Critical Flaws found in Firefox & Thunderbird


Recommended Posts

The Mozilla Project has issued a warning for a series of "highly critical" security holes in three of its core projects, including its flagship Firefox Web browser and the Thunderbird e-mail client.

See this article for details:

http://www.internetnews.com/dev-news/article.php/3408301

I noticed that.... :unsure:

If the bugs reported in the article above are relating to the announcement on Mozilla.org's security page, in this press release, then any current PreRelease download should have it. Although it is not very clear. I would think that they would make it 1.0aPR or 1.0-1PR or some other designation to show that is includes the fixes which are apparently already released.

Anyone else have insight into this?

An advisory released by Secunia warned that the flaws carry a "highly critical" rating and affects all versions of the software prior to Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8.

That means that current versions of the software are clean. Or at least that's what it looks like to me

I found out more on this...

The bug fixes accompany the release of the Firefox 1.0 preview release (PR), a nearly-finished version of the project's next-generation browser.
http://www.infoworld.com/article/04/09/15/...llaflaws_1.html

and

The holes affect versions prior to Mozilla 1.7.3, Firefox 1.0PR, and Thunderbird 0.8.
http://www.theinquirer.net/?article=18460

So, it seems that .9x is safe, as is 1.0PR

Looks like the first article was a bit sensationalist. These were likely bugs in their daily builds, but not in the released versions....

I am still using 0.9.3 - should I now get the latest 1.0PR or is there a 0.9.4 out with this patch?  I couldn't see any advice on the mozilla.org site

Yeah im wondering the same! :blink:

Edit: Yeh sorry I cant read silly me :angry:

Thanks for the info mark.

For those of you running Firefox ...

Check out the WinTel optimized builds for specific CPU instruction sets...

http://www.moox.ws/tech/mozilla/

They are TREMENDOUSLY faster than the builds released by Mozilla

Per Moox's website:

Optimized Firefox & Thunderbird Builds

I build optimized builds of both the Firefox browser and the Thunderbird email client. My builds are designed for maximum speed and stability and I use both the BRANCH/AVIARY and TRUNK source trees. For the uninitiated, BRANCH builds are more stable than TRUNK builds, which are made from the absolute bleeding edge of the source code. For a complete description of the differences, please see this thread at Mozillazine. I also make milestone and release builds, as well as custom builds upon email request. Occasionally I will also do Firefox builds with SVG enabled. Additional information on SVG can be found at Mozilla and Croczilla.

I am currently releaseing three versions, or "M" builds - M1, M2, and M3. Each M version is designed for compatibility wirh particular processors and/or instruction sets.

Official thread on mozillaZine:

http://forums.mozillazine.org/viewtopic.php?t=75503

:yes:

For those of you running Firefox ...

Check out the WinTel optimized builds for specific CPU instruction sets...

http://www.moox.ws/tech/mozilla/

They are TREMENDOUSLY faster than the builds released by Mozilla

Yep, or better still use bangbang's one.

https://www.neowin.net/forum/index.php?showtopic=191297

You will need a processor that supports SSE2 though.

On topic: It seems like they announced the bug after it had been fixed. If this is so, I think that's a very good idea.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.