back to article Firefox updates, blitzes trio of critical bugs

Mozilla pushed out a new update of Firefox on Thursday that fixes ten security vulnerabilities, three of which are deemed critical. The trio of critical patches for Firefox variously fix vulnerabilities including web browsing history and forward navigation stealing bugs; a privilege escalation flaw that creates a …


This topic is closed for new posts.
  1. Anonymous Coward
    Paris Hilton

    'on a special Valentine's Day edition of Patch Tuesday'

    scared me a bit there, booked McDonalds for Thursday..

  2. Rick Stockton
    Thumb Up

    Nice of to publish fixes WHEN IT'S READY,

    instead of "holding it back" and leaving users vulnerable for additional days or weeks (as Microsoft does). As Microsoft does. I guess it saves them lots of money to update their "Windows Update" process only once a month, instead of doing it as needed.

    My roughly-equivalent Linux feature, "Mandriva Online", checks for and finds updates every few hours-- for EVERYTHING, including application programs. Much Faster and Nicer to use, too-- a regular User can run it with their limited permissions password, being restricted only to the Update Sources which I have defined as being appropriate for automatic updates.

    - - - - -

    This all leads to the question, is Microsoft Windows really ready for the desktop? Their whole software maintenance design and implementation is a God-danged mess, and doesn't even handle any applications at all.

  3. suc

    Firefox is still vulnerable to directory trasversal flaw!

    Firefox is still vulnerable to directory trasversal:

    "don't patch vulnerabilities

    for fifty percent, take the time and fix the cause. Because directory

    traversal through plugins is all nice and such, we don't need it. We

    can trick Firefox itself in traversing directories back. I found

    another information leak that is very serious because we are able to

    read out all preferences set in Firefox, or just open or include about

    every file stored in the Mozilla program files directory, and this

    without any mandatory settings or plugins."


    @name: Firefox <= information leak pOc

    @date: Feb. 07 2008

    @author: Ronald van den Heetkamp



    pref = function(a,b) {

    document.write( a + ' -> ' + b + '<br />');



    <script src="view-source:resource:///greprefs/all.js">


  4. Anonymous Coward


    The flaw you mentioned only seems to work when the script is accessed from the local file system - if it's on a server nothing happens, so it's not really much of a problem.

  5. suc

    it works from remote

    a web site is able to steal your local files.

  6. Anonymous Coward


    I'll downgrade my browser to Failfox - The day you pack ice skates for your journey to the seventh circle of hell.

  7. Chris

    @Rick Stockton

    '"Windows Update" process only once a month' - well to be fair, it's once a week - hence Patch Tueday. And occasionally they do release very important patches outside of this scheme.

    People seem to get ridiculously protective over this - it's only a browser. ALL of them have security holes and incompatibilities. The only reason why Firefox was any more secure when it first started was becuase no-one was using it. Why would hackers bother? As it's gained popularity (Just like OS-X) more and more hackers have found ways of exploiting it.

    People are very quick to slate Microsoft over these kind of issues, despite the fact that Windows has to cope with an incredible range of software and hardware configurations, and a massivley higher level of hackers turning their attentions to it. Don't get me wrong - I think Windows and Microsoft generaly are pretty pony, but Windows and IE still own a huge majority of the market (80%-90% for windows, 65% ish for IE) and that makes it a lot harder for them.

    I'm sure most of us can agree, if nothing else, if you keep your copy of any browser up to date, and don't visit any really dodgy sites (and have some AV etc.) you'll be fine.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021