Audio & Video
Business Center
Cameras
Cell Phones & PDAs
Desktop PCs
Gadgets
Gaming
HDTV
Laptops
Macs & iPods
Monitors
Printers
Software
Spyware & Security
Storage
Upgrading
Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Products
Most Popular Downloads
Friday, April 15, 2005 6:18 PM PT Posted by Harry McCracken
Attention Firefox Users: New Security Fix
Firefox is a great way to opt out of many of the hassles of dealing with the leaky boat of a browser known as Internet Explorer. But it's not impervious to hackers itself. Matter of fact, version 1.0.3 was relased today to take care of a reported JavaScript vulnerability. (There's a Mozilla update, too.)Here's a Q&A from the Mozilla Foundation, which I'm posting here because I don't see it on the Mozilla.org site just now:
Firefox 1.0.3 and Mozilla 1.7.7 Executive Q&A
Chris Hofmann, Director of Engineering, Mozilla Foundation
Q: Explain what is included in Firefox 1.0.3 and Mozilla 1.7.7 and what prompted these releases?
A: Firefox 1.0.3 and Mozilla 1.7.7 are security patch releases to resolve the recently reported JavaScript engine memory heap vulnerability. We also included fixes for other vulnerabilities that have been identified to us through our bug bounty program, and fixes to improve the update process. To our knowledge, none of these vulnerabilities have been exploited.
The Mozilla Foundation is deeply committed to providing a safe and secure Internet experience. The Foundation takes security very seriously and is releasing Firefox 1.0.3 and Mozilla 1.7.7 to ensure that we continue to provide users the experience they have come to trust.
Q: Have there been any known exploits of the bugs patched in Firefox 1.0.3?
A: No, there have been no known exploits of the bugs patched in Firefox 1.0.3 and Mozilla 1.7.7. Our dedicated security community is constantly reviewing the software to uncover and patch potential vulnerabilities, and we work toward getting these updates to our users as quickly as possible.
Q: How often will you release updates?
A: We release security updates as they are warranted, not on a fixed schedule. Because of our strong community of developers, we're able to respond extremely quickly, as evidenced by Firefox 1.0.2 and 1.0.3.
Q: Should everyone download the update, and if so, how?
A: Yes, we encourage all our 45+ million users to download the update. The update is available at www.mozilla.org. Users can install over previous versions of Firefox.
Q: With the growth in Firefox market share, are you becoming a bigger target for hackers?
A: We haven't seen any evidence that shows Firefox being targeted because of its popularity. We're staying ahead of the game by fixing vulnerabilities, not waiting until they become a problem for our users.
Our goal is to continually improve the Internet experience for our users, including resolving security vulnerabilities, in addition to regularly improving Firefox's usability and features, such as the recent beta Pop-up ad blocker extension.
Q: Traditional software companies take much longer to issue updates, how are you able to turn them around so quickly?
A: Our ability to turn around security updates for Firefox is directly attributable to the open source platform. It's a bit counter-intuitive, but fixing the problem in Mozilla browsers is often easier than finding it in the first place. The Mozilla Foundation has hundreds of contributors that are involved in creating and distributing these security updates. Like the Mozilla Foundation, these contributors are passionate about producing the safest and most secure software available.
Archives
View posts from:
PC World's Marketplace
PC World's Free Whitepapers
QUICK LINKS:
cheap laptops
cell phones
laser printers
HDTV reviews
LCD TV Plasmas
digital cameras
laptop reviews
security antivirus
windows vista reviews
digital camera reviews
inexpensive desktop
LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
tech news tech blogs community & forums laptop prices software reviews downloads
Interesting to see the comment that "Users can install over previous versions of Firefox."
Buried in the 1.0.3 release notes, in known issues, is this advice:
"Prior to installing Firefox 1.0.3, please ensure that the directory you've chosen to install into is clean and doesn't contain any previous Firefox installations."
So which is it?
I was able to install Firefox 1.0.3 in the folder the old one was in, without removing anything.
See if you can.
I've just downloaded Firefox 1.0.3 and now when I try to get on the net it tells me 'connection was refused'. What's going on?
I've just downloaded Firefox 1.0.3 and now when I try to get on the net it tells me 'connection was refused'. yet I'm still able to connect using Internet Explorer. What's going on?
I just d/led Firefox and works like it should(over the older version no less) HA!!!
1.0.3 seemed really unstable to me. My extensions were coming and going every time I restarted the browser; toolbars were disappearing, and a couple of times I even lost the main window that shows the web pages.
It was really unreliable, so I went back to 1.0.2 and everything works perfectly again.
I first uninstalled 1.0.2 then installed 1.0.3 in a
different folder. It's great! No problem as of today.
Go Opera beats messing around with
Go Opera beats messing around with
Happy with the 1.0.3 update. It kept all of my extensions, preferences and themes when installed over 1.0.2. Only thing I'm still grumbling about is the lo-o-o-ng startup time.
I have firefox 1.01 It wont let me install upgrades it says it was sucessful but you cant get on the internet it does nothing so i have to goback to 1.01 how do i update or remove from my computer add and remove wont do it?
Well, I updated from 1.0.2 to 1.0.3 and it went well! I uninstalled 1.0.2 and then installed 1.0.3, and everything went fine, all my extensions, themes, plugins, and bookmarks are maintaned. No problem at all! Now I feel more secure!
I am running a Mozilla called Turbo Mozilla. This became Turbo when Direcway High Speed Satellite engineers modified Mozilla 1.4. Do any of the upgrades available patch this version?
I'm with Neville. Do we uninstall a previous version before updating the browser? Does the same apply for a Thunderbird update too?
I updated both Thunderbird and Firefox yesterday, without uninstalling the old versions. No problems whatsoever!
For those who are getting the "connection refused" error you may have to look into your firewall settings and see if it has blocked firefox without asking you.
For Norton Firewall open it up then go to configure then the 'programs' tab and scroll down until you see firefox. See if it is blocked off and fix it from there.
Let me know if this helped.
no you fag it has nothing to do with a firewall