Welcome to WebmasterWorld Guest from 18.206.48.142

Forum Moderators: open

Message Too Old, No Replies

Firefox 1.5.0.2 released - fixes serious security hole

Remote code execution problems

     
6:44 pm on Apr 14, 2006 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9074
votes: 6


[eweek.com...]
Mozilla has released a new version of the Firefox Web browser with what is described as "significant security and stability improvements." (...) the most serious flaw could allow "remote code execution" attacks.

The article also notes that:

Users already running Firefox 1.5 will receive an automated update notification within 24 to 48 hours.

See also:
[mozilla.com...]

6:47 pm on Apr 14, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Most of these fixes also apply to SeaMonkey, and will probably be rolled into Mozilla Suite as well (I hope).

Jim

6:57 pm on Apr 14, 2006 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9074
votes: 6


It sounds a similar problem to that fixed by 1.5.0.1 - see:

[mozilla.org...]

In that case, Firefox 1.0.x and Mozilla 1.7.x weren't affected as the error was in newer code. There has been no release of a new Firefox 1.0.x version this time either - but I can't find anywhere whether FF 1.0.x and Mozilla 1.7.x are still properly supported by Mozilla (I sincerely hope they do - it would be a bad sign if they abandoned those products so quickly).

7:09 pm on Apr 14, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Firefox 1.0.8 was also released with these latest fixes -- See the release notes.

They do state that FF/1.0.8 will be the last 1.0x release for Firefox.

I would expect Mozilla/1.7.13 within a couple of weeks if they do decide to incorporate these fixes into Mozilla Suite.

Jim

7:19 pm on Apr 14, 2006 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9074
votes: 6


Thanks Jim - so we have a Firefox 1.0.8:
[mozilla.com...]

And a SeaMonkey 1.0.1:
[mozilla.org...]

The vulnerabilities page is here:
[mozilla.org...]

The problematic bug appears to be this one:
[mozilla.org...]

Workaround
Disable JavaScript until you upgrade to a fixed version.

Nothing mentioned for the Mozilla Suite yet - this may be an ideal time to move over to SeaMonkey 1.0.1 which represents the best direct upgrade path from the Mozilla suite.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members