Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 3.0.1 Fixes 'Carpet Bombing' Issue

Posted by CmdrTaco on from the break-out-the-bug-spray dept.

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

4 of 168 comments (clear)

  1. Re:Who Cares... by bconway · · Score: 5, Informative

    Actually, it's a .0.1 release. Firefox 3.1 (alpha due this summer) has a lot of new features that didn't make it in time for 3.0.

    --
    Interested in open source engine management for your Subaru?
  2. To to prevent the issue I need to use Firefox? by techess · · Score: 5, Funny
    From http://www.mozilla.org/security/announce/2008/mfsa2008-35.html

    Workaround
    This attack only works if the user is using another internet-connected application with Firefox not running. Using Firefox, or making sure it is at least running, prevents this attack.

    I had to giggle at the workaround. To prevent a firefox flaw from biting you, you need to have firefox open. Phew, I'm so glad I'm safe.

    --
    Don't anthropomorphize computers. They *hate* that.
  3. Re:"awesome bar" by -Tango21- · · Score: 5, Informative

    Hmm, a Google search reveals that while the "awesome bar" is still the default, you can disable it by following the directions below (but, maybe you already knew this):

    1. Type about:config into the location bar and change the value browser.urlbar.matchOnlyTyped to true. After this, you need to restart Firefox. All this does is make it so that Firefox only searches the URLs you have typed and not the titles of pages.

    2. Install the Old Location Bar extension. This changes the location bar so that it looks like how it looked in Firefox 2. As of me writing this post, it is an experimental addon so you will need to register to the Firefox addon service to install it.

  4. Re:And this is why... by Spy+der+Mann · · Score: 5, Informative

    ... I didn't download Firefox 3 when it came out. In fact, I'm still on Firefox 2, and I'm sure a good percentage of fellow /.ers are as well.

    Um... the carpet bombing vulnerability also affects Firefox 2. It looks like someone is in trouble :)