Geek Tested:

Week of Woes for Firefox Users [Updated]

Posted 11/30/07 at 01:56:42 PM by Mark 'Marcus Soperus' Soper

Firefox 'Burns' Users with a Security Upgrade That Goes Bad

Some types of records shouldn't be broken, but this week, Mozilla appears to be on the verge of breaking its personal best: the shortest time between updates of its Firefox web browser.

What happened? Monday, Mozilla's Firefox 2.0.0.10 update fixed a cross-site scripting threat that used the jar (Java archive) Uniform Resource Locator which, when combined with a bug in Google's Gmail, allowed users to access other users' email address books. Ouch!

Unfortunately, 2.0.0.10 wasn't quite ready for prime time: websites that use the 'Canvas' HTML element to dynamically render bitmaps stopped working, and the FoxSaver and Fotofox extensions also were torpedoed.

Firefox 2.0.0.11 Fixes Bugs, Now Available

Coming, Release Candidate Available Now

Mozilla Firefox version 2.0.0.11 fixes these bugs. To get the final release as fast as possible, check the Firefox download page, as automatic updating may take a day or two once an update is released. Update: Firefox 2.0.0.11 is now available via the Firefox download page. Be sure to check the version number. As of early Friday afternoon, 2.0.0.10 was still the latest version listed. If you don't want to wait for the official release of version 2.0.0.11, you can grab the release candidate from the Mozilla FTP site. Here's the direct link to the US English 32-bit Windows version.

Got Firefox? Got QuickTime? Get (Extra) Security Problems

If that wasn't enough, users of Firefox (and other browsers) that rely on Apple QuickTime 7.3 or earlier as their default multimedia player need to watch out for rogue websites. Symantec reports that an as-yet-unfixed RTSP vulnerability in QuickTime could open users to malicious content, and that Firefox is more vulnerable than Internet Explorer 6, IE7, or Apple's Safari browsers.

Don't Use Firefox? Don't Get Smug

If you use QuickTime, you can get into trouble with any browser, or if you click on a link in an email that directs you to a rogue site. To protect yourself, think before you click!

COMMENTS:7

TAGS:

COMMENTS

oh yeah, kudos to MPC for
Submitted by soggybomb on Fri, 11/30/2007 - 3:59pm

oh yeah, kudos to MPC for staying on top of this

Login or register to post comments

2.0.0.11
Submitted by soggybomb on Fri, 11/30/2007 - 3:56pm

just installed update. extensions work again + bugs fixed. ironic, just after i read this i got the dialog box saying firefox downloaded update.

Login or register to post comments

I rebuff that
Submitted by Shalbatana on Fri, 11/30/2007 - 1:35pm

I rebuff that statement.

Firefox is never more vulnerable, because it's users are generally more aware and in touch with the browser community.

Knowing there is an issue means one can take steps to avoid it until a patch is provided.

Sure it's a theoretical argument, but I believe it's true. When was the last time an IE user said something like, "Hey I know there's an issue with IE and QT so I'll avoid using them together for now."

Login or register to post comments

This IE user.
Submitted by yagisencho on Fri, 11/30/2007 - 3:50pm

Hey, I know there's an issue with browsers and QT, so I'll avoid using them together for now.

There you go.

Smug -1

Login or register to post comments

Good thing
Submitted by popstop785 on Fri, 11/30/2007 - 1:06pm

Good thing I stay away from anything Apple. I never use quicktime. Hate it and I never install it. Good thing too :D

Login or register to post comments

Yeh, no doubt popstop, I
Submitted by Phosphorous on Fri, 11/30/2007 - 1:21pm

Yeh, no doubt popstop, I can't stand quicktime.

Login or register to post comments

Nobody's perfect
Submitted by Talcum X on Fri, 11/30/2007 - 12:46pm

Even tho we love our Firefox, it's still a product of human labor. We all have jumped the gun in our lives, every product has had it's bad days...so, we forgive you Mozilla, just learn from the mistake. :-D

**********
Every morning is the dawn of a new error.

Login or register to post comments