SillyDog701

by **profman** » Tue 16 Dec, 2008 6:12 pm

Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3. Firefox 2.0.0.19 does not include Phishing Protection.

(See the post below for info the the antiphishing feature. Even I will upgrade to version 3.x by some time early in 2009. Also note later release of 2.0.0.20 below.)

Security issues fixed in Firefox 2.0.0.19

Fixed in Firefox 2.0.0.19

MFSA 2008-69 XSS vulnerabilities in SessionStore
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-62 Additional XSS attack vectors in feed preview
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

Download Firefox 2

The incremental update download was successfully applied to my Firefox 2.0.0.18 version to update it to the 2.0.0.19 version. No problems were noted.

(Post updated to reflect availability of the incremental update download.) (Title edited to reflect release of 2.0.0.20.)

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18

by **profman** » Tue 16 Dec, 2008 6:41 pm

Note that, although version 2.0.0.19 will have updated security fixes, it also removes the antiphishing protection.

This matter is discussed in several on-line articles, one of which is listed below.

Mozilla to pull antiphishing feature from Firefox 2.0 at Google's request

Google requested that the antiphishing feature be turned off in version 2.0.0.19. Firefox 2.0.0.x versions evidently rely upon the obsolete version 1 of SafeBrowsing which pings servers maintained by Google. There are reports that Google will eventually disable the older SafeBrowsing protocol. This implies, to me, that all Firefox 2.0.0.x versions will eventually loose their antiphishing feature.

Firefox 3.04 and 3.05 will continue to have a working antiphishing feature since they use version 2.x of the SafeBrowsing protocol.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18

by **Antony** » Wed 17 Dec, 2008 3:48 am

Thanks Profman for the information on the last Firefox 2.0 and the story on anti-phishing technology being disabled.

One thing I fail to understand is the need to turn off anti-phishing support. If the list does not wish to be updated because of end of the support life span, the current anti-phishing does not need to be switched off, it can stay open with current phishing site list.

I personally see this is a ploy to force users to switch to Firefox 3.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5

by **Don_HH2K** » Wed 17 Dec, 2008 6:23 am

The issue is that the "site list" isn't internally kept, but rather the browser communicates with a SafeBrowsing server at Google. You'll notice that Protocolv2Spec has a bolded warning that the spec is still a draft, and makes references to an incompatible v2.1 of the protocol that's most likely in use in Firefox 3.

Blame who you like: Firefox for depending too much on Google, or Google for not maintaining backwards compatibility.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0 x64; en-US; rv:1.9.0.3pre) Gecko/2008111500 Minefield/3.0.5pre

by **Antony** » Wed 17 Dec, 2008 6:38 am

Don_HH2K wrote:Blame who you like: Firefox for depending too much on Google, or Google for not maintaining backwards compatibility.

One way or the other, the result is a convenient way to "push" users to upgrade.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5

by **Don_HH2K** » Wed 17 Dec, 2008 10:55 am

Antony wrote:One way or the other, a convenient way to "push" users to upgrade?

Or a way to fix problems with the protocol that were not immediately evident when it was first published?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0 x64; en-US; rv:1.9.0.3pre) Gecko/2008111500 Minefield/3.0.5pre

by **geffr** » Thu 18 Dec, 2008 11:38 pm

They just released 2.0.0.20

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

by **profman** » Thu 18 Dec, 2008 11:54 pm

Is this really the last 2.0.0.x release?!

Firefox 2 Release Notes

Note: This is the last planned release of Firefox 2. All users are encouraged to upgrade to Firefox 3. Firefox 2.0.0.20 does not include Phishing Protection.

Security issues fixed in Firefox 2.0.0.20

Fixed in Firefox 2.0.0.20

MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)

Download Firefox 2

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081201 Firefox/2.0.0.19

by **profman** » Fri 19 Dec, 2008 12:09 am

Looks like Mozilla forgot to include a patch in 2.0.0.19, so they issued 2.0.0.20 to rectify that mistake.

One article on this last release:

Oops! Mozilla forgets Firefox 2 patch, must reissue update

It's 'embarrassing,' but users are not at risk, says browser maker

A "clerical error" by Mozilla Corp. omitted one of the security patches that was supposed to be included in the Windows version of yesterday's Firefox 2.0.0.19 release, a company executive said today.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081201 Firefox/2.0.0.19

by **geffr** » Fri 19 Dec, 2008 12:10 am

While I'm using it to post now, I replaced my Win 98 box. Last straw with 98 (Which I prefer over xp) was FF pulling Win 98 support........

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

by **Fulvio** » Fri 19 Dec, 2008 1:32 pm

geffr wrote:While I'm using it to post now, I replaced my Win 98 box. Last straw with 98 (Which I prefer over xp) was FF pulling Win 98 support........

It does not mean that you can't use FF with Win98. I found out, nearly four years ago that a numbers of programs did not work with Win98, though. That, and my hard drive going bonkers made my exit to WinXP very easy. However, I repaired my old computer, and updated the OS to Win98SE. Most of the balking programs started working after that update.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

by **geffr** » Fri 19 Dec, 2008 10:03 pm

My concern is security holes that won't be patched. Opera 9.x won't run on 98 (though they say it will), & we won't discuss ie...........

I am on 98SE.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

by Al » Sat 20 Dec, 2008 12:24 am

There are ways to run Firefox 3 on Windows 98SE, I've done it myself on the Really Unusual Screenshots thread.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

by **geffr** » Sat 20 Dec, 2008 8:11 pm

Al wrote:There are ways to run Firefox 3 on Windows 98SE, I've done it myself on the Really Unusual Screenshots thread.

Al, could you please share how to do it, or if you already did so in the thread you mention, post a link to the thread?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

by Al » Sat 20 Dec, 2008 8:38 pm

It's located here: http://sillydog.org/forum/sdp_92170.php#92170

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

SillyDog701

Mozilla Releases Firefox 2.0.0.19, then 2.0.0.20

Mozilla Releases Firefox 2.0.0.19, then 2.0.0.20

Who is online