New Vulnerabilities Discovered in Firefox 1.0

← Back to Stories (view on slashdot.org)

New Vulnerabilities Discovered in Firefox 1.0

Posted by samzenpus on Wednesday March 2, 2005 @12:46PM from the protect-yourself-at-all-times dept.

jflint writes "Today, the security firm Secunia has released 8 more security vulnerabilities it has discovered in Mozilla products, including Firefox and Thunderbird. The exploits "could be used by criminals to spoof, or fake, various aspects of a Web site, ranging from its SSL secure site icon to the contents of an inactive tab.""

5 of 406 comments (clear)

Min score:

Reason:

Sort:

New Discovery? by fembots · 2005-03-02 12:47 · Score: 5, Interesting

Today, the security firm Secunia has released 8 more security bugs it has discovered in Mozilla products, including Firefox and Thunderbird. [......] If you have downloaded the Firefox 1.0.1 update, you have nothing to worry about

Firefox 1.0.1 update was out before today, so did Secunia just look at what 1.0.1 update fixes and release its "bug" report, or did they discover something new to 1.0.1?

--
Rock that crushes, Paper & Scissors that don't matter.
1. Re:New Discovery? by LnxAddct · 2005-03-02 14:42 · Score: 5, Interesting
  
  It is certainly good that people are looking out for bugs, but Secunia didn't find these. They just compiled a list of known bugs that were fixed in 1.0.1. Their site is supposed to be a consolidated source for finding vulnerabilites and researching the security of applications, which means whether or not they find the vulnerabilites, they report on them.
  Regards,
  Steve
Re:Firefox 1.0 doesn't tell you about 1.01 by Soldrinero · 2005-03-02 13:36 · Score: 5, Interesting

I also waited for Firefox to alert me that an update was available, both to be kind to the servers and to see how the update process worked. Yeasterday it alerted me to the update via a new icon next to the activity icon in the upper right of the window.

Interestingly, when I went through the update process, it downloaded and installed the full 1.01 package. Does anyone know if this is how updates will be done in the future, or if Mozilla will migrate to a patch system?

--
I would rather be killed by a terrorist than enslaved by my government.
SOP for Secunia... by Anonymous Coward · 2005-03-02 13:37 · Score: 5, Interesting

They released their list of major vulnurabilities in IE two days before MS released the update and months after they reported the problems originally.

They're just glory whores.
the real difference by IdentifiedDareDevil · 2005-03-02 18:37 · Score: 4, Interesting

(for me) isn't really the technology or the security. IE and firefox are really not that far apart in terms of bugs/features (yet).. the main difference to me is that one on hand, you have a greedy, monopolistic company working outside proper market forces - allowing it to decide when and how it improves its software (IE 6.0 released in Aug 2002 - what major sw app can get away with a 3 year major release cycle?) vs. Firefox/Mozilla - a grass-roots colaboration of people who are trying to make something significant and have fun at the same time.

The choice for me is not a lot different than choosing to live in the Soviet Union or the United States. I'd rather not eat the gruel (or browser) someone else thinks is all I deserve.