-=PCTechTalk=- Re: Mozilla Patches Firefox Hole
- From: Keyboard Cowboy <KBCowboy@xxxxxxxxx>
- To: milady <pctechtalk@xxxxxxxxxxxxx>
- Date: Thu, 24 Mar 2005 09:07:19 -0700
Go to:
http://www.mozilla.org/products/firefox/
Look in the upper right hand corner for the "Download".
Regards from
Bob -- the "Keyboard Cowboy",
,,,,,,,,
Ô¿Ô¬
Cincinnati, Ohio
Scottsdale, Arizona
---------------------------------
Thursday, 3/24/2005, @ 9:06:47 AM EST
---------------------------------
Don't worry about temptation--as you grow older, it starts avoiding
you.
===============|:0:|===============
On Thu, 24 Mar 2005 06:39:20 -0800 milady wrote:
| All I see is the announcement of the patch...nothing about
| download. ???? ----- Original Message ----- From: "David F.
| Wooledge" <wooledge001@xxxxxxxx> To: "@freelistts PCTechTalk"
| <pctechtalk@xxxxxxxxxxxxx> Sent: Wednesday, March 23, 2005 10:25
| PM Subject: -=PCTechTalk=- Mozilla Patches Firefox Hole
|
|
| Mozilla Patches Firefox Hole
| Wed Mar 23, 4:00 PM ET
|
| Paul Roberts, IDG News Service
| The Mozilla Foundation issued a patch this week for a previously
| undisclosed hole in its popular Firefox Web browser and is
| encouraging Firefox users to download the software update as
| soon as possible.
|
| ?Symantec: Hackers Turn Attention to Mozilla Browsers?Mozilla
| Ditches Browser Suite?Are Fewer People Switching to
| Firefox??Mozilla Warns of Firefox Security Holes?Poll: Safari's
| Popularity Scorched By Firefox
|
| More Than Mail
| How to master the popular information manager. Plus, great
| Outlook alternatives, and apps to expand the program.
|
| The nonprofit organization released Firefox 1.0.2 (available as
| a free download) to fix a buffer overflow vulnerability in a
| Firefox feature for processing GIF image files. The patch is the
| second security patch issued in less than a month, but the
| foundation reassured users that the browser's open source
| platform is secure, and says it does not know of any active
| exploits for the hole.
|
|
| The GIF processing hole was discovered by Internet Security
| Systems (ISS) and makes Firefox users who are running earlier
| versions of the browser vulnerable to buffer overflow attack,
| according to a statement released by the Mozilla Foundation.
|
|
| ISS discovered the hole in a review of the Firefox source code,
| which is available on the Internet.
|
|
| In a statement attributed to Chris Hofmann, the foundation's
| director of engineering, the discovery of the hole and release
| of a patch shortly after are evidence that the open source
| software model is safer and more secure than closed-source
| commercial code, because it is "scoured by thousands" of
| contributors, developers and professionals, and "not just the
| company's development team." Cause for Concern?
|
| In February, the Mozilla Foundation released Firefox 1.0.1 to
| fix 17 security vulnerabilities in Firefox, including changes to
| guard against spoofing of Web addresses and the security
| indicator on Web sites. However, the foundation is not planning
| to adopt a regular patch release cycle, which Microsoft uses,
| and will continue to issue updates as they are needed, Hofmann
| says in a statement.
|
|
| Firefox has been gaining in popularity since the first full
| version of the browser was released in November. More than 27
| million copies of Firefox have been downloaded since then,
| pushing Microsoft's Internet Explorer (IE) share of the browser
| market below 90 percent for the first time in years.
|
|
| Firefox installations were 5.7 percent of the U.S. browser
| market as of February 18. IE controlled 89.9 percent, according
| to statistics released by Web tracking company WebSideStory.
|
|
| However, Hofmann denies that Firefox is becoming a more
| attractive candidate for hackers as it gains market share.
|
|
| "There is this idea that market share alone will make you have
| more vulnerabilities. It is not relational at all. Not being in
| the operating system and not supporting Microsoft's proprietary
| Active X are phenomenal advantages to us," he says in a
| statement.
|
|
| --
| <Please delete this line and everything below.>
|
| To unsub or change your email settings:
| //www.freelists.org/webpage/pctechtalk
|
| To access our Archives:
| http://groups.yahoo.com/group/PCTechTalk/messages/
| //www.freelists.org/archives/pctechtalk/
|
| For more info:
| //www.freelists.org/cgi-bin/list?list_id=pctechtalk
|
|
| --
| <Please delete this line and everything below.>
|
| To unsub or change your email settings:
| //www.freelists.org/webpage/pctechtalk
|
| To access our Archives:
| http://groups.yahoo.com/group/PCTechTalk/messages/
| //www.freelists.org/archives/pctechtalk/
|
| For more info:
| //www.freelists.org/cgi-bin/list?list_id=pctechtalk
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
