markwolfe Veteran Posted September 15, 2004 Veteran Share Posted September 15, 2004 The Mozilla Project has issued a warning for a series of "highly critical" security holes in three of its core projects, including its flagship Firefox Web browser and the Thunderbird e-mail client. See this article for details: http://www.internetnews.com/dev-news/article.php/3408301 Link to comment Share on other sites More sharing options...
lhommefm Posted September 15, 2004 Share Posted September 15, 2004 The article doesn't make clear what are the recommended versions to get for the standard user. Highest version of Thunderbird is still 0.8? Link to comment Share on other sites More sharing options...
Ben Posted September 15, 2004 Share Posted September 15, 2004 I am still using 0.9.3 - should I now get the latest 1.0PR or is there a 0.9.4 out with this patch? I couldn't see any advice on the mozilla.org site Link to comment Share on other sites More sharing options...
insanekiwi Posted September 15, 2004 Share Posted September 15, 2004 oh well, what's secure nowadays :rofl: Link to comment Share on other sites More sharing options...
markwolfe Veteran Posted September 15, 2004 Author Veteran Share Posted September 15, 2004 I noticed that.... :unsure: If the bugs reported in the article above are relating to the announcement on Mozilla.org's security page, in this press release, then any current PreRelease download should have it. Although it is not very clear. I would think that they would make it 1.0aPR or 1.0-1PR or some other designation to show that is includes the fixes which are apparently already released. Anyone else have insight into this? Link to comment Share on other sites More sharing options...
adinu79 Posted September 15, 2004 Share Posted September 15, 2004 An advisory released by Secunia warned that the flaws carry a "highly critical" rating and affects all versions of the software prior to Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8. That means that current versions of the software are clean. Or at least that's what it looks like to me Link to comment Share on other sites More sharing options...
markwolfe Veteran Posted September 15, 2004 Author Veteran Share Posted September 15, 2004 I found out more on this... The bug fixes accompany the release of the Firefox 1.0 preview release (PR), a nearly-finished version of the project's next-generation browser. http://www.infoworld.com/article/04/09/15/...llaflaws_1.htmland The holes affect versions prior to Mozilla 1.7.3, Firefox 1.0PR, and Thunderbird 0.8. http://www.theinquirer.net/?article=18460So, it seems that .9x is safe, as is 1.0PR Looks like the first article was a bit sensationalist. These were likely bugs in their daily builds, but not in the released versions.... Link to comment Share on other sites More sharing options...
McGazza Posted September 15, 2004 Share Posted September 15, 2004 I am still using 0.9.3 - should I now get the latest 1.0PR or is there a 0.9.4 out with this patch? I couldn't see any advice on the mozilla.org site Yeah im wondering the same! :blink: Edit: Yeh sorry I cant read silly me :angry: Thanks for the info mark. Link to comment Share on other sites More sharing options...
adinu79 Posted September 15, 2004 Share Posted September 15, 2004 There is no 0.9.4. Just switch to 1.0PR and you'll be fine. Link to comment Share on other sites More sharing options...
ad345zAdZ0d9_ Posted September 15, 2004 Share Posted September 15, 2004 (edited) <snip> No need for this here. Edited September 15, 2004 by Chad Link to comment Share on other sites More sharing options...
Pink Floyd Veteran Posted September 15, 2004 Veteran Share Posted September 15, 2004 oh well, what's secure nowadays :rofl: hehe indeed I think im going to stop breathing this is not "secure", I could get lung cancer @McGazza?: you should resize your signature Link to comment Share on other sites More sharing options...
BTallack Posted September 15, 2004 Share Posted September 15, 2004 (edited) Strangely, I was thinking the exact same thing. Now on topic, Looks like this vulnerability applies to very few people. But who knows, maybe someone will exploit it. Link to comment Share on other sites More sharing options...
ChkNpIMP Posted September 17, 2004 Share Posted September 17, 2004 For those of you running Firefox ... Check out the WinTel optimized builds for specific CPU instruction sets... http://www.moox.ws/tech/mozilla/ They are TREMENDOUSLY faster than the builds released by Mozilla Per Moox's website: Optimized Firefox & Thunderbird BuildsI build optimized builds of both the Firefox browser and the Thunderbird email client. My builds are designed for maximum speed and stability and I use both the BRANCH/AVIARY and TRUNK source trees. For the uninitiated, BRANCH builds are more stable than TRUNK builds, which are made from the absolute bleeding edge of the source code. For a complete description of the differences, please see this thread at Mozillazine. I also make milestone and release builds, as well as custom builds upon email request. Occasionally I will also do Firefox builds with SVG enabled. Additional information on SVG can be found at Mozilla and Croczilla. I am currently releaseing three versions, or "M" builds - M1, M2, and M3. Each M version is designed for compatibility wirh particular processors and/or instruction sets. Official thread on mozillaZine: http://forums.mozillazine.org/viewtopic.php?t=75503 :yes: Link to comment Share on other sites More sharing options...
figgy Posted September 17, 2004 Share Posted September 17, 2004 Thanks for the update. Upgrading now. Link to comment Share on other sites More sharing options...
hornett Posted September 17, 2004 Share Posted September 17, 2004 For those of you running Firefox ...Check out the WinTel optimized builds for specific CPU instruction sets... http://www.moox.ws/tech/mozilla/ They are TREMENDOUSLY faster than the builds released by Mozilla Yep, or better still use bangbang's one. https://www.neowin.net/forum/index.php?showtopic=191297 You will need a processor that supports SSE2 though. On topic: It seems like they announced the bug after it had been fixed. If this is so, I think that's a very good idea. Link to comment Share on other sites More sharing options...
Recommended Posts