'on a special Valentine's Day edition of Patch Tuesday'
scared me a bit there, booked McDonalds for Thursday..
Firefox updates, blitzes trio of critical bugs
Mozilla pushed out a new update of Firefox on Thursday that fixes ten security vulnerabilities, three of which are deemed critical. The trio of critical patches for Firefox 2.0.0.12 variously fix vulnerabilities including web browsing history and forward navigation stealing bugs; a privilege escalation flaw that creates a …
-
Friday 8th February 2008 22:52 GMT Rick Stockton
Nice of mozila.org to publish fixes WHEN IT'S READY,
instead of "holding it back" and leaving users vulnerable for additional days or weeks (as Microsoft does). As Microsoft does. I guess it saves them lots of money to update their "Windows Update" process only once a month, instead of doing it as needed.
My roughly-equivalent Linux feature, "Mandriva Online", checks for and finds updates every few hours-- for EVERYTHING, including application programs. Much Faster and Nicer to use, too-- a regular User can run it with their limited permissions password, being restricted only to the Update Sources which I have defined as being appropriate for automatic updates.
- - - - -
This all leads to the question, is Microsoft Windows really ready for the desktop? Their whole software maintenance design and implementation is a God-danged mess, and doesn't even handle any applications at all.
-
Saturday 9th February 2008 23:58 GMT suc
Firefox 2.0.0.12 is still vulnerable to directory trasversal flaw!
Firefox 2.0.0.12 is still vulnerable to directory trasversal:
"don't patch vulnerabilities
for fifty percent, take the time and fix the cause. Because directory
traversal through plugins is all nice and such, we don't need it. We
can trick Firefox itself in traversing directories back. I found
another information leak that is very serious because we are able to
read out all preferences set in Firefox, or just open or include about
every file stored in the Mozilla program files directory, and this
without any mandatory settings or plugins."
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060156.html
/*
@name: Firefox <= 2.0.0.12 information leak pOc
@date: Feb. 07 2008
@author: Ronald van den Heetkamp
@url: http://www.0x000000.com
*/
pref = function(a,b) {
document.write( a + ' -> ' + b + '<br />');
};
</script>
<script src="view-source:resource:///greprefs/all.js">
</script>
-
Tuesday 12th February 2008 22:02 GMT Chris
@Rick Stockton
'"Windows Update" process only once a month' - well to be fair, it's once a week - hence Patch Tueday. And occasionally they do release very important patches outside of this scheme.
People seem to get ridiculously protective over this - it's only a browser. ALL of them have security holes and incompatibilities. The only reason why Firefox was any more secure when it first started was becuase no-one was using it. Why would hackers bother? As it's gained popularity (Just like OS-X) more and more hackers have found ways of exploiting it.
People are very quick to slate Microsoft over these kind of issues, despite the fact that Windows has to cope with an incredible range of software and hardware configurations, and a massivley higher level of hackers turning their attentions to it. Don't get me wrong - I think Windows and Microsoft generaly are pretty pony, but Windows and IE still own a huge majority of the market (80%-90% for windows, 65% ish for IE) and that makes it a lot harder for them.
I'm sure most of us can agree, if nothing else, if you keep your copy of any browser up to date, and don't visit any really dodgy sites (and have some AV etc.) you'll be fine.
This topic is closed for new posts.
Biting the hand that feeds IT
