back to article Firefox update fixes bug brace

Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update. Firefox version 2.0.0.6 addresses a critical vulnerability that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Gosh they must have a lot of bugs

Or at least that sounded like the tone of the article of course in the same context it also means they fix them almost as fast as they get them which didn't seem worth a mention...

0
0
Silver badge

i.e.7

Best get using i.e7. Seems a lot more secure these days...

And cue fanboy flames

0
0
Anonymous Coward

ffs

not another one

0
0
Silver badge

Re: IE7

Personally I'd rather see a fix 2 weeks after the last one than have to wait a month till the next MS patch day or maybe longer by the time they write the fix. I think it's better to be secure asap than to be at risk longer just because it's easier for the developer to release all their patches on the same day every month.

Could be worse though, it takes Oracle forever to release fixes.

0
0

Thx

Can someone post a link to the update?

0
0

Alas

Alas , they still have yet to address the problem Java!

Oh well , I have just installed the latest version of Opera 9.2 , and currently after running a series of browser security tests including the one that FF fails to render an image properly , it performed superbly and rang rings around that basic insecure piece of crap that comes fitted as standard as part of M$ Windows and appears to be much more secure and far more web 2.0 compliant as well.

What price a choice?

0
0

Wow...

I was just reading this article when Firefox popped up with a message about having been updated. There may be some issues with Firefox, but at least they have a quick and painless update system, unlike another widely used browser...

</fanboy flames>

0
0

Appearance isn't everything Stu Reeves

If you compare the Secunia advisories for IE 7, Firefox and Opera you can quite plainly see which is the least secure (and it's not Firefox).

IE: http://secunia.com/product/12366/

Firefox: http://secunia.com/product/12434/

Opera: http://secunia.com/product/10615/

MS's ploy for announcing all their bad news in one go is working as people think their stuff is more secure now, when it plainly isn't.

Although it does seem that Opera is worth a go from a security perspective.

0
0
Anonymous Coward

Firefox "fleas"

Peter: you shouldn't need to "download the update" - Firefox should detect there's a newer version, and offer you the update automatically, if you've got that option switched on. And I can't think of a good reason to switch it from the default of "on". :) And - as usual - it's a no-brainer upgrade process, just agree to do the update and sit back!

I'm afraid to say that having more than one patch issued in this short a space of time doesn't really faze me at all. Quite the opposite - I find it comforting that the Firefox developers are concientious and skilled enough to send out a "production ready" fix for the problem(s) so quickly!

"Security through obscurity" is no security, (who do we know who does this <wink>), it's like expecting not to get burgled if you've left the front door open because you didn't tell anyone that you'd left that door open.

Biggest issue I've got with Firefox is that there's still idiots out there who only support IE6/7.

0
0

re: thx

umm... link? try clicking on the help menu in firefox and then clicking on "check for updates"... or just wait for a while and firefox will notify you once it does the automatic check.

0
0

Firefox? I'm running Minefield!

If you ever want a demonstration of how flawless Mozilla's update system is, use Minefield for a while. Every single day the browser updates itself to the latest nightly build - not had a single crap-out yet and the whole update process takes around 20 seconds.

Compare that to Microsoft!

Oh, and has been said above, I would much rather have a browser be updated every week (or even every day) with the latest flaws patched, than one updated whenever the dev team (and end user, let's not forget*) can be arsed, leaving flaws exposed for much longer. The article should be praising Mozilla for getting patches out so quickly. Nicely done, lads and lasses.

*I say this bit because a lot of the XP users I know turn off Automatic Updates straight away. No-one really trusts MS to manage their PC, especially after they labeled "Genuine Advantage" anti-piracy software as a critical update.

0
0
Anonymous Coward

@ heystoopid

heystoopid wrote: "Alas , they still have yet to address the problem Java!"

What does Java have to do with the Mozilla Foundation?

If you want Java fixed, it's Sun you need to whine to, not the Mozilla guys.

0
0
Silver badge

So easy

Gosh it's so easy to get the fanboys going...

I've used i.e for years, never got a virus, never been a victim of phising, never downloaded anything dodgy....

but then again, I'm not a Toser.

0
0

Re: So easy

Well, I haven't been infected by any of the issues resolved in the latest update of Firefox.

But it updated automagically. Unlike IE, which needs to be started manually. And only once a month. Malware authors know this, and wait until Wednesday to release new attacks. Zero day attacks are common on both browsers, but Mo publishes fixes ASAP. Unless it's a tremendous hole, MS won't fix it until the next patch release in a month. Assuming they've gotten around to it. I know of two vulns that were sent to MS three months ago that haven't been patched. Sooner or later these are going to go from "protected info by white hats" to "exploited by black hats".

0
0
Anonymous Coward

Java Fix

From Firefox 2.0.0.6 Release Notes:

The Java Console extension that came with Java SE 6.0u1 (J2SE6.0.01) is incompatible with Firefox as reported in Bugzilla. Java should work as expected, but the menu item "Java Console" will not be available in the Tools menu. This issue has been fixed in Java SE 6.0u2 (J2SE6.0.02) and is available for download from the Java website.

0
0
Anonymous Coward

Groundfox Day

"If it falls to Firefox to start a fight to cut out the cancer of bent and twisted browsing on our web with the simple sword of truth and the trusty shield of W3C fair play, so be it. They are ready for the fight. The fight against falsehood and those who peddle it. Their fight begins today. Thank you and good afternoon."

0
0
Anonymous Coward

@Stu Reeves

"but then again, I'm not a Toser"

No. You're a troll who can't spell "tosser".

0
0
Anonymous Coward

Alas , they still have yet to address the problem - Java!

Just download (and use) the NoScript add-on. BTW, like Firefox itself, add-ons are updated automatically.

0
0

Re: Thx

Sorry it was a bad joke :)

0
0
Anonymous Coward

3 exploits in IE7 ?

there are some known exploits in IE7. but since they cannot be mentioned until

microsoft release patches - hopefully this will occur on the next patch tuesday..if not that'll be another 28 days of vulnerability. trouble is, as its closed source, only

MS can fix this - noone else can come up with fixes or better code handling..so

you hope and pray that they can be bothered to address. Mozilla/firefox/safari

etc all have a point to make - so they're addressing these issues very rapidly.

and hey. to patch FF all you need to do is get that little update and just restart the browser..not the whole machine.

0
0

web 2.0?

What was that bit about Opera being web 2.0 compliant? Is that a W3C thing, or dose it simply appeal to the social collective conscience?

0
0
Anonymous Coward

Wake up

Rather than adopting the "my browser is better than yours" attitude that most of the people here seem to be taking. You should all wake up and smell the coffee and accept that they are all indeed as vulnerable as each other.

As long as you filthbags keep visiting those nasty websites for free warez and a quick peek at Paris's snizz. Then the hackers will always have a avenue to deliver their code.

Neither Microsoft or Mozilla publish security vulnerabilities on a webpage for your viewing pleasure, that would be an Arseclown decision for any company.

Go buy yourself a ZX81 and write a browser for it, and i bet its more secure than anything currently on the market.

Userbase is the target, not the browser itself

0
0

Safari

Safari on windows is excellent, I know it's only a beta, But it is really good. The speed difference is outstanding. Why can't the Microsoft boys produce software this good? Firefox is probably the best browser for windows, but I think Safari has the potential to be a real threat to it. http://apple.com/safari

0
0

Re: So easy

Read the first sentence of Stu's post here.

Then read the next two.

Hehehehehehehe.

0
0

Web 2.0 Compliant?

Yet another hype-believing muppet who can't grasp the concept ("concept" as in "piss and wind") that web 2.0 is (or isn't, technically speaking)!

"No sorry, you cant' view web 2.0 sites with this browser!"

0
0

All as bad as one another

Quote:

"I've used i.e for years, never got a virus, never been a victim of phising, never downloaded anything dodgy.... but then again, I'm not a Toser."

No, you're a smug semi-illiterate troll. You should change to a browser that provides a spellchecker.

I agree with previous comments that all browsers have vulns but at least Mozilla is quick to fix them. And I also agree with the observation that if you are prepared to click through to a moneyshot of Paris Hilton's genitalia then you deserve everything bad that happens to you.

0
0
Dam

Re: wake up

As long as you filthbags keep visiting those nasty websites for free warez and a quick peek at Paris's snizz. Then the hackers will always have a avenue to deliver their code.

---

Actually, no.

Firefox with NoScript perfectly handles all the porn sites that none of us ever visits.

Video of Paris anyone?

0
0

Odd isn't it

And the same thing happens if anyone has the temerity to report on Fanboiy software in general is patched.

You can't even mention that Firefox, Mac OS or Linux (all of which I use in various capacities) has a security update without muppets feeling the need to point out IE and Windows appear to require more and that they often take months too long to be released.

We know this already - stop bleating pathetic defensive blather just because someone has pointed out it's impossible to write perfect software..

The article let anyone, who for some strange reason wasn't automatically updated by Firefox itself, know there was a fix available. Why is that a problem? Why does anything produced by Microsoft even need to be brought up?

0
0
Jim

@ Andy Bright

This comment stream follows the same route as normal.

1. Article points out that a Non-MS product needs an update.

2. Troll pipes up that MS makes a better product (usually includes a ref to fanboy - choose your favourite pretentious spelling).

3. Someone points out that there is nothing superior about said MS product.

4. That someone is automatically a fanboy.

Is that what you mean by “the same thing happening”? Yes it is tedious that every time something non-MS is criticised (however slight) then an MS supporter is there to put the boot in early.

0
0
This topic is closed for new posts.

Forums