IMPORTANT Security Update for Firefox 1.0PR

Shagga · Oct 2, 2004

Check out Warp2Search for the ditty.

[edit]

Mozilla News Update and the Direct Patch

Important Security Update for Firefox Available

October 1, 2004. The Mozilla Foundation releases an important security update for Firefox. All users should upgrade to the latest version of the Firefox Preview Release. A patch is available for current Preview Release users.

Download information:

* Visit the Firefox homepage to download the latest version of Firefox Preview Release (Firefox 0.10.1)
* Current Firefox Preview Release users: when the update icon () appears in the upper right corner of your screen, just click on it to install the patch, or click here to install it.

Questions & Answers:

*

How does this security vulnerability expose the user?

A malicious hacker who could trick a user into saving a file could delete files from a user's download directory.
*

How serious is this vulnerability?

While this is a potentially severe security vulnerability, user interaction is required to trigger potential harm. This security update is also another example of the Mozilla Foundation identifying and fixing security vulnerabilities before they are exploited by malicious hackers. This type of security vulnerability is very different from cases where a hacker could take advantage of a vulnerability to obtain valuable information from a user's computer.
*

Doesn't this case illustrate that all browsers are equally insecure?

The Mozilla Foundation continues to have a very strong track record on security. According to Secunia, an independent security monitoring organization, Firefox currently has 1 open security issue, out of a total of 13 security advisories filed in 2003 and 2004. 0% of these are labeled "extremely critical", 15% are labeled "highly critical". For the same period, Secunia lists 16 open security issues out of 44 advisories for Internet Explorer 6.0, 14% of which are labeled "extremely critical", 34% are "highly critical".

Shagga · Oct 2, 2004

Bump for the afternoon crowd...

igowerf · Oct 2, 2004

Thanks. Just applied it.

Lonyo · Oct 2, 2004

I saw the little "updates available" thing in the top right and downloaded the fix.
I like that feature. It's not intrusive like the MS Windows update.

Koing · Oct 2, 2004

Done.

Thanks.

Koing

jonmullen · Oct 3, 2004

bump thanks

Sid59 · Oct 3, 2004

ooh thanks. i actually got around to updating FF on my 2nd PC and gf's PC. The PR from today covered it.

thanks again.

XBoxLPU · Oct 3, 2004

been using mozilla 1.7 lately

I guess I will go back to FireFox once 1.0 is out

thanks anyway though

Bateluer · Oct 3, 2004

How do you apply the direct patch since the auto DL/Install doesn't work for me? Windows doesn't recognize and xpi file.

erikistired · Oct 3, 2004

try downloading the xpi and installing it thru firefox extensions maybe.

jfall · Oct 3, 2004

Originally posted by: Bateluer
How do you apply the direct patch since the auto DL/Install doesn't work for me? Windows doesn't recognize and xpi file.

tools > options > web features > allow websites to install software -- do you have this checked?

Bateluer · Oct 3, 2004

Originally posted by: jfall

Originally posted by: Bateluer
How do you apply the direct patch since the auto DL/Install doesn't work for me? Windows doesn't recognize and xpi file.

Click to expand...

tools > options > web features > allow websites to install software -- do you have this checked?

Seems to work thru the auto update when I check it.
I usually keep it unchecked. Since the Red alert marker is now gone and the version is listed as .10.1, it looks like its installed now.

XBoxLPU · Oct 3, 2004

I also think you can download the XPI, highlight the file, and then drag and drop the XPI into Firefox....

Hadsus · Oct 3, 2004

Thanks for the heads up........now if I may bitch and whine.....the Mozilla peeps need to organize their Firefox web pages better. Go to http://texturizer.net/firefox and try to find any news on the patch. Or go to http://www.mozilla.org/products/firefox/index.html for any news. Spinach! Not there. I've always had trouble finding what I've wanted through their web pages.

Mitzi · Oct 4, 2004

Thanks for the heads up.

rh71 · Oct 4, 2004

damn I thought this thing was superior to IE !!!!!!!! WTF is the point if I still have to patch it just the same ???

<-- goes back to IE.

(FF fanboys can save it... I just like to poke fun when I get the chance) ... updating FF now. :|

rh71 · Oct 4, 2004

Umm... the XPI doesn't do the upgrade. It brings up a box for DOM Inspector and the first time it said "download error" ... the second time it doesn't even do anything when I click update. mozilla.org doesn't even have 1.01 or 0.10.1 (whatever they feel like calling it) for download right now. Free Download points to 1.0PR.exe still... unless that is 1.01. I have a better idea... why don't they make this harder for us ?

Shagga · Oct 4, 2004

As I understand it the 1.0PR.exe files has been updated. So, in theory you could just DL the full thing again. :frown:

Search

IMPORTANT Security Update for Firefox 1.0PR

Shagga

Diamond Member

Shagga

Diamond Member

igowerf

Diamond Member

Lonyo

Lifer

Koing

Elite Member <br> Super Moderator<br> Health and F

jonmullen

Platinum Member

Sid59

Lifer

XBoxLPU

Diamond Member

Bateluer

Lifer

erikistired

Diamond Member

jfall

Diamond Member

Bateluer

Lifer

XBoxLPU

Diamond Member

Hadsus

Golden Member

Mitzi

Diamond Member

rh71

No Lifer

rh71

No Lifer

Shagga

Diamond Member

TRENDING THREADS