Firefox 3.0.1 Fixes 'Carpet Bombing' Issue

← Back to Stories (view on slashdot.org)

Firefox 3.0.1 Fixes 'Carpet Bombing' Issue

Posted by CmdrTaco on Thursday July 17, 2008 @04:29AM from the break-out-the-bug-spray dept.

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

7 of 168 comments (clear)

Min score:

Reason:

Sort:

And this is why... by arotenbe · 2008-07-17 04:39 · Score: 1, Insightful

... I didn't download Firefox 3 when it came out. In fact, I'm still on Firefox 2, and I'm sure a good percentage of fellow /.ers are as well.
Remember: if there aren't any patches for it, chances are that the reason is not that it's bug-free, but that it's still buggy.

--
Tomato wedge sperm darts that are Republican.
1. Re:And this is why... by gamanimatron · 2008-07-17 04:46 · Score: 2, Insightful
  
  I finally upgraded last night. So far, so good - it's certainly faster, and the most important mods to me (CSL and NoScript) seem to be working just fine.
  Of course, if it isn't all good then I'm screwed now, but c'est la vie.
  
  --
  cogito ergo dubito
2. Re:And this is why... by E+IS+mC(Square) · 2008-07-17 04:57 · Score: 3, Insightful
  
  Chances are that the reason is not that it's bug-free, but that it's still buggy.
  Chances are that you are not a developer.
  "He who is without a sin throw the first stone."
Re:"awesome bar" by Qzukk · 2008-07-17 05:14 · Score: 2, Insightful

Yeah, well, the FF2 bar wasn't all that hot either. The only thing more annoying than waiting for the list of sites to never come up because you started typing while another tab was still loading, is having the list of sites popup while you're typing and since you had the mouse in the wrong location when you hit enter you went to some completely different place than you had expected.
I don't care whether it's awesome or not, give me an option to make it not appear unless I press down or alt-down or tab or something that indicates that I want it to appear.

--
If I have been able to see further than others, it is because I bought a pair of binoculars.
Re:"awesome bar" by ShadowRangerRIT · 2008-07-17 05:41 · Score: 3, Insightful
1. Type 'co' in the Awesome bar. Marvel at how it "awesomely" returns every site in the .com TLD.
2. If you are the type who remembers the URL of sites you visit, it just means a bunch of false positives.
I've used it once to date, when going back to a walkthrough page on gamefaqs. 99% of the time, I know the address I'm going to, or I have it bookmarked, so the "awesomeness" is wasted on me.
--
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Re:"awesome bar" by bunratty · 2008-07-17 09:41 · Score: 2, Insightful

I finally did what you suggested and typed "co" into the address bar. It gives fifteen suggestions, although I'm sure I go to many more than fifteen .com sites. The top suggestions were for COmputer documentation for where I work, COnsumer Reports magazine, COmputer Cable Store, two sites I frequent that are .com domains, and Weather Forecast and COnditions for my city. I fail to see the problem. Care to explain?

--
What a fool believes, he sees, no wise man has the power to reason away.
A brief future history of the awesome bar by violet16 · 2008-07-17 12:25 · Score: 2, Insightful

Let me save you some time and map out your journey to acceptance of the awesome bar.
First you hate it, because it's new and different to what you expect. You are trained to use it as an address bar and nothing else, so it acting like a search bar is confusing and suboptimal to you.
At this point many people decide to trial the new bar, but you are the kind of person who tends to think he (forgive me, but he) knows what's good and what's not, and even quite enjoy the idea of customizing your Firefox. So you look for a way to preserve your old behavior. There are enough people like you to make worthwhile a mass solution: a config option and an extension.
You and your anti-awesome fellows make use of these. You occasionally grumble that the awesome bar shouldn't be default at all, but you are basically satisfied so the rest of the world hears from you less and less.
As time passes, you occasionally find yourself using other people's computers that have Firefox in a default state. This annoys you at first and if you are spending any serious time on them, you disable the awesome bar. But sometimes you're only using them briefly, so it's not worth modifying. Then, all of a sudden, you find the awesome bar useful. It's a surprise, like a door opening: you suddenly see that if you alter your behavior a little, the awesome bar could be quite useful.
From this point you never disable the awesome bar again, although you leave it disabled on your main desktop, as a matter of principle.
A new version of Firefox is released. The "Disable Firefox Awesome Bar" extension hasn't yet been updated to work on it. But by now you don't really mind. You now prefer the awesome bar. When you have to use Internet Explorer, or Firefox 2, the lack of an awesome bar bugs you. It seems so inflexible, so archaic.
A while later, the author of the awesome-disabling extension stops updating it. People forget that anybody ever didn't like the awesome bar. But this new Firefox feature, the predictive URL form mapping--oh man, that's just so horrible, why is it on by default?

--
I should buy some cement.