ./configure --prefix=/usr --with-configdir=/etc/samba \
  --with-lockdir=/var/cache/samba \
  --with-piddir=/var/run/samba \
  --with-fhs --with-pam --with-ads --with-acl-support \
  --without-cifsmount --without-libsmbclient \
  --with-syslog --with-pam_smbpass \
  --localstatedir=/var --disable-dnssd --libdir=/usr/lib/samba
  make || return 1
  mkdir -p ${pkgdir}/var/log/samba
  mkdir -p ${pkgdir}/etc/samba/private
  chmod 700 ${pkgdir}/etc/samba/private
  make DESTDIR=$startdir/pkg install
  chmod 644 ${pkgdir}/usr/include/*.h
  rm -rf ${pkgdir}/usr/var
  (cd script; cp installbin.sh i; cat i | sed 's/\/sbin\///' > installbin.sh)
  install -D -m755 ../../samba ${pkgdir}/etc/rc.d/samba
  install -D -m644 ../../samba.conf.d ${pkgdir}/etc/conf.d/samba
  mkdir -p ${pkgdir}/etc/samba
  cat ../examples/smb.conf.default | \
  sed 's|log file = .*$|log file = /var/log/samba/log.%m|g' >${pkgdir}/etc/samba/smb.conf.default
  install -D -m644 ../../samba.logrotate ${pkgdir}/etc/logrotate.d/samba
  install -D -m644 ../../swat.xinetd ${pkgdir}/etc/xinetd.d/swat
  install -D -m644 ../../samba.pam ${pkgdir}/etc/pam.d/samba
  # symlink libs
  for i in ${pkgdir}/usr/lib/samba/libsmbshare*; do
  ln -sf samba/$(basename $i) ${pkgdir}/usr/lib/$(basename $i)
  done
  # spool directory
  install -d -m1777 ${pkgdir}/var/spool/samba
  sed -i 's|/usr/spool/samba|/var/spool/samba|g' ${pkgdir}/etc/samba/smb.conf.default
  # fix logrotate
  sed -i -e 's|log.%m|%m.log|g' ${pkgdir}/etc/samba/smb.conf.default
  # nsswitch libraries
  install -D -m755 nsswitch/libnss_wins.so ${pkgdir}/lib/libnss_wins.so
  ln -s libnss_wins.so ${pkgdir}/lib/libnss_wins.so.2
  install -D -m755 nsswitch/libnss_winbind.so ${pkgdir}/lib/libnss_winbind.so
  install -D -m755 bin/pam_winbind.so ${pkgdir}/lib/security/pam_winbind.so
  # remove conflict files of smbclient and tdb
  for man in libsmbclient smbspool \
  umount.cifs mount.cifs net; do
  rm -f ${pkgdir}/usr/share/man/man8/${man}.8
  done
  for i in libnetapi* libtdb* libtalloc* libwbclient*; do
  rm -f ${pkgdir}/usr/lib/samba/$i
  done
  rm -f ${pkgdir}/usr/bin/tdbbackup
  rm -f ${pkgdir}/usr/include/{tdb.h,talloc.h,netapi.h}
  for man in rpcclient smbcacls smbclient smbcquotas \
  smbtree smbtar nmblookup smbget; do
  rm -f ${pkgdir}/usr/share/man/man1/${man}.1
  done
  rm -f ${pkgdir}/usr/share/man/man7/libsmbclient.7
  rm -f ${pkgdir}/usr/include/libsmbclient.h
  md5sums=('0cd27c7afbb8211616eea4010f32271c'
  'a676f0dde2c434aeb5125376b8797a64'
  'e93533fa2296c07c1f645dfdd373657f'
  '5697da77590ec092cc8a883bae06093c'
  'a4bbfa39fee95bba2e7ad6b535fae7e6'
  '96f82c38f3f540b53f3e5144900acf17'
  'f2f2e348acd1ccb566e95fa8a561b828'
  'e15ab37115101cf3a8d110f0c1f8e29e')
  I think a security task force should be initiated (I know discussions existed, but I don't know what were the consequences), so that important packages (like those providing services) could be updated in a timely manner. This is a minor issue as I stated earlier, but it could be worse. Those interested, let's initiate a discussion with the developers of important packages and try to get some things working. People (mostly trusted users) who can generate early packages are welcome, so that they can provide early versions of unvulnerable packages.

  ckristi wrote:I don't know about other packages, but I believe when I checked the PKGBUILD for PHP, that the security fix was included in 5.2.7.
  Check http://repos.archlinux.org/viewvc.cgi/p … iew=markup for more info.
  And don't get me wrong, I am a little bit concerned about the way vulnerabilities are treated in Arch, 'cause my home server is running this distro.
  And I really would think we should start some serious discussions about this security issues and the way they should be treated. I know the developers are doing their best and I'm not going to put fingers at all. They should be helped in maintaining packages for important services. We'll benefit from it and their tasks would be easier.
  Why don't you start a wiki page tracking the latest vulnerabilities disclosed on various security mailing lists which are not fixed in arch. This will make it much easier for the devs.
  This thing has been already discussed multiple times and already a wiki page exists for Arch Security Team but it seems nobody followed up with that.
  http://wiki.archlinux.org/index.php/Security_Task_Force

• A fix for the Mozilla Firefox SSL Certificate Validation Security Weakness vulnerability? This appears to be an issue with not revalidating certificates when loading HTTPS pages from cache.

  We have to close vulnerabilities for PCI & Cybertrust certification. We have upgraded users running Firefox to version 7.0.1 but we are still receiving the message: Mozilla Firefox SSL Certificate Validation Security Weakness. Researching the issue, it appears to be related to certificates not being revalidated when loading HTTPS pages from cache. The bug report I found is:
  Bug 660749 - Firefox doesn't (re)validate certificates when loading a HTTPS page from the cache

  cookies.squite answer is Today at 5:15 PM .
  New profile, same problem.
  We've already established it is not a add-ons problem but obviously there will be less add-ons in this new profile to help exclude.
  Since there is two PC profiles on the PC, I tried the second profile, same problem. Used the RESET FF function on the second PC profile...same thing...even followed the instruct for uninstall &re-install...same problem.
  (3) different virus scanners, no hard core problems.
  Suspect how I have something in Windows setup that no one else is using?

• Why does Mozilla release so many Firefox updates?

  I hate updating Firefox because every time I do it totally messes up my add on toolbars. Or it says that certain add ons are incompatible with the new version. It seems like every 3 months or less Mozilla is pushing out another version. Never mind the nagging popups that plague me every time I open Firefox. I of course know that I can choose to never be notified but I realize that at some point I will HAVE to update Firefox, because certain websites may be a problem visiting and that. I just wished Mozilla wold release their newest version once a year instead of so frequently.

  hello, i use an early alpha version of firefox that updates daily and have never experienced any of the issues of mixed up toolbars or incompatible addons you have described as a result of that.
  which addons in particular are you using which cause you those problems? figuring this out and contacting the addon's developer or switching to alternatives that are better maintained might be an approach with far greater chance of success than hoping that firefox will change to a yearly release schedule - this won't happen since frequent releases are done due to security, stability, performance and web standard improvements...

• Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

  Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
  Some have no problem accessing the lesson plans.
  Most when they login click on a lesson plan and an icon shows up that says loading but never does.
  If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
  Think Central support says this is a security issue with Firefox.
  I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
  I have allowed the pop ups to the think Central web site.
  Any help would be appreciated

  Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
  Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.

• Firefix sad:"Copy/Cut/Paste is not available in Mozilla and Firefox. Do you want more information about this issue?" But,I can do the that from Opera...What should I do?

  Copy/Cut/Paste is not available in Mozilla and Firefox.
  Do you want more information about this issue?
  That's what Firefox sad to me...I was Rich text editing,but I can
  not use copy paste on.
  I did the same site and Rich text editing with Opera,
  and there was no problem.
  I love Firefox,and I want ti use it,but if this is not posibile to do in Firefox,I must go with Opera from now on.
  Pleace,responde to me,I need to fix a problem.
  I hope you understanded my Engish!
  Thank you...

  Try to use the keyboard if the buttons on the web page aren't working.
  * Copy: Ctrl+C or Ctrl+Insert
  * Paste: Ctrl+V or Shift+Insert
  * Cut: Ctrl+X or Shift+Delete
  See:
  *http://kb.mozillazine.org/Granting_JavaScript_access_to_the_clipboard
  *https://addons.mozilla.org/firefox/addon/allowclipboard-helper/

• Copy/Cut/Paste is not available in Mozilla and Firefox. Do you want more information about this issue?

  Copy/Cut/Paste is not available in Mozilla and Firefox.
  Do you want more information about this issue?
  Yes!

  https://support.mozilla.com/en-US/kb/Clipboard+not+working
  This extension will help you set the necessary permissions - Allow Clipboard Helper extension: <br />
  https://addons.mozilla.org/en-US/firefox/addon/852

• HT1338 There is a lot of talk about the Java security issues and the ability to download a patch fix, do i need to do this or will software update pick this up for me?

  There is a lot of talk about the Java security issues and the ability to download an apple patch fix, do i need to do this or will software update pick this up for me?

  Thanks for that, how do I establish if I have Java installed as on Safari preferences it indicates the following
  Web content - Enable Java
                      - Enable JavaScript

• Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  The official communication is now posted to
      https://blogs.oracle.com/security/entry/security_alert_cve_2014_7169

• MSSQL 2008R2 SP3 will it include all security updates and cumulative patched released before this patch ? Example this security patch KB2977319, KB2977320 ?

  If I install MSSQL 2008R2 SP3 will that cover all the security patched released before this patch ?
  I also want to specifically know about this two Vulnerabilities in SQL Server Could Allow Elevation of Privilege
  KB2977319, KB2977320
  Please see more information about this in below blog: https://technet.microsoft.com/en-us/library/security/ms14-044.aspx
  Regards, Srini

  To read about the details of the fixes included in the service pack3 please refer this page
  http://support.microsoft.com/kb/2730301
  or this link
  http://support.microsoft.com/kb/2979597
  List of fixes included in SQL Server 2008 R2 SP3
  Microsoft SQL Server 2008 R2 service packs are cumulative updates and SQL Server 2008 R2 SP3 upgrades
  all editions and service levels of SQL Server 2008 R2 to SQL Server 2008 R2 SP3. 
  Satheesh
  My Blog |
  How to ask questions in technical forum

• Is there a patch for the NTP security issue that does not require Xcode?

  Is there a patch for the NTP security issue that does not require Xcode? I have an older Intel mini that can't be upgraded beyond 10.6.8 and I currently don't have room for Xcode 3.2.5. Has somebody trustworthy posted these binaries?

  NTP fix for Snow Leopard: https://drive.google.com/folderview?id=0BxQCbeIgpA2uVjFiN1h4bGZNQ2c&usp=sharing
  You can also go to System Preferences/Date & Time and deselect Set time Automatically.
  Snow Leopard users: Turn off automatic date and time in System Preferences immediately

• Firefox Hanging Problem, but not actually hanging [Security Issue?]

  Reposting from a reply I made on another thread so that this might get more attention for people:
  So I've been having this problem for the past couple days, after I installed the 4.0 Beta 12, but not immediately. I resorted to using IE8 until I could troubleshoot. Today I uninstalled and reinstalled, initially keeping my customizations, then again without. Upon installing the new RC I imemdiately had the same problem.
  For me what goes wrong is Firefox will open correctly and begin to load a page or pages, and about 15 seconds in, usually after all loading is done, it will seemingly freeze, or hang rather. Seemingly completely unresponsive.
  Here is the aha moment: I became fed up with this and was just trying to get to the troubleshooter's containing file or whatever, [so that I could delete the session restore javascripts, like the support page says to try for hangs]. It hang right before I was able to open the containing folder. Instead of trying to fix it or wait I immediately alt-f4ed it. But firefox remained, and to my surprise, it worked completely fine. Normally, when its hanging, any click on the window will just make a windows BING sound and be compeltely unresponsive. After attempted to close firefox, it actually worked fine.
  This leads me to believe there is some masking window that makes firefox appear to be hanging, but in reality its working totally fine.
  I've attempted to unmask this by dregding through process explorer, but so far to no avail. I'm no expert, but I figured if this board hasn't realized this yet someone can figure it out from here far better than I can.
  Let me know when you figure it out to so I stop using IE. Even though Firefox functions after I alt-f4 the "mask", I don't know if the 'mask' is harming my system or giving me malware or what so I'd rather not fuck with it.

  Run the Firefox program once as Administrator (right-click: Run as Administrator).<br />
  If that doesn't help then do a clean reinstall.
  Do a clean (re)install:
  * Download a fresh Firefox copy from http://www.mozilla.com/firefox/all.html and save the file to the desktop.
  * Uninstall your current Firefox version and remove the Firefox program folder before installing that copy of the Firefox installer.
  * Don't remove personal data if you uninstall the current version.
  * It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
  Your bookmarks and other profile data are stored elsewhere (not in the Firefox program folder) and won't be affected by a reinstall, but make sure that you do not select to remove personal data if you uninstall Firefox.

• SSRS (Security) issues in Firefox and Chrome

  in both browsers the layout is a mess to start with.
  Biggest problem in both cases is: The detailView button is vissible even if your not admin.
  So when ppl click this they are able to see/modify datacources and see hidden directories and stuff. I havent checked if they can really change stuff but it seems to me that its not what we want. If you are not admin you shouldnt see the DetailView button
  at all.
  1 other thing that doesnt work in Chrome. The report itself. you can fill in parameters but the report itself wont show up. but thats a minor problem.
  the security issue with the DetailView option available for everyone would be a major problem id say

  Which version of Reporting Services are you running?
  Check this article on MSDN about browser compatibility of SSRS: Planning for Reporting Services and Power View Browser Support
  SSRS works best on Internet Explorer. If you use other browsers, something may not be displayed correctly.

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes