FIREFOX ESR 17 UPGRADE
IS&T recommends Firefox users upgrade to Firefox ESR 17 IS&T recommends.
FIREFOX ESR 17 UPDATE
(CVE-2013-1697) Solution Upgrade to Firefox 17.0.7 ESR or later. The Extended Support Release (ESR) of Firefox is designed for institutions like MIT. Will a Firefox ESR Installation on version 52.x ESR with auto-update enabled automatically update to ESR 60.0 on May 9, breaking apps that use the Unity Plugin In order to see scanned documents on a secured hospital system, I have to have version 17 ESR. (CVE-2013-1694) - An error exists related to the 'toString' and 'valueOf' methods that could allow 'XrayWrappers' to be bypassed. (CVE-2013-1693) - An error exists related to 'PreserveWrapper' and the 'preserved-wrapper' flag that could cause potentially exploitable application crashes. (CVE-2013-1692) - An error related to the processing of SVG content could allow a timing attack to disclose information across domains. (CVE-2013-1690) - The application sends data in the body of XMLHttpRequest (XHR) HEAD requests and could aid in cross-site request forgery attacks.
FIREFOX ESR 17 CODE
(CVE-2013-1687) - An error related to 'onreadystatechange' and unmapped memory could cause application crashes and allow arbitrary code execution. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686) - An error exists related to 'XBL scope', 'System Only Wrappers' (SOW) and chrome-privileged pages that could allow cross-site scripting attacks. (CVE-2013-1682) - Heap-use-after-free errors exist related to 'LookupMediaElementURITable', 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'. Description The installed version of Firefox ESR 17.x is earlier than 17.0.7, and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist.
![firefox esr 17 firefox esr 17](https://windows-cdn.softpedia.com/screenshots/Mozilla-Firefox-ESR_24.png)
It would also be a good idea to publish minimum requirements along with the change log for each new TBB.Synopsis The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities. Use-after-free vulnerability in the nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1. I think the Tor-Project should be using a well specified, standardized and dedicated build-box to produce its browser bundles so that the outcome no longer depends on who happens to run the build procedure. If Mozilla can do it, why can't the Tor-Project? Others have complained about the same issue and apparently there's a ticket in the bug-tracker but nothing has happened over the past 7 months.
![firefox esr 17 firefox esr 17](https://ecsoft2.org/sites/default/files/screenshots/firefox38_0.png)
Firefox 17.0.8esr works perfectly on my computer. and I'm wondering why? Shouldn't TBB work in the greatest possible number of environments? I can see no good reason why you are using a version of gtk+ that leaves some of your users behind. > libxul.so: undefined symbol: gtk_widget_set_can_focus Vidalia and Tor start up and connect to the Tor network but Firefox won't start. My Linux Live CD still uses gtk+ 2.16.5 which is the reason why none of the TBBs after 2.3.25-2 have worked for me. I have complained about this before, but since the problem persists I post the previous message one more time here: This link is also included in the changelogs and we will continue to add it in the future versions of Tor Browser Bundle as well so that users can always be aware of major issues. To read more about which kinds of fixes are in this version of Firefox, please click here. All users are strongly encouraged to upgrade.
![firefox esr 17 firefox esr 17](https://news-cdn.softpedia.com/images/news2/firefox-52-0-released-as-esr-branch-will-receive-security-updates-until-2018-513620-2.jpg)
All of the Tor Browser Bundles have been updated with Firefox 17.0.8esr which includes critical security fixes.