Firefox 0.10.1 Released, Fixes Security Hole

_xeno_ writes "Firefox 0.10.1 was released today to fix a security flaw that could potentially allow a malicious site to erase files from the user's Download directory. If you already have Firefox 0.10 installed, you can go to Tools, Options, and choose Advanced, go to Software Updates and choose Check Now to grab the patch."

done already!

[tuggy]

upgrade done in 3 seconds!
this is what i call being secured :D

Re:Am I the only one . . . .

[wongn]

It is quite confusing. I believe that 1.0PR was called 0.10 in order to distinguish it better from 1.0RCs and above. THe program actually calls itself "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1", as in 0.10.1, but the "laymans" name is 1.0PR... you could say ;)

Re:These hurt...

[kryptkpr]

You must not be aware that the mozilla foundation has put out a bounty where they reward security researchers $500 for finding critical remotely-exploitable vulnerabilities and reporting them.

What you're seeing are the results of this program.. people are finding bugs, submitting them, and the bugs are being fixed before blackhats can exploit them.

This is a very wise decision on the part of Mozilla considering how close they are to a v1.0 release.

Probable bug . . . .

[theparanoidcynic]

I ran this thing last night forgetting that Firefox was installed to a location that user accounts can't write to.

Seeing the error mesage and remembering this fact I lit Firefox as root and ran the update. This left Firefox mangled and incapiable of downloading things from the user accounts.

The moral of the story: do be careful using the update thingy. Now, off to fill out a bug report.