Stream of Firefox security bugs
p2pnet.net news:- Firefox 2.0.0.2 and Firefox 1.5.0.10, slated for release last Wednesday, were delayed so a series of bugs could be patched, says PC Advisor.
The new version was “pushed out” although two flaws “forwarded to Mozilla developers” by Polish researcher Michal Zelewski, “didn’t make it into the new updates,” says the story, going on:
“Firefox is susceptible to a seemingly pretty nasty, and apparently easily exploitable, memory corruption vulnerability,” wrote Zelewski in the Bugzilla database.
Window Snyder (right), chief security officer at open source browser maker Mozilla, “is caught in the crosshairs of the raging browser vulnerability battle,” says TechWorld, going on:
“On one hand, her company launched an upgrade to its Firefox browser on Feb. 23 that specifically aims to fix a number of flaws that have been discovered in the program.”
But on the other, “she’s dealing with almost daily reports of newly identified vulnerabilities in Firefox disclosed by a researcher [Zelewski] who makes his work public before informing Mozilla of the problems”.
Snyder said she’d prefer it if Zelewski and other researchers would tell Mozilla about vulnerabilities before making them public, but, “she said the company relies on such experts to help it keep customers protected from attacks, as painful as the reports may be.
“We would prefer that he would notify us first, but more importantly we are glad researchers are looking at Firefox and helping us fix problems,” TechWorld has her saying. “We also see where the researchers are coming from, in terms of their frustration with the amount of time vendors are taking to fix vulnerabilities.”
Meanwhile, Mozilla will stop issuing security and stability updates to Firefox 1.5.0.10 after April 24.
Also See:
PC Advisor – Critical Firefox fix misses several flaws, February 26, 2007
TechWorld – Browser vulnerabilities and attacks will mount, February 26, 2007
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at thIs the end (of the Net) nigh?zze University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!
