Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release - Slashdot

Slashdot

Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release 140

Posted by Soulskill on Saturday March 20 2010, @12:05PM
from the sooner-than-later dept.

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."

This discussion has been archived. No new comments can be posted.

Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release

Search 140 Comments Log In/Create an Account

Comments Filter:

Re:What kept them? (Score:1, Insightful)

by abhishekupadhya (1228010) writes: <`abhishek.upadhya' `at' `gmail.com'> on Saturday March 20 2010, @12:16PM (#31549922)

Also if this was IE, browser fanboys would take the flamebait oh-so-quickly. Every browser has its own issues. Deal with it.

Parent Share
twitter facebook
So this just shows, that you can't relax. (Score:2, Insightful)

by Securityemo (1407943) writes: on Saturday March 20 2010, @12:23PM (#31549954) Journal

Just because you run Firefox, you can't relax about malware attacks. Not on Windows anyway. Imagine how quickly an exploit of this type could be integrated into a malware kit, already running on countless compromised sites? No one can relax about buffer/stack smashing, dangling pointers, etc..., until there's a bulletproof safeguard against them built into the OS/processor architecture.

Share
twitter facebook
Someone enlighten me (Score:4, Insightful)

by mrsteveman1 (1010381) writes: on Saturday March 20 2010, @12:36PM (#31550036) Homepage

Why are companies so unwilling to micro-patch their software? If Mozilla has a fix NOW, why are they waiting another ~2 weeks to push it out with the next minor upgrade? Just to avoid making users upgrade too often?

Share
twitter facebook
Re:OMFG (Score:5, Insightful)

by wizardforce (1005805) writes: on Saturday March 20 2010, @12:58PM (#31550186) Journal

Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/ [secunia.com]. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response.
Secunia: omfg Firefox has a vulnerability!!!
Mozilla: ok so what are the specifics?
Secunia: ...
Mozilla: Hello?
Secunia: ...
Mozilla: Anyone?
Secunia a few days ago: Right then... here are the details...
Mozilla: *patched beta*

Parent Share
twitter facebook
Re:What kept them? (Score:3, Insightful)

by thetoadwarrior (1268702) writes: on Saturday March 20 2010, @01:31PM (#31550426) Homepage

If it's patched on March 30 then that's just over a month since it was revealed. That's not too bad and better than Microsoft's record as a whole.

No one claims Firefox is perfect (or any browser for that matter) but IE gets more grief because it most certainly has more problems than the rest. If it weren't for competition as well we'd probably still be stuck on IE6 too since MS was quite happy to stop updating IE when they thought they had the market cornered.

So no need to get defensive about an awful browser like IE.

Parent Share
twitter facebook
Re:OMFG (Score:3, Insightful)

by recoiledsnake (879048) writes: on Saturday March 20 2010, @02:08PM (#31550730)

Maybe it was more like this:
Secunia: omfg Firefox has a vulnerability!!!
Mozilla: ok so what are the specifics?
Secunia: ... (puts it on black hat exploit auctions)
Mozilla: Hello?
Secunia: ... (sells it to the highest bidders)
Mozilla: Anyone?
Secunia a few days ago: Right then... here are the details... (Milked it enough)
Mozilla: *patched beta*

Parent Share
twitter facebook
Re:Someone enlighten me (Score:3, Insightful)

by The MAZZTer (911996) writes: <megazzt@gmail.cTIGERom minus cat> on Saturday March 20 2010, @02:12PM (#31550766) Homepage

Because the fix could break other things, or even not actually fix anything or fix the security vulnerability completely, or even cause a different security vulnerability (possibly worse).
Testing is important, especially when you want to attract users, not drive them away. Unstable software will do that.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

995 commentsZimmerman Charged With 2nd-Degree Murder
910 commentsIn Nothing We Trust
811 commentsTSA's mm-Wave Body Scanner Breaks Diabetic Teen's $10K Insulin Pump
743 comments$60 Light Bulb Debuts On Earth Day
734 commentsWindows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!