Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security-Updated Versions Of Mozilla Released

Posted by simoniker on from the guard-dogs-at-the-ready dept.

petabyte writes "As mentioned in this Mozillazine article, there are new versions of the Mozilla Suite (1.7.2), Mozilla Firefox (0.9.3) and Mozilla Thunderbird (0.7.3) available. They address 4 security bugs (linked from the Mozillazine article). Unlike Firefox 0.9.2, these can't be fixed with just a XPI upgrade, so you'll have to download a new binary and install."

3 of 375 comments (clear)

  1. Re:Grumble Grumble by steeef · · Score: 5, Informative

    Installing over the old version often works, but sometimes not.

    If not, I usually save my plugins, delete the directory, install, then copy my plugins. My settings, bookmarks, and skins are all in my profile, and I haven't had to delete/recreate that in a while.

    It sounds like you're just being too careful.

  2. Re:Does this mean that . . . by NeoThermic · · Score: 5, Informative
    Really? His ass must be very correct:

    Internet Explorer 6 Service Pack 1

    I quote:
    Windows Me:
    32 MB of RAM minimum
    Full install size: 8.7 MB

    Windows 2000:
    32 MB of RAM minimum
    Full install size: 12.0 MB

    Windows 98 Second Edition:
    16 MB of RAM minimum
    Full install size: 12.4 MB

    Windows 98:
    16 MB of RAM minimum
    Full install size: 11.5 MB

    Windows NT 4.0 with the high encryption version of Service Pack 6a and higher:
    32 MB of RAM minimum
    Full install size: 12.7 MB

    Windows XP:
    32 MB of RAM minimum
    Full install size: 12.0 MB

    Thats just *one*, and its larger than the 5MB 0.9.3 release.

    NeoThermic
    --
    Use my link above, or to view my server, NeoThermic.com
  3. The actual vulnerabilities by Anonymous Coward · · Score: 5, Informative
    Copy & Paste, Bugzilla hates us:

    http://bugzilla.mozilla.org/buglist.cgi?bug_id=251 381,249004,250906,253121

    • Importing false CA certificate leading to error -8182 (perm DoS), especially exploitable by email
    • null (%00) in filename fakes extension (ftp, file)
    • new libpng buffer overflow vulnerabilities
    • lock icon and certificates spoofable with onunload document.write


    IE catches shit for 2 out of the 4 bugs.

    libpng buffer overflow - a lot of bitching goes on around here with regards to "OH M$ EVEN HAD AN OVERFLOW IN BMP HANDLING IN IE!!!"

    null (%00) in filename fakes extension (ftp, file) - Variation of this got IE in trouble...