| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Mozilla Patches 10 Firefox Bugs | |
|
||
| Time: 15:18 EST/20:18 GMT | News Source: InformationWeek | Posted By: Robert Stein | ||
|
Mozilla patched 10 Firefox vulnerabilities late Tuesday, seven of them marked "critical," but left a password-spilling bug unresolved. Firefox 2.0.0.1, the first update since the October debut of Firefox 2.0, fixes 10 flaws while 1.5.0.9 patches nine. Both Firefox 1.5.x and 2.x will alert their users that an update is ready to install, but impatient users can download the fixes from the Mozilla Web site. According to the security advisories posted by Mozilla, the updates quash bugs in the layout and JavaScript engines, Firefox's implementation of SVG (Scalable Vector Graphics) comment objects, and LiveConnect, the bridge code that allows Java applets and Web-based JavaScript to communicate. Some of the vulnerabilities were also present in Mozilla's ThunderBird e-mail client and the SeaMonkey suite, which have been updated to 1.5.0.9 and 1.0.7, respectively. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 162 Last | Next |
The time now is
9:59:05 AM
ET.
Any comment problems? E-mail us |
| #1 By 32132 (142.32.208.232) at 12/20/2006 4:00:16 PM |
|
"the 1.5.x line will be maintained with security fixes only until April 24, 2007"
Thats not much of a support life cycle. 6 months and you are toast. |
| #2 By 32132 (142.32.208.232) at 12/20/2006 4:09:40 PM |
|
44 Critical in 1.5.x and 2.x for the year. Plus a few for 1.x.
Not a good track record at all. |
| #3 By 3653 (68.52.143.149) at 12/20/2006 5:53:26 PM |
| [cricket chirp] |
| #4 By 15406 (74.104.251.89) at 12/20/2006 7:51:30 PM |
|
#1: Oh noes! In 6 months, you can either "be toast" (whatever that means) or upgrade to 2.x. The horror!
#2: At least they get fixed. btw where's the fixes for last weeks three, count 'em, THREE own-your-box Word holes that PassiveWin STILL hasn't mentioned even though they've been all over the net for the past week? But don't worry; MS recommends that you just not open any Word documents. Problem solved. |
| #5 By 32132 (64.180.219.241) at 12/20/2006 11:09:41 PM |
|
#4 Yes. The horror. Especially if you deployed it on thousands of machines in a business. Now you have to visit them all and upgrade by some means.
"At least they get fixed" Not quite: "But a Firefox bug first reported Nov. 22 hasn't been fixed. The vulnerability, which Danish security tracker Secunia pegged as "less critical," could let attackers hijack passwords from Firefox sessions. Secunia has recommended that users disable the browser's automated password saving feature until a patch is produced. " Whats a little password sharing between friends? "MS recommends that you just not open any Word documents." Well, you shouldn't download any that you find laying around on the internet no matter whether there is a word vulnerability or not. Most decent anti-virus companies already have the capability of nullifying buffer overflow attacks like the Word vulnerabilities. |
| #6 By 23275 (68.17.42.38) at 12/21/2006 12:58:36 AM |
|
Over on kiss my ARS technica, the hedline for Moz/FF's security patches reads a modest and sober, "Firefox and Thunderbird get upgrades" - sounds happy - puppy happy, even.
Elsewhere, any Microsoft update of any kind usually reads, "The Vole finally got around to issuing 11, count em, 11, crtitcal, own your box, family, wife, home, instant drive by death, vulnerabilities responsible for the killing of millions of blind children..." Over on Apple, the headlines are listed as a responsbile and accurate, "Apple issues security update." Not as puppy happy as the Moz/FF pass, but just as accurate. Back over in the bay area mind warp, MS Word's unpatched vulnerabilities are being really over-blown and tied to all things Microsoft, er... bad, evil, and wicked. Cacel Christmas folks, software, yet again, has proven to have flaws. And roads never get potholes and paint never fades and I didn't, oh no I didn't, just have to drop 233 bucks on a new lamp for my DLP TV. "Daffy Bastards" being one of course, it has to be that others just might be at least half as daffy, and not less than twice as daffy as one would have to be to actually get tanked by these latest Word vulnerabilities. An unprotected person would have to, twice, count em, twice, willfully, purposfully, intentionally, with glee, abandon and a truly wreckless spirit, open and acknowledge "Dear God in Heaven Don't open this" messages, before one would, "get owned" - as I am sure a percentage of at least twice as daffy people as I am will and the SPAM filters will once again prove their worth. So, so those of us that control this, let's all admin down our "Scan Attachments" "Scan Inside Compressed Files" "Block Known Bad File Types" settings at every one of multiple levels that we perform these checks and all validate all the alarmist statements for them. Let's all make these, declarations true and prove just how daffy the bastards at Microsoft truly are - baby killing voles that they surely must be... how dare they write software and charge money for it.. Personally, taking down all the protections we have in place isn't enough.. no way.. we're hiring a platoon of puppy carrying cub scouts and midget wrestlers to go out and secretly uninstall all antivirus software from all computers world-wide. Yeah, that'll fix em. While we're at it let's dump and forever, swear off the use of anti-biotics, pesky "lectrical" conveniences and indoor plumbing. |
| #7 By 15406 (74.104.251.89) at 12/21/2006 8:47:27 AM |
|
#5: Of course, it's not the same at all when we're talking about upgrading millions of IE6 users to IE7, or XP to Vista, or Office 2003 to Office Whatever-it's-called-now. But Firefox 1.5 to 2.0 is the end of the world.
|
| #8 By 13030 (198.22.121.110) at 12/21/2006 9:14:09 AM |
|
#5, my Firefox installs just said there is an update available, click to download and install. I did that and chose to restart Firefox later.
"Well, you shouldn't download any that you find laying around on the internet no matter whether there is a word vulnerability or not." Just as you shouldn't have password saving enabled either. Only a buffoon opens strange word documents. Only a buffoon uses password saving in a browser. #6, Whew! Time for a smoke break after that rant... #7, don't disturb the MS cash cow of endless, unnecessary upgrades! I still have either Office 97 or Office 2000 running on my machines at home. They both work just fine and have all the necessary features. |
| #9 By 32132 (64.180.219.241) at 12/21/2006 10:26:21 AM |
|
"my Firefox installs just said there is an update available, click to download and install. I did that and chose to restart Firefox later. "
Good for you. But I don't give admin access to users of the PC's I support. Therefore they don't have the rights to install new versions of apps. I would have been annoyed to find out upgrading to FF 2.0 is no longer an option, but is being forced upon me so quickly. |
| #10 By 23275 (68.17.42.38) at 12/21/2006 10:55:48 AM |
|
#7, I knew that was going to said, but there is a reality that has to be addressed - people cannot have it both ways -
The Technically Literate cannot simultaneously say that Firefox rules; Firefox is the browser of choice; Firefox is used by the Technically Literate and it will dominate all things, including Internet Explorer and Microsoft, and then when it does get hit with inevitable and certainly expected, updates, that it somehow matters less, because it isn't installed as broadly and it has much less of an impact than Microsoft software. Both positions cannot be concomitantly held out as being factual - especially when neither is at all supported by fact. Any questions about browser preference really come down to one question - what are developers of websites doing that a browser of a particular manufacture can support? If they are essentially the same for both Firefox and IE, then the question passes to how enterprises are leveraging these browsers to the benefit of their concerns - where IE, by virtue of its integration, may be more easily managed as #9 points out. |
| #11 By 3653 (68.52.143.149) at 12/21/2006 8:21:51 PM |
| latch-and-2-lumps-of-sugar, please continue to DEFEND. The more you say, the more we don't have to. Your blind, closed-mindedness is convincing to those reading your rants. My friend... quite simply... you are hurting your cause. |
| #12 By 32132 (64.180.219.241) at 12/21/2006 10:45:32 PM |
|
#7 "Of course, it's not the same at all when we're talking about upgrading millions of IE6 users to IE7, or XP to Vista, or Office 2003 to Office ... "
IE6 on XP SP2 will be supported until 12 months after XP SP3 comes out. XP Pro will be supported for 5 years after the release of Vista. Office 2003 will be supported until January 13, 2009. Do you see the difference? |
|
Write Comment
Return to News |
Displaying 1 through 25 of 162 Last | Next |
The time now is
9:59:05 AM
ET.
Any comment problems? E-mail us |
