A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two "extremely critical" vulnerabilities.
Mozilla's Firefox 1.0.4, released Wednesday, addresses vulnerabilities that surfaced earlier this week. The update includes several security fixes, as well as a fix to DHTML errors that were encountered on some Web sites, according to a posting on Mozilla's Web site.
The update is designed to address the two flaws, which when combined could allow malicious attackers to engage in cross-site scripting and remote system access. Although the two vulnerabilities could be exploited, there were no known active exploits.
Security monitoring company Secunia had rated the flaws as "extremely critical."
The update means that people can safely install extensions from non-Mozilla sites, whereas before they were at risk because of the vulnerabilities, said Chris Hofmann, director of engineering for Mozilla.
Currently, Mozilla has the update out in 12 languages and anticipates sending it out in another 24 languages in the coming days, Hofmann said.
With its initial release last fall, the open-source browser has demonstrated to analysts that the mature Web browser market dominated by Microsoft's Internet Explorer can be shaken up. Microsoft's IE has begun to see its market share dip slightly--a first in a number of years.
Firefox held 6.8 percent of the domestic market share as of late April, while Microsoft saw its role dip to 88.9 percent, compared with more than 90 percent share last year.
The fast-paced growth of Firefox, however, is beginning to show signs of slowing, according to results released this week by WebSideStory.
Actually multiple exploits were reported to Mozilla on May 2nd, which was 1 week earlier. But they were kept secret while Mozilla was working on a fix. However, one of those exploits got leaked to the public on May 9th, which is the incident we all know about. Only after this "public disclosure" did Mozilla issue a fix in the form of Firefox 1.0.4 two days later.
So technically it was 9 days with 7 days of secrecy.
Earliest Bug Report: May 2 <a class="jive-link-external" href="http://bugzilla.mozilla.org/show_bug.cgi?id=292691" target="_newWindow">http://bugzilla.mozilla.org/show_bug.cgi?id=292691</a>
Leaked Bug Report: May 9 <a class="jive-link-external" href="http://bugzilla.mozilla.org/show_bug.cgi?id=293302" target="_newWindow">http://bugzilla.mozilla.org/show_bug.cgi?id=293302</a>
This is fantastic service! Please put some more extremely critical securiy flaws in your products so we can all be impressed with your fast turn around times.
Still waiting for my update to IE. Using Win2K. Still out in the cold. I guess Mozilla beat them in that race even though MS had a couple of months head start.
Nobody said Firefox was secure. Nobody said Firefox was safe. Nobody is safe, and nobody is secure.
I'm guessing you never saw the word "more" when someone mentioned "more secure". Also, if you can read properly, the correct slogan is "SafER, fastER, bettER"
I can always check it to see if there are updates, but I can never download them. There has been one called "Saferfox" for a while now. Cant download it though.
Maybe its a bandwidth problem? They should make the updates hosted with bittorrent or some P2P system so that updates can actually be downloaded through Firefox.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here and what the next steps are.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Not bad at all!
why?
because i spend my whole life worrying about how safe and secure my browser is
i check up on new updates every day
how fast i get it is a matter of life and death
'cause i won't know what to do if anything happens to my comp
perhaps once in a while i'll get a life
So technically it was 9 days with 7 days of secrecy.
Earliest Bug Report: May 2
<a class="jive-link-external" href="http://bugzilla.mozilla.org/show_bug.cgi?id=292691" target="_newWindow">http://bugzilla.mozilla.org/show_bug.cgi?id=292691</a>
Leaked Bug Report: May 9
<a class="jive-link-external" href="http://bugzilla.mozilla.org/show_bug.cgi?id=293302" target="_newWindow">http://bugzilla.mozilla.org/show_bug.cgi?id=293302</a>
Nobody said Firefox was secure. Nobody said Firefox was safe. Nobody is safe, and nobody is secure.
I'm guessing you never saw the word "more" when someone mentioned "more secure". Also, if you can read properly, the correct slogan is "SafER, fastER, bettER"
Maybe its a bandwidth problem? They should make the updates hosted with bittorrent or some P2P system so that updates can actually be downloaded through Firefox.
<a href="http://www.daniel.prado.name/download-firefox.asp">
My Firefox home page
</a>