[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Security of Firefox (was Re: VDQ : Firefox, Fedora -- and yum?)



On Fri, 20 Jan 2006 11:19:59 +0000, Paul Howarth wrote:

> Beartooth wrote:
>> On Thu, 19 Jan 2006 18:37:44 +0000, Paul Howarth wrote:
>> 
>> 
>>>Beartooth wrote:
>> 
>> Gee, and I'd've sworn I saw some ballyhoo weeks and weeks ago to the
>> effect that 1.5 was a big security fix. Worse, I *thought* what I read
>> said it wasn't for once just another MS problem, but something *in*
>> Firefox. Maybe I better go on avoiding it a while yet. What I have is
>> 1.0.7. Thanks!
[....] 
> If there is a real security issue with firefox 1.0.x (I don't know if
> there is or not), I'd expect an FC4 update that either:
> 
> (a) updated to a later version that fixed the problem, or (b) included a
> backported fix in the existing version
> 
> The choice between the two largely depends on what the impact of a
> significant version upgrade would be on users/other applications that
> depend on the package. If there are significant plugin incompatibilities
> between firefox 1.0.x and 1.5.x then I'd expect the second option to be
> chosen if possible.

I've since gotten a CERT alert, available at

http://www.us-cert.gov/cas/techalerts/TA04-261A.html

and it still reads, to me, as if the problem is in (mozilla and) firefox,
*not* in M$. Am I missing something, or is this infelicitous wording in
the alert, or what? yum update firefox still doesn't get 1.5 -- i.e., 1.5
seems not to be on the repos ....

-- 
Beartooth Oldfart, Neo-Redneck, Linux Convert
FC4; Pine 4.64, Pan 0.14.2.91; Privoxy 3.0.3; 
Dillo 0.8.5, Opera 8.51, Firefox 1.0.7, Epiphany 1.6.5
Remember I have little idea what I am talking about.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]