Slashdot Mirror


Firefox 3.0.1 Fixes 'Carpet Bombing' Issue

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

2 of 168 comments (clear)

  1. To to prevent the issue I need to use Firefox? by techess · · Score: 5, Funny
    From http://www.mozilla.org/security/announce/2008/mfsa2008-35.html

    Workaround
    This attack only works if the user is using another internet-connected application with Firefox not running. Using Firefox, or making sure it is at least running, prevents this attack.

    I had to giggle at the workaround. To prevent a firefox flaw from biting you, you need to have firefox open. Phew, I'm so glad I'm safe.

    --
    Don't anthropomorphize computers. They *hate* that.
  2. Re:Who Cares... by hesiod · · Score: 4, Funny

    It seems you haven't run Windows Update for a long time then...