Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Firefox > Firefox updates?

Reply
Thread Tools

Firefox updates?

 
 
Chuck
Guest
Posts: n/a
 
      09-19-2005
I'm keep reading in the trade press about critical updates to firefox
being avaialable but the built in softwre update "check now" button
never finds them. Am I doing something wrong? My current versions of
firefox and thunderbird are...

Firefox 1.0.6
T-Bird 1.0.6

TIA

--
To reply by email remove "_nospam"
 
Reply With Quote
 
 
 
 
Leonidas Jones
Guest
Posts: n/a
 
      09-19-2005
Chuck wrote:
> I'm keep reading in the trade press about critical updates to firefox
> being avaialable but the built in softwre update "check now" button
> never finds them. Am I doing something wrong? My current versions of
> firefox and thunderbird are...
>
> Firefox 1.0.6
> T-Bird 1.0.6
>
> TIA
>


FF 1.0.7 has release candidates out, and should be available soon.

Lee
 
Reply With Quote
 
 
 
 
John Thompson
Guest
Posts: n/a
 
      09-21-2005
On 2005-09-19, Leonidas Jones <(E-Mail Removed)> wrote:

> FF 1.0.7 has release candidates out, and should be available soon.


Anybody know if 1.0.7 will cover this "Firefox Command Line URL Shell
Command Injection" exploit?

http://secunia.com/advisories/16869/

--

John ((E-Mail Removed))
 
Reply With Quote
 
Leonidas Jones
Guest
Posts: n/a
 
      09-21-2005
John Thompson wrote:
> On 2005-09-19, Leonidas Jones <(E-Mail Removed)> wrote:
>
>> FF 1.0.7 has release candidates out, and should be available soon.

>
> Anybody know if 1.0.7 will cover this "Firefox Command Line URL Shell
> Command Injection" exploit?
>
> http://secunia.com/advisories/16869/
>


That's a new one, maybe one of the reasons why 1.0.7 is being held up.

Lee
 
Reply With Quote
 
John Thompson
Guest
Posts: n/a
 
      09-22-2005
On 2005-09-21, Leonidas Jones <(E-Mail Removed)> wrote:

> John Thompson wrote:
>> On 2005-09-19, Leonidas Jones <(E-Mail Removed)> wrote:
>>
>>> FF 1.0.7 has release candidates out, and should be available soon.

>>
>> Anybody know if 1.0.7 will cover this "Firefox Command Line URL Shell
>> Command Injection" exploit?
>>
>> http://secunia.com/advisories/16869/
>>

>
> That's a new one, maybe one of the reasons why 1.0.7 is being held up.


Actually, according to the 1.0.7 rlease notes, it *DOES* cover this:

Specific changes in Firefox 1.0.7

* Fix for a potential buffer overflow vulnerability when loading a
hostname with all soft-hyphens
* Fix to prevent URLs passed from external programs from being parsed
by the shell (Linux only)
* Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
that uses an "eval" statement
* Fix to restore InstallTrigger.getVersion() for Extension authors
* Other stability and security fixes

(http://www.mozilla.org/products/fire...ses/1.0.7.html)

How's that for response time? Less than 24 hours after the problem was
announced, the fix was available, and not just a work-around either,
apparently.

--

John ((E-Mail Removed))
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can Firefox 1.5 be installed along side Firefox 1.0.6? Zygon Curry Firefox 6 09-14-2005 11:28 AM
Firefox/Linux import bookmarks from Firefox/Windows? Marek Williams Firefox 2 06-11-2005 04:22 PM
Yahoo! Toolbar Beta for Firefox - Not Compatible with Firefox 1.0.2? NA Firefox 6 04-02-2005 06:13 PM
Firefox gamed - Drudge getting around Firefox popup blocker Venger Firefox 10 12-22-2004 04:37 AM
so what does IE or any of the IE shells have over firefox ? (any anti firefox ppl bother looking at recent plugins available?) *ProteanThread* Firefox 12 10-20-2004 08:31 AM



Advertisments