Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 0.10.1 Released, Fixes Security Hole

Posted by CowboyNeal on from the hole-in-the-dam dept.

_xeno_ writes "Firefox 0.10.1 was released today to fix a security flaw that could potentially allow a malicious site to erase files from the user's Download directory. If you already have Firefox 0.10 installed, you can go to Tools, Options, and choose Advanced, go to Software Updates and choose Check Now to grab the patch."

24 of 441 comments (clear)

  1. Re:This may sound stupid... by rixdaffy · · Score: 3, Funny


    well, it would be quite frustrating if your download directory is your Desktop, homedirectory or any other place where you keep other files too.
    not to mention all the pron you have to download again :-) j/k

    Ricardo.

  2. Helpful bug by Ford+Prefect · · Score: 5, Funny

    ...could potentially allow a malicious site to erase files from the user's Download directory

    My download directory in Windows is my desktop. Have you seen my desktop? It's a fairly old screenshot, too - it's only got worse since then. My iBook's equally bad, except everything's just randomly strewn around the place...

    A bit of remote tidying-up would be greatly appreciated. :-)

    --
    Tedious Bloggy Stuff - hooray?
    1. Re:Helpful bug by ChairmanMeow · · Score: 2, Funny

      must... delete... desktop icons....

      --
    2. Re:Helpful bug by Uerige · · Score: 5, Funny

      You should try the following: 1. Click on your Desktop. 2. Take a deep breath. 3. Press Ctrl-A, followed by Enter Voila -- Your computer just exploded. No more cluttered desktop.

  3. Re:This may sound stupid... by LurkerXXX · · Score: 5, Funny

    Does it matter? My pr0n! All my precious pr0n!!!

  4. Re:luckily for me... by hattig · · Score: 3, Funny

    I'd hope that the update mechanism was a little more secure than "Hi! I'm the firefox update server, honest!" ...

  5. Re:Version numbers seem odd? by Anonymous Coward · · Score: 2, Funny
    This isn't really that confusing if you understand the new Firefox naming algorithm, which was implemented with one line of Python:

    version = ''.join([random.choice('10.') for x in range(random.randrange(10))])

    At each release point, this algorithm will be run and the version will be numbered accordingly.

  6. Re:done already! by panamahank · · Score: 2, Funny
    It seems to me an upgrade all the way to V1.0 would be the right way to go. Isn't V0.10.0 pretty damned old?

    BTW, I tried to follow the upgrade instructions, but apparently the exploit doesn't affect the Linux version, so you folks might want to consider an OS upgrade while you're at it.

    --
    Serial Meta Moderator
  7. Re:done already! by Epistax · · Score: 5, Funny

    I must admit I/it fumbled. I went to the mozilla website as posted in the subject and hit the "click here". What happened? A funny bar appeared near the top saying that Firefox protected me from the website. Luckily there was an options button which allowed me to add www.mozilla .org as a trusted site and it was all very obvious to me, but it won't be obvious for my parents (who I switched to Firefox).

  8. Don't upgrade by pestario · · Score: 5, Funny

    "...a security flaw that could potentially allow a malicious site to erase files from the user's Download directory."

    I would consider this a feature more than a bug. It's like someone breaking into your house and taking out the garbage for you...

    --
    :n
  9. help is on the way! by Anonymous Coward · · Score: 1, Funny

    sure... ip address?

  10. Though a much more serious bug remains unfixed... by tippergore · · Score: 5, Funny

    They still have yet to fix a much more serious bug.

    Just because most of us don't live in South America doesn't mean it isn't huge problem.

  11. Re:Though a much more serious bug remains unfixed. by tippergore · · Score: 3, Funny

    Sorry, links to Bugzilla from Slashdot are disabled.

    ooh, bugzilla you sassy wench

  12. Re:This may sound stupid... by Transcendent · · Score: 2, Funny

    But what exactly is the worry here? It deletes files in your download directory? Does that really matter?

    ...you don't download to C:\, do you?

  13. Re:Too Complicated? by Roguelazer · · Score: 4, Funny

    You mean something more accessible like a flashing red light that says "A critical security update is available", and appears in an easily visible place? Darnit, why didn't they think of that?

    --
    My Systems
  14. Re:but which idiot deciced... by Splinton · · Score: 3, Funny

    Isn't it great using the words "idiot" and "deciced" in the same subject?

  15. Re:done already! by XMyth · · Score: 2, Funny

    Hey! What the hell is wrong with you? Don't listen to Mozilla! Listen to the Slashdot poster, dumbass.

    Seriously though, I didn't have the problem you stated...I wonder what caused it and why it affected you and not me? It happened as soon as you clicked the link or when you tried to update? If it was when you tried to update, did you ever alter the list of sites that Firefox can install software from?

  16. Re:Am I the only one . . . . by jack_csk · · Score: 3, Funny

    Ya know, those dudes at Mozilla might be using hex instead of decimal, i.e. Firefox 1.0 == Firefox 0.16

  17. Re:defending this post worth loosing karma by FearUncertaintyDoubt · · Score: 4, Funny
    Again, kertrats was ASKING A QUESTION, NOT INSULTING THE GECKO GOD OF MOZILLA AND OPEN SOURCE.

    The Gecko God of Mozilla and Open Source is a jerk. A complete kneebiter. Thanks for your time. Now I'm off to see Gentoo. Later.

  18. Re:Explaining 0.10.1 by Clueless+Moron · · Score: 2, Funny
    First of all, because Firefox performs so well people tend to forget this is still beta-software!

    Hmm. Can I report it as a bug that Firefox is not behaving like beta software should?

  19. Re:This may sound stupid... by cyfer2000 · · Score: 2, Funny

    Would the hacker help me remove the big blue E from my desktop?

    --
    There is a spark in every single flame bait point.
  20. No, not Firefox too!! by SuperTrozTX · · Score: 2, Funny

    I thought Bad Microsoft was the only one who let me unprotected from the bad people! Firefokz has security flaws too??? OHMYGOSH!!! I though Linuz was impenetrable and perfect!! I'm hit!!! ohhhh! I'm melting.... I'm melting!! What a world...

  21. Re:done already! by The+Snowman · · Score: 3, Funny

    Of course, Microsoft could make an option within IE to scan for IE-only updates, which would make updating IE much faster, but they don't.

    What is the point? Since IE is integrated into the operating system, updates require reboots even under Windows XP which is a lot better with regards to rebooting than previous versions. Anyway, even if the actual update is faster, you would still have to wait for the reboot.

    I just updated Firefox in less than ten seconds, and I did not have to restart the browser, certainly not the entire operating system (Windows XP in this case).

    --
    24 beers in a case, 24 hours in a day. Coincidence? I think not!
  22. Re:done already! by Feztaa · · Score: 2, Funny

    Well, she never uses bookmarks or favorites. Only what I give to her on the link toolbar (both IE and mozilla have it in the same place, so she didn't really notice the change).

    As for the icons, well, it says "Mozilla" in the titlebar and she hasn't noticed that, either. I could probably give her firefox with a mozilla theme and she wouldn't notice. If she asks I'll just say there was an important system update or something.