backtop


Print 18 comment(s) - last by KamiXkaze.. on Aug 1 at 12:59 AM

New version of Firefox solves critical and moderate security risks

Mozilla’s popular alternative browser has gained another minor bump in version numbering with the release of 2.0.0.6. The new update fixes just a couple of security holes, one of them critical and the other rated as moderate.

The critical hole patched in this new version is “unescaped URIs passed to external programs,” a bug that also affects the Thunderbird mail client. The moderate security fix solved the “privilege escalation through chrome-loaded about:blank windows” flaw, which also applies to Thunderbird.

Firefox users can download 2.0.0.5 from Mozilla's homepage or use the auto update function within the browser. For those who like to live on the bleeding edge of browser software, the seventh alpha release of Firefox 3 should be available sometime later today.

Firefox has slowly but surely been gaining more acceptance among all Internet users. A recent report found that Firefox usage in Europe is nearing 28 percent, with some countries posting 47.9 percent adoption for the Mozilla browser.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

EH?
By Master Kenobi (blog) on 7/31/2007 7:53:13 AM , Rating: 2
Seems they didnt fix the problem with the password manager being hacked using javascript?




RE: EH?
By Bluestealth on 7/31/2007 12:07:59 PM , Rating: 2
I keep hearing about how it may or may not be fixed...
I assume Noscript would block this kind of attack?


RE: EH?
By Master Kenobi (blog) on 7/31/2007 1:57:26 PM , Rating: 3
Yea its an up in the air bug, no status. Last I heard all you needed to do was disable javascript execution and you were ok.


Slow load times with 2.0.0.6 in XP
By gramboh on 7/31/2007 2:51:24 PM , Rating: 2
Anyone else getting slow application load times recently with Firefox 2.0.0.6 in Windows XP? Especially after a reboot, but even after using FF for a while, closing it and reopening it, it takes up to 20 seconds. I do not hear any hard drive grinding or anything, so it's a bit odd. IE7 load instantly. This is on a C2D 3.2GHz 2GB ram, XPSP2 and freshly defragged drives. With 2.0.0.5 and before it would load instantly, even after a cold boot.




By darkfoon on 7/31/2007 4:40:28 PM , Rating: 2
yeah, I get the same issue. On my pentium 3 800mhz. running windows ME.

But its faster than 20 seconds.

The reason the disk isn't grinding is because windows has cached some of the shared libraries and executable code in RAM, so the next time you run FF (assuming you haven't rebooted) it loads faster.
The "pause" experienced, however, is probably FF going through all the page faults needed to see what tiny little bit of something got kicked out of RAM (swapped out or otherwise) and reloading it. So the HDD is probably working, loading a few memory pages (1 - 4 KB depending on OS) but its such a small, random, unsustained, workload that the HDD light doesn't even come on.
Or it could be some of your extensions.

IEx (x = 4 through 7), on the other hand, has all of its shared libraries already in memory because they're the same ones the windows OS uses. The executable might even be in memory already, which is why it loads so darn fast.


Little Mistakes
By Communism on 7/31/2007 8:22:45 AM , Rating: 3
quote:
Firefox users can download 2.0.0.5 from Mozilla's homepage


obviously this should be 2.0.0.6




Welcome to the Real World Mozilla
By Sahrin on 7/31/07, Rating: -1
RE: Welcome to the Real World Mozilla
By Spoelie on 7/31/2007 9:28:58 AM , Rating: 2
Mozilla has been very proactive in getting fixes out, there hasn't been any serious lead time between a problem getting known and the resulting fix. Most of the security vulnerabilities are also not as severe as what you can get in certain other browsers.


By creathir on 7/31/2007 2:09:19 PM , Rating: 2
No offense, but so has Microsoft.
When a problem is found, it is fixed. This is how software companies work.

- Creathir


RE: Welcome to the Real World Mozilla
By xser on 7/31/2007 9:54:43 AM , Rating: 2
Where did you get the idea that this application has been picked apart ... or are you just trolling?

Without bashing other software makers, this was a reasonably quick response to a security issue. All software is subject to vulnerabilities. The important things are if the coding is done with security in mind, and how reactive and effective the responses are.


RE: Welcome to the Real World Mozilla
By tacoburrito on 7/31/2007 2:17:11 PM , Rating: 2
Mozilla was able to gain popularity by proclaiming itself as the "safe" browser. Well, now we've found out it was the "safe" browser only because no one cared to exploit it because not many people were using it. As it gains in usage, it is now being exploited almost as much as IE. At the end of the day, you have to wonder whether there is such a thing as a safe browser.


By darkfoon on 7/31/2007 4:52:27 PM , Rating: 2
Ok, so what I am going to say here is biased, because my OS doesn't run IE7, and I don't use it.

Certainly firefox security issues that are being discovered. There are more being discovered than those in IE. Here's the key difference: NoScript.
I have it set to block just about everything. Sure, it can make some sites a pain to get working right, but I also know EVERY script that is running on a website, and I can only allow the essential ones (like the code that allows this comment system to work) and block the riffraff (since when did every website have a script from google-analytics and why should I give google this free user information?)

But I digress. Does IE7 have a add-in or feature such as NoScript? Not as far as I know (and I know I could be wrong).

Certainly, I could turn off javaScript, and Java, and Flash, and have a strictly HTML browser, but that would diminish web usability to the point of not even going on the internet. Security is only as useful to end users as it is functionally secure; sitting in a bunker underground gives you lots of security, but you can't do anything, while driving around in an armored car gives you security and allows you to actually do stuff.


By darkpaw on 7/31/2007 4:56:55 PM , Rating: 2
And maybe someday Mac fanatics will realize theres no such thing as a safe OS either. Probably not until they get seriously hurt a few times though. I know so many Mac users that think they don't need any security because they are running OS-X. The only thing thats been saving them so far is no one cared enough to bother exploit Macs, the more sheep they get in the pen the more and more exploits will be written.

Personally I used Firefox and IE, although I probably use FF more for spell-check, noscript, and adblock.


By wallijonn on 7/31/2007 5:39:45 PM , Rating: 2
quote:
you have to wonder whether there is such a thing as a safe browser.


But what if most of the problems in the future are because of Sun Java?

I use IE7, FF and Opera.


By Oregonian2 on 7/31/2007 8:39:38 PM , Rating: 2
quote:
Mozilla was able to gain popularity by proclaiming itself as the "safe" browser.


Strawman I think. I recall no assertion of that kind coming from Mozilla.


By Zurtex on 7/31/2007 11:08:07 AM , Rating: 2
What do you think they ought to do better? I think we have to accept a software as complicated as a web browser is going to have security wholes, it's just the nature of software evolution, humans aren't perfect and as of yet they've not been able to write perfect code when it comes to this sort of stuff.

So they could either release a security update as quick as possible after just releasing another security update, or they could stick by a policy they they only release security updates once a month and this one just isn't 'important enough' to break that rule ¬_¬'

I think your also somewhat missing the fact that often Mozilla security updates are very controlled, they are the ones who release security problems themselves a few days after the update. This is because of their very good bug report system, where as with Microsoft when people report a security bug they can get a little frustrated when there's no obvious sign of development on it after a year or so.


RE: Welcome to the Real World Mozilla
By Hoser McMoose on 7/31/2007 1:59:20 PM , Rating: 3
quote:
no one is willing to "wait patiently because it's Open Source/a small dev team" when you have a difficult problem to tackle.

Just as a FWIW, the critical bug in this release was reported July 21st and was fixed today, July 31. 10 days later.

The exact same bug exists in Internet Explorer and was first reported in IE on June the 12th. No date has yet been given for when Microsoft will release a fix.


By KamiXkaze on 8/1/2007 12:59:08 AM , Rating: 2
Eventho I was late on this that is correct they are quite prompt where as microsoft is very lazy.

KxK


"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki