Mozilla has issued the first ever security update for Firefox 4.0, including a fix for two chunks of code that allowed attackers to override a key security protection baked in to recent versions of the Windows operating system. The slip up in the two WebGLES graphics libraries, which Mozilla added to the latest version of the …
"The First Ever"
So? Are we supposed to break a bottle of champagne over it?
There are going to be many such updates: just, this is number one. No big deal.
"including one in the XSLT generate-id() function heap"
There's no such thing as a function heap. The actual description is "XSLT generate-id() function heap address leak" which means revealing a heap address in the generate-id() function.
Q/A what the hell is that!
With an application that's deployed as widely as Firefox, surely their code goes through some kind of Q/A process? I would have hoped that the process checks for more than simply a successful compilation.
It's not clear from your article, but ASLR has been available on "other platforms" (specifically Linux and OpenBSD) since 2005, and is routinely used when compiling all programs including Firefox. Microsoft were late to the game.
firefox losing it?
Firefox was renound for being the most secure browser i hope this not going to tarnish that too much.
url for release notes:
fairly sure in my guessing that their 'update' built in feature of firefox is a fairly robust download manager - yet still there is no effective download manger in ff4.
I am glad to see the bug whereby 'pdfs larger than 5mb not being viewable' is marked as being fixed.
..."World Biggest Pac Man" still doesn't work. Who's to blame? MS for not sticking to the proposed-Standards, or Mozilla for not correctly implementing same?