back to article Mozilla ships first security update for Firefox 4

Mozilla has issued the first ever security update for Firefox 4.0, including a fix for two chunks of code that allowed attackers to override a key security protection baked in to recent versions of the Windows operating system. The slip up in the two WebGLES graphics libraries, which Mozilla added to the latest version of the …


This topic is closed for new posts.
  1. Anonymous Coward

    "The First Ever"

    So? Are we supposed to break a bottle of champagne over it?

    There are going to be many such updates: just, this is number one. No big deal.

  2. Richard Tobin


    "including one in the XSLT generate-id() function heap"

    There's no such thing as a function heap. The actual description is "XSLT generate-id() function heap address leak" which means revealing a heap address in the generate-id() function.

  3. Anonymous Coward
    Anonymous Coward

    Q/A what the hell is that!

    With an application that's deployed as widely as Firefox, surely their code goes through some kind of Q/A process? I would have hoped that the process checks for more than simply a successful compilation.

  4. Richard 33


    It's not clear from your article, but ASLR has been available on "other platforms" (specifically Linux and OpenBSD) since 2005, and is routinely used when compiling all programs including Firefox. Microsoft were late to the game.

  5. M.A

    firefox losing it?

    Firefox was renound for being the most secure browser i hope this not going to tarnish that too much.

  6. william_7

    release notes

    url for release notes:

    fairly sure in my guessing that their 'update' built in feature of firefox is a fairly robust download manager - yet still there is no effective download manger in ff4.

    I am glad to see the bug whereby 'pdfs larger than 5mb not being viewable' is marked as being fixed.

  7. The BigYin


    ..."World Biggest Pac Man" still doesn't work. Who's to blame? MS for not sticking to the proposed-Standards, or Mozilla for not correctly implementing same?

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022