Firefox updates?

Discussion in 'Firefox' started by Chuck, Sep 19, 2005.

  1. Chuck

    Chuck Guest

    I'm keep reading in the trade press about critical updates to firefox
    being avaialable but the built in softwre update "check now" button
    never finds them. Am I doing something wrong? My current versions of
    firefox and thunderbird are...

    Firefox 1.0.6
    T-Bird 1.0.6

    TIA

    --
    To reply by email remove "_nospam"
     
    Chuck, Sep 19, 2005
    #1
    1. Advertising

  2. Chuck wrote:
    > I'm keep reading in the trade press about critical updates to firefox
    > being avaialable but the built in softwre update "check now" button
    > never finds them. Am I doing something wrong? My current versions of
    > firefox and thunderbird are...
    >
    > Firefox 1.0.6
    > T-Bird 1.0.6
    >
    > TIA
    >


    FF 1.0.7 has release candidates out, and should be available soon.

    Lee
     
    Leonidas Jones, Sep 19, 2005
    #2
    1. Advertising

  3. On 2005-09-19, Leonidas Jones <> wrote:

    > FF 1.0.7 has release candidates out, and should be available soon.


    Anybody know if 1.0.7 will cover this "Firefox Command Line URL Shell
    Command Injection" exploit?

    http://secunia.com/advisories/16869/

    --

    John ()
     
    John Thompson, Sep 21, 2005
    #3
  4. John Thompson wrote:
    > On 2005-09-19, Leonidas Jones <> wrote:
    >
    >> FF 1.0.7 has release candidates out, and should be available soon.

    >
    > Anybody know if 1.0.7 will cover this "Firefox Command Line URL Shell
    > Command Injection" exploit?
    >
    > http://secunia.com/advisories/16869/
    >


    That's a new one, maybe one of the reasons why 1.0.7 is being held up.

    Lee
     
    Leonidas Jones, Sep 21, 2005
    #4
  5. On 2005-09-21, Leonidas Jones <> wrote:

    > John Thompson wrote:
    >> On 2005-09-19, Leonidas Jones <> wrote:
    >>
    >>> FF 1.0.7 has release candidates out, and should be available soon.

    >>
    >> Anybody know if 1.0.7 will cover this "Firefox Command Line URL Shell
    >> Command Injection" exploit?
    >>
    >> http://secunia.com/advisories/16869/
    >>

    >
    > That's a new one, maybe one of the reasons why 1.0.7 is being held up.


    Actually, according to the 1.0.7 rlease notes, it *DOES* cover this:

    Specific changes in Firefox 1.0.7

    * Fix for a potential buffer overflow vulnerability when loading a
    hostname with all soft-hyphens
    * Fix to prevent URLs passed from external programs from being parsed
    by the shell (Linux only)
    * Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script
    that uses an "eval" statement
    * Fix to restore InstallTrigger.getVersion() for Extension authors
    * Other stability and security fixes

    (http://www.mozilla.org/products/firefox/releases/1.0.7.html)

    How's that for response time? Less than 24 hours after the problem was
    announced, the fix was available, and not just a work-around either,
    apparently.

    --

    John ()
     
    John Thompson, Sep 22, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    563
  2. Larry Spitz

    Firefox updates (not)

    Larry Spitz, Apr 22, 2006, in forum: Firefox
    Replies:
    1
    Views:
    530
  3. Keith Lee

    Updates for Firefox and Thunderbird

    Keith Lee, Apr 24, 2006, in forum: Firefox
    Replies:
    8
    Views:
    553
    RaMRod
    Apr 27, 2006
  4. Old Gringo

    FireFox & Thunderbird updates available

    Old Gringo, Jul 14, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    423
    nevillenevillesonsnr
    Jul 14, 2005
  5. =?Utf-8?B?d2xzNTA4?=

    checking "Show Updates" doesn't reveal any Windows XP updates

    =?Utf-8?B?d2xzNTA4?=, May 24, 2006, in forum: Windows 64bit
    Replies:
    5
    Views:
    714
    Martin S.
    May 26, 2006
Loading...

Share This Page