Feeds

back to article Mozilla ships first security update for Firefox 4

Mozilla has issued the first ever security update for Firefox 4.0, including a fix for two chunks of code that allowed attackers to override a key security protection baked in to recent versions of the Windows operating system. The slip up in the two WebGLES graphics libraries, which Mozilla added to the latest version of the …

COMMENTS

This topic is closed for new posts.
WTF?

"The First Ever"

So? Are we supposed to break a bottle of champagne over it?

There are going to be many such updates: just, this is number one. No big deal.

0
1

Garbled

"including one in the XSLT generate-id() function heap"

There's no such thing as a function heap. The actual description is "XSLT generate-id() function heap address leak" which means revealing a heap address in the generate-id() function.

1
0
Anonymous Coward

Q/A what the hell is that!

With an application that's deployed as widely as Firefox, surely their code goes through some kind of Q/A process? I would have hoped that the process checks for more than simply a successful compilation.

2
2

ASLR

It's not clear from your article, but ASLR has been available on "other platforms" (specifically Linux and OpenBSD) since 2005, and is routinely used when compiling all programs including Firefox. Microsoft were late to the game.

0
0
M.A
Unhappy

firefox losing it?

Firefox was renound for being the most secure browser i hope this not going to tarnish that too much.

0
1

release notes

url for release notes:

http://www.mozilla.com/en-US/firefox/4.0.1/releasenotes/

https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status2.0%3A.1-fixed

fairly sure in my guessing that their 'update' built in feature of firefox is a fairly robust download manager - yet still there is no effective download manger in ff4.

I am glad to see the bug whereby 'pdfs larger than 5mb not being viewable' is marked as being fixed.

0
0
Silver badge

And...

..."World Biggest Pac Man" still doesn't work. Who's to blame? MS for not sticking to the proposed-Standards, or Mozilla for not correctly implementing same?

0
0
This topic is closed for new posts.