Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flurry of Security Patches

Posted by timothy on from the heck-why-not-fix-those-too dept.

yggy writes "It's been a hectic day on the security patching front. Microsoft's bulletins for July include patches for three critical vulnerabilities on the same day that Mozilla releases new security updates for Firefox and Thunderbird. Not to be left behind, Apple fixed two Tiger flaws while Oracle issued a critical database server update." (See these separate stories on today's release of Firefox 1.0.5 and the 10.4.2 update from Apple, too.)

9 of 212 comments (clear)

  1. Tomorrow by mfloy · · Score: 5, Insightful

    So today we have a bunch of new patches, which means tomorrow we will have all the exploits being developed and released. The major problem with patches is they often are not installed by end users, and that is the bread and butter of zombie botnets.

    --
    Voice your opinion!
    1. Re:Tomorrow by Parham · · Score: 5, Insightful

      Luckily Windows has tried to stop this from happening as much as possible by downloading the patches in the background, and then asking you to install, and bugging you to install until you do. What I'm actually waiting for is, seeing what NEW security problems these new security fixes make. This recent article in the games section comes to mind amongst other things.

  2. And don't forget... by Afecks · · Score: 5, Informative

    ...the zlib bug

  3. Non-security fixes in Firefox 1.0.5 by Adam9 · · Score: 5, Informative

    Here's some good info that colfer from this MozillaZine thread dug up:

    1.0.5 is mainly a security fix, but I have seen a bunch of non-security fixes creep in also, such as removing the default checkbox "yes" for "make firefox my home page." This looks like a big cleanup for the 1.0.x branch, before 1.1 takes over.

    I don't know about the security fixes, besides the medium-risk frame/window spoofing thing (with 1.0.4, you should not open untrusted sites at the same time as sensitive sites...). Here are the non-security fixes (non-security as it seems to me) checked in since 1.0.4:

    https://bugzilla.mozilla.org/show_bug.cgi?id=28373 0
    "Save As" dialog tries to overwrite link/shortcut (.lnk) file instead of opening the directory/folder

    https://bugzilla.mozilla.org/show_bug.cgi?id=29521 0
    Tab title different from window title on initial load at gmail

    https://bugzilla.mozilla.org/show_bug.cgi?id=28377 7
    Right arrow key after selecting autocomplete result no longer uses selected item

    https://bugzilla.mozilla.org/show_bug.cgi?id=29123 2
    update installer packages should offer unchecked check box for setting start page

    https://bugzilla.mozilla.org/show_bug.cgi?id=29106 4
    Helper app dialog incomplete for non-nsStandardURL types

    https://bugzilla.mozilla.org/show_bug.cgi?id=26553 6
    (64-bit only issue)

    https://bugzilla.mozilla.org/show_bug.cgi?id=24563 1
    Crash loading (particular) .ico file

    https://bugzilla.mozilla.org/show_bug.cgi?id=14181 8
    Table with large rowspans and colspans hangs the browser

    https://bugzilla.mozilla.org/show_bug.cgi?id=28800 6
    Drag image across browser windows --> crash

    https://bugzilla.mozilla.org/show_bug.cgi?id=29505 2
    Obscure Javascript crash

    https://bugzilla.mozilla.org/show_bug.cgi?id=29627 0
    Default user agent problem (AIX platform only)

    https://bugzilla.mozilla.org/show_bug.cgi?id=28081 3
    Crash on OS/2 platform

    https://bugzilla.mozilla.org/show_bug.cgi?id=29377 8
    bookmarks toolbar missing in 2nd opened window, links in second window possibly cause crash

  4. Re:Open source by pintomp3 · · Score: 5, Funny

    when microsoft releases security updates, it's cuz the software is crap. when others do it, it's cuz the software rocks. no double standards here. maybe it's like when girls get naked. if she's good looking, makes it better. if your she's bad looking, much worse. microsoft may be bloated, but needs love just like everyone else.

  5. Well bugger, my bug isn't fixed... by ChrisKnight · · Score: 5, Interesting

    After taking to Apple tech support about my X11 problem, and having them refuse to help, I guess I'll just have to follow the MS support path and re-install the OS.

    The sysadmin mantra lives on: All operating systems suck, they just suck differently.

    -Chris

    --
    -- This sig is only a test. If this were a real sig it would say something witty. --
  6. Re:But wait... by Caledai · · Score: 5, Insightful

    Nah - its not that Microsoft sucks because the release patches.

    Neither does OS suck because they release patches.

    Its because microsoft takes so long to release patches for certain vulnerabilities that have been documents - even up to half a year before..

    And that the continue to promote products that have been proven to be seriously flawed, and release new versions without those flaws fixed.

    There is a difference between releasing a product, and then patching it - and releasing a product knowing it needs patches before its released.

    I gotta admit - look how much testing the do on the patches they do release. Service Pack 2 anyone?

    --
    Although it can be funny, tell them to plug the power in.
  7. Fx 1.0.5 fixes and NoScript by Anonymous Coward · · Score: 5, Informative

    Among the other fixes, Firefox 1.0.5 contains a patch to CAPS (Configurable Access Policies) that finally eliminates crashes reported by users of the NoScript extension. This should make Firefox users even more safe: its "whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality"...

  8. Re:Safari now FAILS "Acid test" by Kyro · · Score: 5, Informative

    It only passes if you use a nightly. A shipped release has never passed the acid 2 test.

    --
    save the GNUs!