Mozilla Firefox Vulns
This thread serves as a discussion place for any current security vulnerabilities in Mozilla Firefox. LQ members are encouraged to subscribe to this thread in order to stay informed about the latest Mozilla Firefox security fixes and workarounds. If this is your first time stopping by this thread, get the latest info by jumping to the last page.
|
Thank you, updating right now.
|
Just an update to let everyone know that an exploit for CVE-2006-0295 has been made public.
Quote:
This vulnerability is fixed in firefox 1.5.0.1, so upgrade today!!! |
Foxfire update
Thank You I to will be upgrading very soon
|
I've downloaded the new version, and extracted the tar archive. However, the installation instructions on the site were sparse, to say the least:
Quote:
Entering which firefox points to /usr/bin/firefox, which is a symlink to the old firefox file. Should I just change this to point to the new version, or is there something more clever that I should do? Rob |
I had this same problem when I was trying to update from 1.0.7. I ended up waiting for debian to get a 1.5.0 version. Anyone know about the status of that?
|
Quote:
BTW, i recommend that you use a binary package from your distro instead... Quote:
|
yeah, I'm running testing, and I got 1.5 from unstable. I looked, and it looks like unstable's got 1.5.0.1(if that's the right version), so I'll upgrade from there.
|
Quote:
I then found that, although my bookmarks and cookies had been copied over, my plugins were missing. In the end, after searching for a way of setting these in the browser (and getting nowhere), I simply copied the plugins from the folder in /usr/lib /browser-plugins over to firefox's /plugins sub-folder and it worked. I can't believe it was that easy!!. Thanks, Rob :)(Currently listening to Goodness Gracious Me from the BBC website):) |
Firefox 1.5.0.2 has been released. Aside from the usual stability fixes, there are also several security fixes included.
|
Secunia's put out an advisory already (and it's a big one):
Quote:
|
there's been a non-critical security issue found in 1.5.0.2... even though the issue is non-critical, i figured it's in the thread's best interest to have it posted... here it is:
Quote:
|
Mozilla Firefox 1.5.0.3 has been released. It addresses a denial-of-service vulnerability.
The CVE ID for the bug is:CVE-2006-1993. |
Firefox Exception Handling Full Path Disclosure Weakness (Not Critical)
Quote:
|
The NoScript extension "should" take care of the JS vulnerability, unless it is a trusted site. :)
|
All times are GMT -5. The time now is 12:59 AM. |