Mozilla plugs 10 security holes in Firefox

[gem]

From The Register

Mozilla plugs 10 security holes in Firefox
By Kelly Fiveash Published Thursday 27th March 2008 11:56 GMT
Mozilla coughed its latest Firefox update this week and patched ten flaws – five of which were critical vulnerabilities – in the latest version of its browser.
The firm said it strongly recommended that Firefox fanciers upgrade to version 2.0.0.13 because of the number of security fixes built into the latest update.
Critical flaws that have now been patched in the Internet Explorer rival include a brace of exploits that could crash Firefox or its JavaScript engine and cause an arbitrary code execution.
The update, which applies to Windows, Mac and Linux-based machines, was pushed out automatically by Mozilla earlier this week.
Other vulnerabilities that have now been patched include a privacy issue with SSL client authentication, an HTTP referrer spoofing bug and a fix for a Java socket connection to any local port via LiveConnect.
However, the firm has not built the fixes into the latest version of its mail client Thunderbird, even though it shares five of the flaws. Mozilla’s David Ascher said on his blog last week that patches will not be available for “several weeks”.
In the meantime the firm advised the following: "Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail.
"This is not the default setting, and we strongly discourage users from running JavaScript in mail." ®

[silver]

finally got round to updating firefox - thanks for the reminder Gem

[gem]

You should have the latest version 2.00.13 too.

[silver]

yep

I don't use it that often and the release I was using before was 1.xx

[Worldlife]

The quote from 'The Register' in the first post suggest upgrading to version

2.0.0.13

Checked my system and no upgrades were available and it is shown as Version 3.Ob4

Does this tie in with other peoples version numbers via the "About" drop down menu?


Whoops I have just realised it is a Beta Version!!!!!!!!!!!!!!!!! No problems except one high security site identified Gecko platform and gave alternative preferences but allowed Firefox.

[Memfis]

Checked my system and no upgrades were available and it is shown as Version 3.Ob4

Actually 3.0 Beta 5 has been out for a while now, so you could upgrade.

However Most people would be happy with 2.0.0.13 upgrading to 3.x when it's finished.

[Worldlife]

If I recall correctly I may have had some problems in repair of Firefox and reinstallation was needed. Version 2 of did not proceed install smoothly. The beta version seemed to deal efficiently with the reinstallation and is working well.

[silver]

quite like the spell checking thing,. not that my spelling ever needs correction of corse!

[gem]

Try the US spelling version then!

[The Dynamo]

I have just updated, I have also installed the spell checker which is a necessity for me

[Worldlife]

Wondered if my spell checker was on. Program help had no information on this.

Web help......

Firefox automatically checks the spelling of words that you enter in text boxes containing more than one line. As soon as you finish typing a word, it is checked against the words in the installed dictionary. If the word is not found in the dictionary, it will be underlined in red, as in the following example:

All this was nesssary to find out if the spell chequer had bean installed korrectly

[The Dynamo]

I just checked mine and it worrked perfectly

This was the end result

All this was necessary to find out if the spell chequer had bean installed correctly