Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Updated to 1.0.4

Posted by Zonk on from the patching-the-fox-hole dept.

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

9 of 454 comments (clear)

  1. Re:Quick and serious on security by portwojc · · Score: 4, Insightful

    Yes excellent work.

    Hopefully the mainstream news sources I saw will report this just as they reported the problem. I'm not holding my breath though.

  2. Re:Many Eyes ? by ssj_195 · · Score: 4, Insightful
    They do, to an extent (but this does not magically prevent a product from *being released* without bugs), and yes it does, just like all software. It's worth noting that most (all?) of these bugs have been found precisely by these eyes that are looking over the code.

    Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.

  3. Yes, but ... by thinkfat · · Score: 5, Insightful

    ... as soon as the first proof of concept evolves into a worm, they will experience what it means to be deployed on millions of internet-connected pc's of clueless users.

    Rule #1: doesn't matter how fast you output a security update, if it's not being installed.

    Unfortunately it's not enough for an update to _exist_.

    1. Re:Yes, but ... by jbarr · · Score: 4, Insightful

      And therin lies the double-edged sword. Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's. Yet, in order to ensure security, an auto-update feature really becomes necessary. Of course, Microsoft and the Mozilla Foundation as companies are viewed with very different levels of "trusts." Unfortunatly, not everyone will be satisfied.

      Personally, instead of displaying the tiny unobtrusive update indicator as it currently does, I would love see Firefox do something like change the window color to red and display a system message dialog stating the problem with a link to the update. Maybe a good compromise?

      --
      My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
    2. Re:Yes, but ... by srleffler · · Score: 3, Insightful
      Unfortunately, many users didn't go find Firefox once. They had someone more technically oriented install it for them.

      The fact that Firefox security updates don't automatically install unless you notice and click on that red arrow in the upper right corner pretty much guarantees that a large fraction of copies will remain unpatched. When I've visited people for whom I installed Firefox 1.0 when it came out, I've noticed that none of them have noticed the red update icon or updated Firefox on their own.

      If users have to go and get updates, many machines will remain vulnerable to security holes.

    3. Re:Yes, but ... by Ogive17 · · Score: 3, Insightful

      I downloaded firefox as soon as it was "officially" released.

      Now I consider my knowledge of computers and software as advanced, but I'm definately not an expert. I found the interface to be less friendly than IE and trying to change options was a chore. Also, until 3 days ago, I didn't know how to automatically update Firefox until I saw someone mention clicking the red arrow on the top right portion of the window. Now, I had gone to mozilla.org and downloaded the latest versions on my own, but this was a hassle. And if "I" didn't know about the auto-update, my grandmother, parents, sister, brother, and a few friends I've turned to Firefox are not going to know either.

      Sometimes reading through /. posts, I am reminded of bleeding heart liberals or bible thumping conservatives with how people treat OSS to M$. People are annoyingly blinded by their dis-like for the other side that they cannot see the whole picture. Sure Firefox is great, but it's not perfect and IE still has some advantages.

      --
      "Action without philosophy is a lethal weapon; philosophy without action is worthless."
  4. news? by Errtu76 · · Score: 4, Insightful

    Disclaimer: I like firefox. I use firefox.

    Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:

    product | version | last update
    firefox | 1.0.4 | today

    1. Re:news? by globalar · · Score: 3, Insightful

      Most of the time, Firefox updates are not very important. However, the exploits which 1.04 fix were highly publicized.

      I saw many IT magazines, mostly targeted at management, with significant space (even a few covers) devoted to the exploit. It is an example of the Firefox (and Mozilla) team's committment that a patch came out so quickly. This is very important, as it shows open source products can compete in the very tough browser market.

      The progress of Firefox is now being watched by many - opponents and supporters alike. Firfox is under the spotlight and responding the serious issues - especially security, which has plagued IE - is crucial for the browser's future success. This is more about PR and brand recognition than security.

  5. Re:IE still #1 a-ok by EggyToast · · Score: 3, Insightful
    Imagine a company making a CD-Burning program that spit out a coaster 50% of the time and garbled data, resulting in 20% corrupt files of the "good" 50% discs.

    Of course, there were settings you could change that would fix that. They were in Advanced>Settings>Options>Burning>Defaults>Input. You just had to uncheck "Always burn with error correction (may cause some discs to burn slower)" which simply fixed the garbled data, and "Always burn with high-precision laser" (so you don't get coasters). Checking those 2 boxes results in the application working perfectly every time.

    Would anyone use that? No! People would laugh it off and comment on just how stupid it is. Why IE gets a free pass for almost the same transgressions is beyond me. Oh, wait, no it isn't -- it's because people started using it years ago and are afraid of changing to something better because it's "different." "I've already got those boxes checked."