Firefox update fixes critical bug brace
Just off the production line
Customer Success Testimonial: Recovery is Everything
Mozilla published a new version of its Firefox web browser on Tuesday that fixes five security vulnerabilities, two of which it rates as critical.
Firefox version 3.0.2 fixes a memory corruption bug and a separate critical bug involving privilege escalation and the XPCnativeWrapper component of the browser. Both create possible mechanisms for hackers to inject hostile code into vulnerable systems using rigged websites, or perform similar tricks.
The same two critical bugs are fixed in Firefox 2.0.0.17, for those still using the earlier version of the browser. There's no evidence that either critical flaw has been exploited by hackers but prudence would steer towards early patching. Judging from past experience automatic updates from Mozilla will appear in about a day or so.
The updates also fix three lesser flaws - two of which are rated as moderate and one of which earns a low risk rating.
All five flaws are explained in Mozilla's release notes here and there's additional commentary from the good folk of the Internet Storm Centre here. ®
COMMENTS
re: ACIDity
Well, that's just great: with IE I can site and look at a badly rendered ACID 3 page, while with FF3, Chrome, Opera or Safari you can sit and look at a slightly less badly rendered ACID3 page. Yay! for the intertubes, eh. Meanwhile, with the exception of CSS test suites and the odd Freetard trying to "stick it to t3h man", the rest of the web is built to work with IE6 and 7 because that's 85% of the browsers out there.
And I assume that the people who are asking why a FF update's a PITA are managing single-machine sites (mom's basement, perchance?) 'cos managing large installations of Firefox is going to involve a lot of deskside visits, or some degree of skill in packaging it for pushing out through a large AD infrastructure.
Acidity
IE 6 (installed at work) completely balls ups on Acid 2, and only scores 12/100 on Acid 3. IE8 only manages 21/100.
FF3.0.2 (installed on my USB HDD) completely passes Acid 2, and scores 71/100 on Acid 3.
Shiretoko (installed back at home) manages 84/100 on Acid 3.
Chrome manages 71, Opera 74 and Safari 75.
So practically anything's better than Internet Exploder. And if the site you're trying to visit will "only" display in Bill's Browser, send an email to the site admin telling them their site (a) isn't standards compliant, (b) isn't DDA compliant, and (c) can't be viewed by over 20% of the online community. If they refuse, threaten them with a visit from Simon, who will quickly show them an entirely new way of looking at their stairwells or lift shafts... :)
Friends Don't Let Friends IE.
Go back to IE? Are you crazy?
Why would you want a buggy, take over your system, un-secure, in-secure, ask lots of permissions, and reboot NOW, and screw your whole day up, reset your preferences, change your energy settings, and insert a WHOLE BUNCH of UNWANTED NON-USER FRIENDLY GIBBERISH CODE EXTENSIONS THAT EVEN A GEEK CAN'T UNDERSTAND browser, when you could have FireFox, a dependable, multi-featured, highly modifiable, SECURITY UP TO DATE BROWSER, that lets you have the power to choose the timing, and options YOU want, When you want, How you want, or not? Mozilla even explaines what the updates are in simple language, so all know what will be affected, and why!
G O B A C K T O I E ?
ARE YOU C R A Z I E ?
Paris cries (she is really laughing inside) when someone is dumber the she is!
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
