Slashdot Mirror


Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."

4 of 140 comments (clear)

  1. OMFG by Anonymous Coward · · Score: 0, Flamebait

    OMFG, it's a critical vulnerability and it takes ONE month for them to fix. Those dogs of redmond... That's the advantage of OS. An open source project would have issued a fix in one day....oh wait...

  2. Re:What kept them? by Anonymous+Brave+Guy · · Score: 1, Flamebait

    No one claims Firefox is perfect

    Part of the problem with trying to have a sensible discussion on this topic is that so many people do pretty much claim $FOSS_APP is perfect: with enough eyes, all bugs are shallow, yada yada. If a large chunk of your culture and advocacy is based on that sort of foolishness, you're bound to get negative press when inevitably you can't always live up to your own hype.

    Even the parent poster seems to be somewhat guilty of this, throwing in a couple of knee-jerk IE bashing responses. Have you actually looked at the security record of IE vs. Firefox in recent versions, particularly the number of vulnerabilities and the time required to get systems in the field patched against them? Firefox still runs all its tabs under the same process, so its fans are hardly in a position to be throwing stones at anyone else over security and reliability.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  3. Why Mozilla should be implemented in Java or... by Paul+Fernhout · · Score: -1, Flamebait

    This is why Mozilla should be implemented in Java, Smalltalk, Lisp, OCaml or a similar system. I don't know enough about this particular vulnerability to say if it would make a difference, but in general any garbage-collected language without obvious pointer indexing and with built-in array index checking is going to have a lot fewer low level security problems like buffer overruns or duplicate deallocations and so on that can lead to malicious code execution... Is the slight speed boost from a language like C++ worth all the extra security issues at this point, now that we have such fast computers? And with manual memory allocation and deallocation, sometimes code written in C++ can be slower than a language that takes care of it for the programmer in an optimal way... As a reminder:
        http://en.wikipedia.org/wiki/Greenspun's_Tenth_Rule
    "Any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp." (or Smalltalk or some other languages...)

    --
    A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
  4. Re:Someone enlighten me by wampus · · Score: 0, Flamebait

    And what's funnier still is that no one likes Opera or really gives a fuck about it.