Security of Firefox (was Re: VDQ : Firefox, Fedora -- and yum?)
William Hooper
whooperhsd3 at earthlink.net
Fri Feb 10 03:06:09 UTC 2006
beartooth wrote:
> On Fri, 20 Jan 2006 11:19:59 +0000, Paul Howarth wrote:
>
>
>> Beartooth wrote:
>>
>>> On Thu, 19 Jan 2006 18:37:44 +0000, Paul Howarth wrote:
>>>
>>>
>>>
>>>> Beartooth wrote:
>>>>
>>>
>>> Gee, and I'd've sworn I saw some ballyhoo weeks and weeks ago to the
>>> effect that 1.5 was a big security fix. Worse, I *thought* what I read
>>> said it wasn't for once just another MS problem, but something *in*
>>> Firefox. Maybe I better go on avoiding it a while yet. What I have is
>>> 1.0.7. Thanks!
>>>
> [....]
>
>> If there is a real security issue with firefox 1.0.x (I don't know if
>> there is or not), I'd expect an FC4 update that either:
>>
>> (a) updated to a later version that fixed the problem, or (b) included
>> a backported fix in the existing version
>>
>> The choice between the two largely depends on what the impact of a
>> significant version upgrade would be on users/other applications that
>> depend on the package. If there are significant plugin
>> incompatibilities between firefox 1.0.x and 1.5.x then I'd expect the
>> second option to be chosen if possible.
>
> I've since gotten a CERT alert, available at
>
>
> http://www.us-cert.gov/cas/techalerts/TA04-261A.html
Are you sure you have the correct link? That link is for vulnerbilities
that existed in the Pre-1.0 Firefox. They are definitely fixed in 1.0.7.
--
William Hooper
More information about the fedora-list
mailing list