Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Updated to 1.0.4

Posted by Zonk on from the patching-the-fox-hole dept.

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

29 of 454 comments (clear)

  1. Update process... by sznupi · · Score: 5, Interesting

    yes, I know the arguments behind it...but it would be relly nice if update didn't involve simply downloading installer (on mine 128kbps it's so so...and on slower?)

    --
    One that hath name thou can not otter
    1. Re:Update process... by iamjoltman · · Score: 5, Informative

      I believe that a patch update system will be implemented starting with Firefox 1.1

    2. Re:Update process... by 88NoSoup4U88 · · Score: 5, Interesting
      So can you tell me what the argument(s) behind it are ?

      I find it very strange that the people I have converted (mostly not too tech-savvy) to using Firefox, still have to make re-installs themselves.

  2. Quick and serious on security by xiando · · Score: 5, Interesting

    These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!

    --
    9/11: Never forget it was a false-flag operation
    1. Re:Quick and serious on security by portwojc · · Score: 4, Insightful

      Yes excellent work.

      Hopefully the mainstream news sources I saw will report this just as they reported the problem. I'm not holding my breath though.

    2. Re:Quick and serious on security by Hungry+Student · · Score: 5, Informative

      I would've shared your cynicism had I not just logged onto the BBC news website and seen their Latest News ticker show the words "The makers of Firefox say the two flaws in the open source browser have been fixed.", linking to this story of theirs, posted at 17:01BST, 16:01GMT.

      A good, accurate followup to their original "Critical flaws found in Firefox" story

  3. Already upgraded by Walkiry · · Score: 4, Interesting

    Posting from 1.0.4 right now. Funny thing, after I upgraded and restarted the browser, I still had the "updates available" little red arrow on the top right corner of the browser. After checking for upgrades (and finding none), it's disappeared. Bug? Leftover registry entry or config file from 1.0.3?

    --
    ---- Take the Space Quiz!
  4. Dude at work by PlancksCnst · · Score: 5, Funny

    This guy at work noticed I was using firefox (he's an IE user), and said, slyly, "You know, there's a couple of really bad security holes." Good think FF fixes their holes faster than MS.

    1. Re:Dude at work by OwlWhacker · · Score: 5, Funny

      This guy at work noticed I was using firefox (he's an IE user), and said, slyly, "You know, there's a couple of really bad security holes."

      That's like somebody seeing you kissing and saying "You can get diseases from that", yet they themselves are in a sexual relationship with somebody who is highly promiscuous with junkies.

      --
      Linux/Open Source/Anti Microsoft News
  5. Vulnerabilities everywhere. by CABAN · · Score: 4, Funny

    Next time I try to help a friend out I'm not suggesting firefox. I'm suggesting Netscape! Wwwait.

  6. Mozilla Suite updated as well by iamjoltman · · Score: 5, Informative

    It should be noted that the Mozilla Suite has also relased an update, 1.7.8.

    1. Re:Mozilla Suite updated as well by chrae · · Score: 4, Funny

      It seems that the Mozilla Suite has lost a lot of it's sex appeal. Firefox gets all the attention and Mozilla is the fat friend you gotta be nice to.

    2. Re:Mozilla Suite updated as well by mat+catastrophe · · Score: 4, Funny

      But, you know, the fat friend will still love you after the sexy one leaves you for another.

      --
      sig not found
  7. Mirrors by bunburyist · · Score: 5, Informative

    Mozilla.org will probably get hammered!! Here's a google cache of the Firefox Mirror List

    And while you're at it don't forget those extensions:

    FoxyTunes: http:www.iosart.com/foxytunes/firefox/

    AdBlock: http://adblock.mozdev.org/

    Or you can just go get more at: update.mozilla.org

    Happy Browsing!

  8. Impressive by PenguinBoyDave · · Score: 5, Interesting

    While I don't care for the update process, I am exceedingly impressed that Mozilla makes fixes so quickly, and doesn't try to hide them (like another browser company has done in the past). Professionalism...very nice to see this from Mozilla. Kudos!

    --
    I'm not a troll, but I play one on Slashdot.
  9. Re:Many Eyes ? by ssj_195 · · Score: 4, Insightful
    They do, to an extent (but this does not magically prevent a product from *being released* without bugs), and yes it does, just like all software. It's worth noting that most (all?) of these bugs have been found precisely by these eyes that are looking over the code.

    Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.

  10. Good, but I wish there was remote updating by Anonymous Coward · · Score: 5, Interesting

    As a system admin for our company, every new Firefox release means that I will have to go around to 150 workstations and manually reinstall the browser again to keep it up to date. I wish there was some sort of way to remotely update the browser on all machines or a way to patch vulnerabilities without a full reinstall.

    1. Re:Good, but I wish there was remote updating by LnxAddct · · Score: 5, Informative

      As a system admin for your company, you should use a msi package, but if for some reason you can't, firefox's installer can be fully scripted by simply passing it some args and turning on the quiet switch(or invisible or something switch, you'll have to look it up).
      Regards,
      Steve

  11. Re:Language Not Available!! by un1xl0ser · · Score: 5, Funny

    Why don't you upgrade your language from British English to American English?

    That would solve both problems.

    --
    v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
  12. Amazingly fast response by jbarr · · Score: 5, Interesting

    My wife pointed out an article on Google News (that I had already seen earlier) showing that Firefox had some security vulnerabilities. She winced because I had just converter her to Firefox. I told her not to worry. I said, "Mark my words, there will be a security fix within a week." Well, today the fix was released and she was impressed. Not only has the Firefox development team improved the product, but they have made my wife happy! Life is good!

    --
    My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
  13. Re:One of the reasons i use Firefox. by 3terrabyte · · Score: 4, Interesting
    True. True.
    I switched to Firefox because I was sick of using IE. Ever since I've switched, AdAware has found ZERO spyware/malware incidents!

    To IE's meager defense, I'm sure there might have been a setting somewhere that might have tightened up the holes, but switching to Firefox has been easier. Plus, I'm addicted to the tabbed browing.

    --

    Why are there only 19 people folding@home for slashdot?

  14. Bleeding edge by imipak · · Score: 5, Informative

    Although I've been an enthusiastic mozilla/firefox user & supporter since the late 90s (yes I was browsing with a 'naked' gecko control, HA! :P) I was surprised to find I'd lost track of development to the extent that I didn't realise the trunk builds have a much more up-to-date gecko engine. The gecko in the 1.0.x series (inc. 1.0.4) are a year old! Those users who prefer livin' on the edge might prefer to get a faster, smaller, much less memory-leaky build from: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nigh tly/latest-trunk/

  15. In related news... by amichalo · · Score: 5, Funny

    ...FireFox downloads double to 100 Million!

    --
    I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
  16. Re:Locales by InsideTheAsylum · · Score: 5, Funny

    You know, you don't have to wait for Firefoux to come out, you can just use the regular old Firefox..

  17. Yes, but ... by thinkfat · · Score: 5, Insightful

    ... as soon as the first proof of concept evolves into a worm, they will experience what it means to be deployed on millions of internet-connected pc's of clueless users.

    Rule #1: doesn't matter how fast you output a security update, if it's not being installed.

    Unfortunately it's not enough for an update to _exist_.

    1. Re:Yes, but ... by jbarr · · Score: 4, Insightful

      And therin lies the double-edged sword. Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's. Yet, in order to ensure security, an auto-update feature really becomes necessary. Of course, Microsoft and the Mozilla Foundation as companies are viewed with very different levels of "trusts." Unfortunatly, not everyone will be satisfied.

      Personally, instead of displaying the tiny unobtrusive update indicator as it currently does, I would love see Firefox do something like change the window color to red and display a system message dialog stating the problem with a link to the update. Maybe a good compromise?

      --
      My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
  18. Re:Middle click new tab on Mac by DrWhizBang · · Score: 4, Funny

    Aren't all clicks with a Mac middle-clicks?

    --
    Schrodinger's cat is either dead or really pissed off...
  19. news? by Errtu76 · · Score: 4, Insightful

    Disclaimer: I like firefox. I use firefox.

    Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:

    product | version | last update
    firefox | 1.0.4 | today

  20. Re:IE still #1 a-ok by Ath · · Score: 4, Funny
    All this "IE is the Sux04rz" talk makes it very apparent that the people getting infected either have no clue about how to configure a secure computer, or have no scruples on what they click "OK" to.

    Boy, I cannot agree with you more. If you have half a clue, then IE is easy to make secure. I just went into Tools - Internet Options and set the Security policy to Restricted Sites, turned on popup blocking (after I obviously installed SP2), set my Privacy level to High (because everyone except an idiot knows this is how to disable Cookies), and then installed all the hot fixes from MS. If you are too lazy to maintain your software properly then you shouldn't even have a computer. Just get a Mac or something.

    It's like all those people who complain about safety problems in cars. My Pinto is safer than almost every car out there. All that with almost zero risk of theft. I strapped some padding onto the rear bumper and put some steel reinforcement plating around the gas tank. There is almost no risk to myself or my passengers of a ruptured fuel tank, all because I took the time to fix an inherent problem in the design of the ... wait .... err ... I gotta go.