Sign in / up

back to article Mozilla downplays risk from unpatched flaw

There are conflicting reports as to whether a flaw in a new version of Firefox is exploitable or not. Firefox 3.5.1, published only last week in rapid response to an unpatched vulnerability discovered days earlier, is itself vulnerable to a bug involving the handling of very long Unicode strings. Reports by security …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. eJ2095

    The Children

    Wont somebody think of the children....

    Sorry was watching Simpsons Episode with the bears in the other night and that just sprang to mind..

    Think i will have to dig out "Voyager" as my browser of choice...... (Name the Operating System this appeared on and no Googleing!!)

    0 0
  2. David Viner Silver badge
    Happy

    Amiga

    (and no I didn't Google)

    0 0
  3. Pete Spicer

    Hmm

    @ej2095... AmigaOS, anyone? Voyager was nice in its day.

    While there is debate over whether this is a security hole or not, I don't actually care. A bug that is known to cause a crash should be fixed - exploitable or not.

    0 0
  4. Paul Martin

    Misdirection?

    The big security problem with 3.5 is not that but with the JIT Java compiler.

    http://www.linuxjournal.com/content/jitter-bug

    0 0
  5. Nuno trancoso

    @eJ2095

    Was AmigaOS, Voyager sucked, IBrowse ftw :)

    AS for the flaw, sure hope they're not taking a "sinks head in sand" posture... Flat out saying "CANT BE EXPLOITED" is a dangerous thing...

    0 0
  6. Anonymous Coward
    IT Angle

    Weary

    ...is anyone else getting slightly weary of this near-constant updating of firefox? It feels like every time I open firefox on any of my 4 machines, I'm waiting for an update to complete - either to FF itself, or to adblock or other plugins.

    And if it's a machine I use rarely (a kitchen eeetop), I've also got AV and Windows updates to do as well. A 2 minute browser session to find a recipe turns into a 20 minute Admin session. And only if there's no reboots required. Which there usually is.

    Makes me almost want to switch back to...no wait; maybe not.

    IT - because surely it should be better than this?

    0 0
  7. eJ2095

    @Nuno trancoso

    Oh yeh forgot about Ibrowse..

    Makes me smile still.. Mind you though i did have all 3 installed Aweb, Ibrowse, Voyager.

    used to switch between the 3 if a certain site/sites miss behaved.

    All good fun (When computing was fun)

    0 0
  8. BlueGreen

    AC 11:39 - use your common sense

    if you don't *want* to update then *don't*. Being told there are new versions available is informational - the puppy won't get shot if you ignore them.

    Wait for the new version to settle down before upgrading (I still use 3.0.11). Don't upgrade your addons unless you have to. If you NoScript your JScript and don't browse a wide range of sites, you've mitigated your risk hugely. If an addon just provides functionality you don't need rather than being a security risk, or you just don't use that addon any more, consider not updating.

    Blech, I think moz ought to add a little "..but you don't have to" on their update popups. I could perhaps write an addon to do it...

    0 0
  9. Bassey

    Re: Weary

    Unless your house it about a mile long would it not be quicker to walk to one of the other PC's, lookup the recipe, print it off and walk back to the kitchen?

    And if your house is a mile long a) Well done, b) Why are you cooking?

    0 0
  10. Anonymous Coward
    Anonymous Coward

    @Weary #

    Isn't it better to have daily updates of patches for an issue than have that same patch sit for weeks before it's released? Less time for possible exploits to take place and all that.

    0 0
  11. Tom 13

    @Pete Spicer

    A bug that causes a crash needs to be fixed by the end of the month. A bug that causes a security breech needs to be fixed by the end of the day. They didn't say they weren't going to fix it, they only claim it doesn't risk your data.

    0 0
  12. Fatman
    Pint

    @Weary

    I have solved the update problem for the machines I have here. Only one machine does any checking for addon or Firefox updates; the others are set NOT to check for updates. I download all of those updates to that machine, and from it, gang update the other machines once a week. It works for me, and it is not a PITA.

    0 0
This topic is closed for new posts.

Other stories you might like