Problems with Firefox
Eight Gun Fighter
Thread Starter
Join Date: Apr 2000
Location: Western Approaches
Posts: 1,126
Likes: 0
Received 0 Likes
on
0 Posts
Problems with Firefox
Critical flaws found in Firefox
Firefox has just celebrated its 50 millionth download
The Mozilla Foundation has said it is "working aggressively" to fix two flaws in its open source Firefox browser.
The vulnerabilities, reported on Saturday, were identified as "very critical", but no cases had been reported of them being exploited.
Several security firms identified the flaws which could let websites run malicious code on a person's computer.
Mozilla has responded by changing its update service and says people should temporarily turn off JavaScript code.
Manual downloads
The first flaw reported fools the browser into thinking software is being installed by a legitimate, or safe, website.
The second flaw happens when the software installation trigger does not properly check icon web addresses which contain JavaScript code.
A hacker could potentially take advantage of the security flaws to secretly launch malicious code or programs.
Mozilla advised people to download add-ons to its software manually from the Foundation's site.
Danish security firm Secunia said called the flaws "extremely critical" because cookie and history information could be used to get access to personal information or gain access to sites previously visited.
The Mozilla Foundation, which developed the browser, said it was working hard to provide a comprehensive and more permanent fix for the problems.
BBC
Firefox has just celebrated its 50 millionth download
The Mozilla Foundation has said it is "working aggressively" to fix two flaws in its open source Firefox browser.
The vulnerabilities, reported on Saturday, were identified as "very critical", but no cases had been reported of them being exploited.
Several security firms identified the flaws which could let websites run malicious code on a person's computer.
Mozilla has responded by changing its update service and says people should temporarily turn off JavaScript code.
Manual downloads
The first flaw reported fools the browser into thinking software is being installed by a legitimate, or safe, website.
The second flaw happens when the software installation trigger does not properly check icon web addresses which contain JavaScript code.
A hacker could potentially take advantage of the security flaws to secretly launch malicious code or programs.
Mozilla advised people to download add-ons to its software manually from the Foundation's site.
Danish security firm Secunia said called the flaws "extremely critical" because cookie and history information could be used to get access to personal information or gain access to sites previously visited.
The Mozilla Foundation, which developed the browser, said it was working hard to provide a comprehensive and more permanent fix for the problems.
BBC
(a bear of little brain)
Join Date: Aug 2001
Location: 51 10 03.70N 2 58 37.15W
Age: 75
Posts: 273
Likes: 0
Received 0 Likes
on
0 Posts
Rollingthunder.
Do you have a version number for the patch?
I downloaded an update to firefox last weekend, do you know if that would have the fix? (can't remember offhand what the new version number is).
Do you have a version number for the patch?
I downloaded an update to firefox last weekend, do you know if that would have the fix? (can't remember offhand what the new version number is).
Mozilla have now (12th May) released a new version (V1.0.4) which covers the problems with earlier versions. The advice is to download and install it ASAP.
Errors in the earlier versions are discussed here
Apparently they are not going to release details for a few days.
I've just done it and it seems to work fine.
If you have the appropriate box checked (Tools/Options/Advanced/Software updates) you will get a small red triangle in the top right-hand corner of the screen, next to the circle of grey dots, when an update is available. Click on that and you will initiate the download. When you have installed it you may find that the triangle is till there. Click on it again and it will tell you that there are no new downloads and it will then disappear(!).
GG
Errors in the earlier versions are discussed here
Apparently they are not going to release details for a few days.
I've just done it and it seems to work fine.
If you have the appropriate box checked (Tools/Options/Advanced/Software updates) you will get a small red triangle in the top right-hand corner of the screen, next to the circle of grey dots, when an update is available. Click on that and you will initiate the download. When you have installed it you may find that the triangle is till there. Click on it again and it will tell you that there are no new downloads and it will then disappear(!).
GG
(a bear of little brain)
Join Date: Aug 2001
Location: 51 10 03.70N 2 58 37.15W
Age: 75
Posts: 273
Likes: 0
Received 0 Likes
on
0 Posts
Interesting. I've got 1.0.3 loaded and just tried the 'check now' for the updates which came up with no new updates available. (15/05, 11:00).
Join Date: Sep 2002
Location: Chichester, UK
Posts: 1,650
Likes: 0
Received 0 Likes
on
0 Posts
alternatively www.getfirefox.com always has the latest version.
At some point recently it has gained the nice feature where if something tries to redirect you via a malformed URL (of the [email protected]/pprune.org variety) then it points out that you're actually going to hack.it rather than where you might have expected. If only IE/OE would do the same then it might help kill off these Phishing attacks
At some point recently it has gained the nice feature where if something tries to redirect you via a malformed URL (of the [email protected]/pprune.org variety) then it points out that you're actually going to hack.it rather than where you might have expected. If only IE/OE would do the same then it might help kill off these Phishing attacks
(a bear of little brain)
Join Date: Aug 2001
Location: 51 10 03.70N 2 58 37.15W
Age: 75
Posts: 273
Likes: 0
Received 0 Likes
on
0 Posts
Thanks, I'll get 1.0.4 this evening.
Just a bit surprised their version link points to a (not quite) latest release (RollingThunder did advise downloading an advance patch but GroundGripper seemed to indicate that this was now the official version).
Just a bit surprised their version link points to a (not quite) latest release (RollingThunder did advise downloading an advance patch but GroundGripper seemed to indicate that this was now the official version).
Join Date: Sep 1999
Location: Deepest Dark Afrika
Posts: 175
Likes: 0
Received 0 Likes
on
0 Posts
Full refresh - not just a patch!
Notice that version 1.0.4 is a complete new package, not just a patch to the existing 1.0.3 package.
I'm sure that the fact that Microsoft is wont to patch an existing installed package is the source of many woes -- when the patch doesn't quite work the way they think it will ...
Just a thought - Bravo Mozilla!
I'm sure that the fact that Microsoft is wont to patch an existing installed package is the source of many woes -- when the patch doesn't quite work the way they think it will ...
Just a thought - Bravo Mozilla!
