Text only | Text with Images

LandzDown Forum

Security => Security Alerts & Briefings => Topic started by: techie on January 23, 2018, 02:35:47 PM

Title: Firefox 58.0 released
Post by: techie on January 23, 2018, 02:35:47 PM
Firefox 58.0 was released to the update channel. It has some improvements. I didn't see any security update notes for this release.

https://www.mozilla.org/en-US/firefox/58.0/releasenotes/
Title: Re: Firefox 58.0 released
Post by: Pete! on January 23, 2018, 03:08:41 PM
Strange... I lost all my logins when I updated.
I don't recall that ever happening before.
Title: Re: Firefox 58.0 released
Post by: Corrine on January 23, 2018, 04:05:27 PM
Quote from: techie on January 23, 2018, 02:35:47 PM
I didn't see any security update notes for this release.

That is because the security advisories are normally published later than the release notes. 

Firefox ESR was updated to version 52.6.0.
Title: Re: Firefox 58.0 released
Post by: ky331 on January 23, 2018, 05:05:17 PM
Security vulnerabilities fixed in Firefox 58
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
Title: Re: Firefox 58.0 released
Post by: Corrine on January 23, 2018, 06:02:29 PM
Additionally note that Firefox ESR included the critical update for CVE-2018-5089.
Title: Re: Firefox 58.0 released
Post by: winchester73 on January 23, 2018, 09:46:20 PM
Quote from: Pete! on January 23, 2018, 03:08:41 PM
Strange... I lost all my logins when I updated.
I don't recall that ever happening before.

I didn't have that issue when the update was applied  :-\
Title: Re: Firefox 58.0 released
Post by: plodr on January 24, 2018, 02:48:36 PM
What is CVE-2018-5089?
When I googled the first hit I got was Red Hat.
https://access.redhat.com/security/cve/cve-2018-5089

which led me here
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089

which led me here
https://nvd.nist.gov/vuln/detail/CVE-2018-5089
and that said CVE ID not found.

I feel like I'm going in circles. My avatar is circular but I dislike going in circles.  ;)
Title: Re: Firefox 58.0 released
Post by: Corrine on January 24, 2018, 03:11:34 PM
I found the same as you that the CVE is "reserved".  Mozilla points CVC-2018-5089 to a long list of Bug ID's:

Bug ID: 1412420, 1426783, 1422389, 1415598, 1410134, 1408017, 1224396, 1382366, 1415582, 1417797, 1409951, 1414452, 1428589, 1425780, 1399520, 1418854, 1408276, 1412145, 1331209, 1425612
Title: Re: Firefox 58.0 released
Post by: plodr on January 25, 2018, 04:02:35 PM
Thanks.
Ignorance is bliss. I guess I'll stay in the dark on this one and be happy.  :o
Title: Firefox Version 58.0.1 released
Post by: Corrine on January 29, 2018, 08:02:38 PM
Firefox version 58.0.1 released.  The critical security update was issued to fix Bug 1433065 (https://bugzilla.mozilla.org/show_bug.cgi?id=1433065) which resulted in Firefox 58 not loading any pages (including about: pages) when using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products).

Release Notes (https://www.mozilla.org/en-US/firefox/58.0.1/releasenotes/)
Security Updates (https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox58.0.1)
Title: Firefox 58.0.2 released
Post by: Corrine on February 07, 2018, 08:25:43 PM
Mozilla sent Firefox Version 58.0.2 to the release channel today.  The update addresses a number of bugs.

ESR remains at version 52.6.0.

Mozilla Firefox Release Notes (https://www.mozilla.org/en-US/firefox/58.0.2/releasenotes/)
Text only | Text with Images