Star Mozilla Patches Firefox Security Flaw
Linked by Thom Holwerda on Fri 23rd Feb 2007 22:23 UTC, submitted by anonymous
Mozilla & Gecko clones Mozilla today released updated versions of the Firefox browser, v1.5.0.10 and v2.0.0.2, for Windows, Mac, and Linux, which close a major security flaw called the 'location.hostname vulnerability'. The fix stops hackers from being able to tamper with how websites are displayed.
E-mail Print r 0   30 Comment(s) http://osne.ws/ddy
Thread beginning with comment 216172
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Auto-update rocks
by norxh on Sat 24th Feb 2007 17:08 UTC in reply to "RE[2]: Auto-update rocks"
norxh
Member since:
2005-08-08

"I run linux and have installed firefox in my home directory so it can do automatic updates"

albeit unlikely, any process running in your user account can modify the binary? kinda defeats the purpose of the security model. not a good solution.

it would be nice if firefox notified regular users (windows or linux) of updates too so you could switch to admin or root respectively... or maybe even allow you to click update, and prompt for credentials to runnas/sudo.

Reply Parent Bookmark Score: 1

RE[4]: Auto-update rocks
by stuhood on Sat 24th Feb 2007 18:14 in reply to "RE[3]: Auto-update rocks"
stuhood Member since:
2006-07-11

That's the purpose of your distro's update software... it would be a bit redundant to have two alerts.

Reply Parent Bookmark Score: 2

RE[5]: Auto-update rocks
by jessta on Sat 3rd Mar 2007 07:59 in reply to "RE[4]: Auto-update rocks"
jessta Member since:
2005-08-17

Very true.
Firefox shouldn't inform people of updates at all.
The only reason it does is for windows users who don't have a proper package management system.

Reply Parent Bookmark Score: 1