Firefox 3.0.1 Fixes 'Carpet Bombing' Issue

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

To to prevent the issue I need to use Firefox?

[techess]

From http://www.mozilla.org/security/announce/2008/mfsa2008-35.html

Workaround
This attack only works if the user is using another internet-connected application with Firefox not running. Using Firefox, or making sure it is at least running, prevents this attack.

I had to giggle at the workaround. To prevent a firefox flaw from biting you, you need to have firefox open. Phew, I'm so glad I'm safe.

Ironic timing

As I was reading this post, the update was auto-downloading.

Re:"awesome bar"

[tehBoris]

I kinda like the so called awesome bar. What's wrong with it?

The oldies want their URL bars to match URLs and those pesky kids to GET OFF THEIR LAWNS!

Re:Workaround

[igaborf]

So as long as you use Firefox all day long, you will not be affected.

"But boss, I have to browse the Web all day."

Re:Who Cares...

[Godji]

Safari has gone through a couple *.*# and a whole #.0 in the last few months for Mac, Win and Mobile...

And Internet Explorer is still going through lots of *&^%$#@!

Re:Who Cares...

[hesiod]

It seems you haven't run Windows Update for a long time then...