back to article Mozilla squashes critical bugs in Firefox

Mozilla on Monday issued an update for Firefox that fixes four critical security bugs in the popular open-source browser, including one exposed last week that could make it easy for attackers to spoof SSL certificates used to secure websites. The vulnerability meant Firefox could be tricked by rogue certificates, a potentially …

COMMENTS

This topic is closed for new posts.

Would a CA accept this?

Would any of the available (widely accepted) certificate authorities accept a certificate request with a "\0" prepended to the CN? If their software prevents them from seeing this then that's also a vulnerability IMHO. If they see it and then accept it they have some kind of procedural error again IMHO.

It was an error of course, but this sort would probably be assigned a low CVSS Base Score. (Still under review http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408).

Much worse is the Mozilla advisory 2009-43 "Heap overflow in certificate regexp parsing"... :-)

0
0

I also hope this fixes...

....the bug relating to colour oversaturation on certain monitors which has led to a good proportion of any pictures from t'internet being bright pink/bright green/dark dark purple when viewed in firefox.

0
0
Bronze badge

Is it just me?

Is it just me or do Mozilla seem to be taking over from Adobe as the masters of vulerability of late?

0
0
Thumb Down

Yet more bug in the browser

Why people use this one? He say "most secure way to surf the web" on the front but it have a bug every new day which risks me having computer germs and filth installed. I don't use because we have IE free and it works fast.

0
1
Anonymous Coward

@Bob Gataux

Hmmm just because nobody else issues patches, doesn't mean they ain't riddled with bugs, you should be please Mozilla fix them, after all it's hardly a big deal updating it... but if you don't like it go back to IE....

0
0

@Bob

"Why people use this one? He say "most secure way to surf the web" on the front but it have a bug every new day which risks me having computer germs and filth installed. I don't use because we have IE free and it works fast."

You're an idiot. Think about it. It's considered far more secure than IE because when vulnerabilities are found, they're patched, and patched a damn sight faster than those in IE.

0
0
Silver badge
FAIL

Another day another patch

How typical of the freetards. Bug, patch, bug, patch, but, patch...it's enough top make you puke.

I'm staying with MS as they may have bugs but they don't patch as often or as fast!

Hmm...hang on a minute....

0
0
FAIL

@Bob

You Fail to understand.... again. But then again I think your'e really Steven Ballmer in disguise, your posts seem to make about as much sense and the rubbish Steve spouts most of the time.

FF updated silently this morning... I'm now safe from this bug. Care to tell me when other browsers will be fixed?

0
0

@Northern Monkey

you must be the only person i've ever heard complain of this.

0
0
Anonymous Coward

Same old same old

lets face it. Firefox is just as bug riddled and insecure as IE. Don't try and dirty the water by talking about old versions of IE from history. In the case we may as well talk about the bugs in old versions of Netscape and Mozilla as current fact too.

These people pour bile over every other browser yet won't face the fact that their own is and always has been full of holes and has also become slow and bloated in just four short years. Though not as bloated as the bank balances of the people who work there. I wonder how they're changing their lifestyles in the wake of the recession. Hmmmm.

And it's not even as if it has a strong record on standards support. It was the last browser other than IE to pass the Acid2 test in a public release. That's like a failed athlete showing off about running faster than a man in a wheelchair. And as for Acid3... [tumbleweed]

Switch to IE8 for an easier life or one of the other browsers if you have an angry bee in your bonet about standards and security.

0
0
WTF?

Another 3.5x release?

That's 2 in 2 weeks...

No wonder they managed to get to 1bn downloads so quick, the number of releases due to security vulnerabilities....

0
0
Unhappy

@Greg J Preece

You say me an "idiot" which is not very nice from you.

Why you take it granted that he is more safe because they fix the bugs quicker and more often? How about it is only necessary to fix so many times because they are many more security vulnerability in the beginning? It is not enough to just say what you say - my logic is equal and valid so I am not an idiot like you say.

Who are the people who "it is considered far more secure" like you say? I see lots on the board here who do not agree - perhaps they call you idiot too?

Anyways you are not a nice person I think.

0
1
Flame

@Bob Gateaux

You're either a troll, an idiot, or both.

"they are many more security vulnerability in the beginning" Okay then, prove it - after all, in your own words, "It is not enough to just say what you say".

Anyway, if you weren't interested in using Firefox, why did you read this thread, let alone respond to it?

0
0
Coat

@ Same Old Same Old

There's no muddying of the waters at all.

Face the facts! Whether FF has as many bugs is irrelevant, the reason IE is less secure is that it is far and away the most widely TARGETED browser.

Which is less secure, a car with both doors unlocked while sitting in an unlocked barn in your back yard, or a car with only one door unlocked sitting in a shopping center parking lot?

IE users have always been, and for the next few years of MS OS dominance will continue to be, far far less secure and we haven't even considered the extra configurability, limitations in features that add to security from FF add-ons.

If you're used to using IE or forced to, good luck to you because it and the associated Outhouse Express are both still the most prevalent way that malware spreads. It could be claimed that it's because more people use this software but once again we're back to that being the reason why these softwares' flaws are targeted, and actually, exploited.

Being open and quick with fixes instead of sitting on them for over a year like MS has done till something is propagating the web and forcing their hand is the right way to minimize vulnerability.

Ever heard of "Patch Tuesday"? Note to Microsoft: If I wanted you to sit on patches, I'd bloody well ask you to. Let's apply that to other areas of life. How about "Bathing Saturday" or "Eating Wednesday"?

I'll get my coat, I've a lot more to write on Text Tuesday.

0
0
This topic is closed for new posts.

Forums