Star Mozilla Patches Firefox Security Flaw
Linked by Thom Holwerda on Fri 23rd Feb 2007 22:23 UTC, submitted by anonymous
Mozilla & Gecko clones Mozilla today released updated versions of the Firefox browser, v1.5.0.10 and v2.0.0.2, for Windows, Mac, and Linux, which close a major security flaw called the 'location.hostname vulnerability'. The fix stops hackers from being able to tamper with how websites are displayed.
E-mail Print r 0   30 Comment(s)
Order by: Score:
Add Comment Post a Comment
v firefox great
by happycamper (2.04) on Fri 23rd Feb 2007 23:16 UTC
v RE: firefox great
by TaterSalad (3.04) on Fri 23rd Feb 2007 23:27 UTC in reply to "firefox great"
Auto-update rocks
by siimo (3.48) on Fri 23rd Feb 2007 23:44 UTC
siimo
Member since:
2006-06-22
Fans: 0

Thanks for news. I was about to go and update it through the program but seems like it's automatically updated and asked me to restart Firefox :-)

Reply Bookmark Score: 2 Flag

RE: Auto-update rocks
by jessta (3.76) on Sat 24th Feb 2007 06:16 UTC in reply to "Auto-update rocks"
jessta Member since:
2005-08-17
Fans: 3

Running as Administrator ey?

Reply Bookmark Score: 2 Flag

RE[2]: Auto-update rocks
by siimo (3.48) on Sat 24th Feb 2007 06:18 UTC in reply to "RE: Auto-update rocks"
siimo Member since:
2006-06-22
Fans: 0

No i am not. I run linux and have installed firefox in my home directory so it can do automatic updates :-)

Reply Bookmark Score: 5 Flag

RE[3]: Auto-update rocks
by norxh (1.5) on Sat 24th Feb 2007 17:08 UTC in reply to "RE[2]: Auto-update rocks"
norxh Member since:
2005-08-08
Fans: 0

"I run linux and have installed firefox in my home directory so it can do automatic updates"

albeit unlikely, any process running in your user account can modify the binary? kinda defeats the purpose of the security model. not a good solution.

it would be nice if firefox notified regular users (windows or linux) of updates too so you could switch to admin or root respectively... or maybe even allow you to click update, and prompt for credentials to runnas/sudo.

Reply Bookmark Score: 1 Flag

RE[4]: Auto-update rocks
by stuhood (1.1) on Sat 24th Feb 2007 18:14 UTC in reply to "RE[3]: Auto-update rocks"
stuhood Member since:
2006-07-11
Fans: 0

That's the purpose of your distro's update software... it would be a bit redundant to have two alerts.

Reply Bookmark Score: 2 Flag

Read more of this thread... >
v firefox
by happycamper (2.04) on Fri 23rd Feb 2007 23:46 UTC
v Ditch flawed Firefox; Use Opera
by Joe User (0.88) on Sat 24th Feb 2007 01:20 UTC
RE: Ditch flawed Firefox; Use Opera
by pandronic (4.08) on Sat 24th Feb 2007 06:49 UTC in reply to "Ditch flawed Firefox; Use Opera"
pandronic Member since:
2006-05-18
Fans: 1

Who asked?

Reply Bookmark Score: 2 Flag

RE: Ditch flawed Firefox; Use Opera
by stestagg (2.92) on Sat 24th Feb 2007 17:15 UTC in reply to "Ditch flawed Firefox; Use Opera"
stestagg Member since:
2006-06-03
Fans: 2

Oh. and more buggy. But hey.

Reply Bookmark Score: 2 Flag

Hmmm ...
by WorknMan (2.92) on Sat 24th Feb 2007 01:38 UTC
WorknMan
Member since:
2005-11-13
Fans: 3

Gotta wonder .. is Firefox really anymore secure these days than IE7 running on WinXP SP2? I'm not saying it is or isn't, but seems like security vunerabilities are popping up more and more for Firefox. In regard to what another poster said, I've tried setting up Opera for friends and family, but newbies generally don't seem to dig it as much as Firefox.

Edited 2007-02-24 01:39

Reply Bookmark Score: 2 Flag

RE: Hmmm ...
by Joe User (0.88) on Sat 24th Feb 2007 01:47 UTC in reply to "Hmmm ..."
Joe User Member since:
2005-06-29
Fans: 1

Why not? It's much better in all aspects...

Reply Bookmark Score: 1 Flag

RE: Hmmm ...
by butters (7.08) on Sat 24th Feb 2007 02:40 UTC in reply to "Hmmm ..."
butters Member since:
2005-07-08
Fans: 34

is Firefox really anymore secure these days than IE7 running on WinXP SP2?

It depends on the user. If you know what you're doing, they're both pretty secure. If you don't know what you're doing, they're both pretty insecure. Reverse that if you're a cracker.

Edited 2007-02-24 02:40

Reply Bookmark Score: 3 Flag

RE: Hmmm ...
by siimo (3.48) on Sat 24th Feb 2007 08:29 UTC in reply to "Hmmm ..."
siimo Member since:
2006-06-22
Fans: 0

Maybe it is just me but IE 7 UI feels sluggish on my machine compared to Firefox. For example when I open a new tab theres a slight pause before the new tab opens up. In Firefox its always instant.

I'd like to think I have a fairly modern machine and this slowdown shouldn't be there. (A64 3800+ 1GB Memory with Win XP Pro)

Reply Bookmark Score: 4 Flag

RE[2]: Hmmm ...
by Joe User (0.88) on Sat 24th Feb 2007 18:00 UTC in reply to "RE: Hmmm ..."
Joe User Member since:
2005-06-29
Fans: 1

Maybe it is just me but IE 7 UI feels sluggish on my machine compared to Firefox.

For me it's rather the other way around. While I don't have speed issues with FF, I find IE7 a little faster. It loads pages instantly.

Just don't have scripting on by default for websites. Then you are pretty safe with most browsers.

Ah, nice! You don't need Javascript to inoculate a virus into the temp directory of a computer. A JPEG image will do the trick. It's very unlikely to get a virus browsing the web. Do you remember visiting the web and your antivirus triggering alerts? Very unlikely. And when you have an updated antivirus, you're safe. Now, if you disable Javascript, most web sites will be unusable. Try it yourself to see. Most web sites nowadays use Javascript for everything, especially all Web 2.0 sites, e-commerce sites, etc...

Reply Bookmark Score: 1 Flag

RE: Hmmm ...
by fridrik (1.44) on Sat 24th Feb 2007 16:30 UTC in reply to "Hmmm ..."
fridrik Member since:
2006-06-16
Fans: 0

secure software does not exist. you would evaluate how fast and willing are ms or mozilla in applying the correct patches.
mozilla makes me feel more secure than ms. firefox bugs could even be more than ie's, nonetheless they are patched faster.

Reply Bookmark Score: 3 Flag

Opera
by driftwolf (2.8) on Sat 24th Feb 2007 02:03 UTC
driftwolf
Member since:
2006-11-30
Fans: 0

I'll use Opera when it gets a decent advertising blocker like "Ad Blocker". Until then, it's useless to me.

Reply Bookmark Score: 1 Flag

RE: Opera
by Beresford (1.84) on Sat 24th Feb 2007 03:31 UTC in reply to "Opera"
Beresford Member since:
2005-07-06
Fans: 1

It already has one called built in. I just downloaded a filter list for it which I found over here:
http://www.fanboy.co.nz/adblock/

See here for more information:
http://operawiki.info/OperaAdblock

Edited 2007-02-24 03:32

Reply Bookmark Score: 5 Flag

RE[2]: Opera
by bornagainenguin (2.64) on Sat 24th Feb 2007 23:05 UTC in reply to "RE: Opera"
bornagainenguin Member since:
2005-08-07
Fans: 5

Thank you for this, it worked a treat on my Opera install...

Hmm.... now I've just got to consider if I can find a plugin replacement for my spell checker and my media downloaders and I'll have Opera on par with my Firefox installation...

--bornagainpenguin

EDIT- fixed yo => you

Edited 2007-02-24 23:08

Reply Bookmark Score: 2 Flag

For best results
by Xaero_Vincent (4.12) on Sat 24th Feb 2007 05:47 UTC
Xaero_Vincent
Member since:
2006-08-18
Fans: 2

Use Netscape on Windows.

It has its own Security Center and uses either Gecko or Trident engines for complete compatability.

Reply Bookmark Score: 1 Flag

RE: For best results
by Varg Vikernes (1.32) on Sun 25th Feb 2007 04:47 UTC in reply to "For best results"
Varg Vikernes Member since:
2005-07-06
Fans: 2

You dare to come to a site like this and say the N word?

Reply Bookmark Score: 1 Flag

Konqueror and others ?
by xushi (2) on Sat 24th Feb 2007 06:21 UTC
xushi
Member since:
2005-08-29
Fans: 0

I switched from Firefox to Konqueror (for those who don't know, it comes with KDE) a long time ago because Konq to me feels much faster; Maybe due to it using the same libraries as KDE (like IE <> explorer?) or how simple/small it is.

But anyway, my question, I wonder how secure it really is.. If it would have the same situations as firefox did when it hit fame and propper use..

Which also makes me wonder if Opera is that famous for all the bugs and security flaws to be discovered..

While i'm at it, what about the command line links/lynx ?

Anyway, I guess my point is, every software, open or closed, has its bugs, flaws, and security issues.. What makes one distinguished is not the number of flaws discovered in a day, but how many of them are fixed and how quickly.

Cheers for Firefox.

Reply Bookmark Score: 3 Flag

RE: Konqueror and others ?
by Fergy (2.13) on Sat 24th Feb 2007 06:24 UTC in reply to "Konqueror and others ?"
Fergy Member since:
2006-04-10
Fans: 0

Just don't have scripting on by default for websites. Then you are pretty safe with most browsers.

Reply Bookmark Score: 1 Flag

RE[2]: Konqueror and others ?
by stestagg (2.92) on Sat 24th Feb 2007 17:19 UTC in reply to "RE: Konqueror and others ?"
stestagg Member since:
2006-06-03
Fans: 2

It depends on what you use the internet for, but in most cases, this makes browsing the internet pretty ugly.

Plus, in osnews v4, some features will not be available to non-js brosers (aparrently).

Reply Bookmark Score: 2 Flag

Incompatible With Java 6
by jayson.knight (3.68) on Sat 24th Feb 2007 06:53 UTC
jayson.knight
Member since:
2005-07-06
Fans: 7

Downloaded and installed the patch, and was warned that it's incompatible with the Java 6 plugin, which was promptly disabled. Not a huge deal for me, but that seems to be a pretty large break in compatibility for such a small point release.

Reply Bookmark Score: 4 Flag

RE: Incompatible With Java 6
by smitty (3.48) on Sat 24th Feb 2007 07:22 UTC in reply to "Incompatible With Java 6"
smitty Member since:
2005-10-13
Fans: 0

I got the same warning - something about the java console? Everything seems to be working fine though. I went to a page with a java applet and the about:plugins page shows java6 is enabled, so I'm not sure what happened.

Edited 2007-02-24 07:25

Reply Bookmark Score: 4 Flag

Complexity breeds complexity
by Southern.Pride (-0.68) on Sat 24th Feb 2007 16:57 UTC
Southern.Pride
Member since:
2006-09-14
Fans: 0

Today I think we all find ourselfs in the realm of complex software with bugs but instead of the code actually being re-written it is patched.

Type this in the address URL...

about:Mozilla

Reply Bookmark Score: 3 Flag

Any way to thumbs down an article?
by libray (2.28) on Mon 26th Feb 2007 16:03 UTC
libray
Member since:
2005-08-27
Fans: 1

Those not caring one way or another about non-OS-news should be able to vote such articles with a thumbs down.

Reply Bookmark Score: 1 Flag

Add Comment Post a Comment