Mozilla users urged to upgrade

Source: http://www.zdnetasia.com/news/security/0,39044215,39353282,00.htm

Mozilla users urged to upgrade
By Tom Espiner, ZDNet UK
Thursday , April 20 2006 09:43 AM

Users have been urged to upgrade to the latest versions of Mozilla’s software to protect themselves from a series of critical security holes.

The U.S. Computer Emergency Readiness Team warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.

The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.

According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as “highly critical.”

U.S.-CERT advises people who use Mozilla’s e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). U.S.-CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.

Firefox has traditionally been seen as being more secure than other Web browsers such as Microsoft’s Internet Explorer. This is thought to be the first time that multiple vulnerabilities have been reported in Firefox and the Mozilla suite.

Secunia warned that hackers could exploit the security holes to gain control of computer systems, conduct phishing attacks and bypass security restrictions.

One error that occurs in Firefox would allow arbitrary JavaScript code to be injected into Web pages as they load.

The vulnerabilities were discovered by Mozilla researchers, including Bernd Mielke, Alden D’Souza and Martijn Wargers, as well as by 3Com researchers working on the TippingPoint Zero Day Initiative.

This initiative encourages “responsible disclosure of vulnerabilities” to vendors, to give them time to put out patches before holes are disclosed to the public. TippingPoint started to disclose the holes to Mozilla from December last year.

By default, anyone using Firefox would’ve been upgraded by now, as it automatically updates itself in the background, a restart of the app completes the upgrade.

Well, ur right that it automatically UPDATES firefox but it doesn’t automatically UPGRADE it. You still have to download it and install it manually.

So you’re saying I have a rogue version that does this upgrade automatically? Wow, I’m honored to have a mutated Firefox.

Well, ur right that it automatically UPDATES firefox but it doesn’t automatically UPGRADE it. You still have to download it and install it manually.[/quote]

Just yesterday I finally decided to forget about waiting for the check-for-update feature (Help > Check for updates…) which just sits there constantly with no actions (note: not the update feature of Extentions) after trying it everyday since the new version was released. I suspect maybe because I installed too many extentions or toolbars which might be prohibiting the auto update of the browser. All I did was download the latest version (v1.5.0.2) manually, install it over the old version, and it everything works. So if your firefox managed to auto-update by itself, that’s great - stick with it forever. But if it doesn’t update/upgrade itself automatically, don’t give up. Just don’t give-in to the ‘dark side’ (e.g. Internet Explorer) :smiley:

[quote=“ian”]So you’re saying I have a rogue version that does this upgrade automatically? Wow, I’m honored to have a mutated Firefox.

Well, ur right that it automatically UPDATES firefox but it doesn’t automatically UPGRADE it. You still have to download it and install it manually.[/quote][/quote]
ur right, my bad…

In my defense, I was using v1.0.7 which didn’t support the feature yet…and you said “anyone using Firefox”…just upgraded to v1.5 and yeah, ian, ur right…

thx for the heads up!

for every1’s info, v1.5 and above can automatically update the app itself, past versions will just notify the user…(correct me again if im wrong, lol)

Apparently you’re correct - the version that does auto updating is 1.5. Mine was 1.5, and updating to .02 was a breeze (took no more than a few seconds.)

Anyway, everyone should be constantly updating and upgrading their software for security fixes to keep ahead of exploits.

Amen to that!

…but I feel an urge to go to the dark side (IE) becoz of their v7…sigh

NOOOOOOOOOOOOOOOO!!!

Hyperactive - this is off topic but thought you’d like to know this. I took a look into your web page and you mentioned that the site looks weird in Firefox and OK in IE.

You would be interested to know that your site works fine in Safari (Mac). The point is that Safari and Firefox work on almost the same web standards and are very compatible with each other, so there must be some deliberate crippling going on by MS when it detects Firefox users.

Thx! …to avoid goin off topic, i PMed u…