Firefox 0.10.1 released: Fix a critical security issue

[Wayne D]

"Mozilla have released an updated version of their Firefox browser, to
fix a critical security issue that has been discovered with it.

Quote:
How does this security vulnerability expose the user?

A malicious hacker who could trick a user into saving a file could delete
files from a user's download directory.

How serious is this vulnerability?

While this is a potentially severe security vulnerability, user
interaction is required to trigger potential harm. This security update
is also another example of the Mozilla Foundation identifying and fixing
security vulnerabilities before they are exploited by malicious hackers.
This type of security vulnerability is very different from cases where a
hacker could take advantage of a vulnerability to obtain valuable
information from a user's computer. "


Direct Download: Link may wrap

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/Firefox
Setup%201.0PR.exe

Regards

Wayne D

 

[MLC]

_Wayne D_, sabato 02/ott/2004:

"Mozilla have released an updated version of their Firefox browser, to
fix a critical security issue that has been discovered with it.

Quote:
How does this security vulnerability expose the user?

A malicious hacker who could trick a user into saving a file could delete
files from a user's download directory.

How serious is this vulnerability?

While this is a potentially severe security vulnerability, user
interaction is required to trigger potential harm. This security update
is also another example of the Mozilla Foundation identifying and fixing
security vulnerabilities before they are exploited by malicious hackers.
This type of security vulnerability is very different from cases where a
hacker could take advantage of a vulnerability to obtain valuable
information from a user's computer. "

Direct Download: Link may wrap

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/Firefox
Setup%201.0PR.exe

Just to add that for 1.0PR users it is a patch of only 9 KB:

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/patches/259708.xpi

 

[Antoine]

Just to add that for 1.0PR users it is a patch of only 9 KB:

http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10.1/patc
hes/259708.xpi

Another way to have this patch installed is :

Firefox > Tools > Options > Advanced > Software - Check now

and accept the patch installation.

 

[Atomhrt]

"Mozilla have released an updated version of their Firefox browser, to
fix a critical security issue that has been discovered with it.

Get Firefox today! It's the safe browser.



Couldn't resist...

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

Get Firefox today! It's the safe browser.



Couldn't resist...

Heh. The Firefox folks put this in their mini-faq about the patched
vulnerability:

Doesn't this case illustrate that all browsers are equally
insecure?

The Mozilla Foundation continues to have a very strong track
record on security. According to Secunia, an independent security
monitoring organization, Firefox currently has 1 open security
issue, out of a total of 13 security advisories filed in 2003 and
2004. 0% of these are labeled "extremely critical", 15% are
labeled "highly critical". For the same period, Secunia lists 16
open security issues out of 44 advisories for Internet Explorer
6.0, 14% of which are labeled "extremely critical", 34% are
"highly critical".

<http://www.mozilla.org/press/mozilla-2004-10-01-02.html>

 

[Atomhrt]

The Mozilla Foundation continues to have a very strong track
record on security. According to Secunia, an independent security
monitoring organization, Firefox currently has 1 open security
issue, out of a total of 13 security advisories filed in 2003 and
2004. 0% of these are labeled "extremely critical", 15% are
labeled "highly critical". For the same period, Secunia lists 16
open security issues out of 44 advisories for Internet Explorer
6.0, 14% of which are labeled "extremely critical", 34% are
"highly critical".

<http://www.mozilla.org/press/mozilla-2004-10-01-02.html>

Yep. But, check out this chart:
http://secunia.com/graph/?type=adv&period=all&prod=3256

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

Yep. But, check out this chart:
http://secunia.com/graph/?type=adv&period=all&prod=3256

The paragraph quoted from mozilla.org already has the info from that
histogram in it. But the histogram doesn't show the information about
the issues' severity or about whether they've been fixed yet. What was
the point of directing us to the graph?

 

[Atomhrt]

the issues' severity or about whether they've been fixed yet. What was
the point of directing us to the graph?

I thought it was so obvious, that I am not even going there. Bye.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

The paragraph quoted from mozilla.org already has the info from
that histogram in it. But the histogram doesn't show the
information about the issues' severity or about whether they've
been fixed yet. What was the point of directing us to the graph?

I thought it was so obvious, that I am not even going there. Bye.

So much for discussion. Bye too.