Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release

Posted by Soulskill on from the sooner-than-later dept.

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."

8 of 140 comments (clear)

  1. Re:What kept them? by bunratty · · Score: 3, Informative

    Because the vulnerability was not disclosed to Mozilla at first.

    --
    What a fool believes, he sees, no wise man has the power to reason away.
  2. Re:What kept them? by NotQuiteReal · · Score: 4, Funny

    Lynx is pretty secure

    --
    This issue is a bit more complicated than you think.
  3. Someone enlighten me by mrsteveman1 · · Score: 3, Insightful

    Why are companies so unwilling to micro-patch their software? If Mozilla has a fix NOW, why are they waiting another ~2 weeks to push it out with the next minor upgrade? Just to avoid making users upgrade too often?

  4. Re:Planning? It's not enough! by maxume · · Score: 5, Informative

    Are you being intentionally ridiculous?

    The fix is in the latest beta release already, that binary is slated to be the release candidate, and if testing goes well, it will be the release.

    --
    Nerd rage is the funniest rage.
  5. Re:Planning? It's not enough! by Athanasius · · Score: 4, Informative

    As someone else already quoted:

    Mozilla already has released a beta build of Firefox 3.6.2, which contains the fix for the unpatched vulnerability

    You can already go and download that 3.6.2 beta if you want, I did.

    The 'planning' is about the data of 3.6.2's release, not whether or not it will have this fix included.

  6. Re:OMFG by wizardforce · · Score: 4, Insightful

    Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response.

    Secunia: omfg Firefox has a vulnerability!!!
    Mozilla: ok so what are the specifics?
    Secunia: ...
    Mozilla: Hello?
    Secunia: ...
    Mozilla: Anyone?
    Secunia a few days ago: Right then... here are the details...
    Mozilla: *patched beta*

    --
    Sigs are too short to say anything truly profound so read the above post instead.
  7. Re:1.5 months for a response and release?! by daveime · · Score: 3, Funny

    Welcome to the FOSS bug patching system

  8. Re:Updating... how to? by Bambi+Dee · · Score: 3, Informative

    When I go to mozilla.com, a big green button offers me a .tar.bz2 with a distro-agnostic Firefox binary. Isn't that what you mean?