Firefox Updated to 1.0.4

← Back to Stories (view on slashdot.org)

Posted by Zonk on Thursday May 12, 2005 @12:54AM from the patching-the-fox-hole dept.

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

5 of 454 comments (clear)

Min score:

Reason:

Sort:

Re:Quick and serious on security by portwojc · 2005-05-12 01:00 · Score: 4, Insightful

Yes excellent work.

Hopefully the mainstream news sources I saw will report this just as they reported the problem. I'm not holding my breath though.
Re:Many Eyes ? by ssj_195 · 2005-05-12 01:08 · Score: 4, Insightful

They do, to an extent (but this does not magically prevent a product from *being released* without bugs), and yes it does, just like all software. It's worth noting that most (all?) of these bugs have been found precisely by these eyes that are looking over the code.
Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.
Yes, but ... by thinkfat · 2005-05-12 01:26 · Score: 5, Insightful

... as soon as the first proof of concept evolves into a worm, they will experience what it means to be deployed on millions of internet-connected pc's of clueless users.

Rule #1: doesn't matter how fast you output a security update, if it's not being installed.

Unfortunately it's not enough for an update to _exist_.
1. Re:Yes, but ... by jbarr · 2005-05-12 02:04 · Score: 4, Insightful
  
  And therin lies the double-edged sword. Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's. Yet, in order to ensure security, an auto-update feature really becomes necessary. Of course, Microsoft and the Mozilla Foundation as companies are viewed with very different levels of "trusts." Unfortunatly, not everyone will be satisfied.
  
  Personally, instead of displaying the tiny unobtrusive update indicator as it currently does, I would love see Firefox do something like change the window color to red and display a system message dialog stating the problem with a link to the update. Maybe a good compromise?
  
  --
  My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
news? by Errtu76 · 2005-05-12 01:59 · Score: 4, Insightful

Disclaimer: I like firefox. I use firefox.

Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:

product | version | last update
firefox | 1.0.4 | today