Week of Woes for Firefox Users [Updated]

Week of Woes for Firefox Users [Updated]

Posted 11/30/2007 at 12:56pm | by

Firefox 'Burns' Users with a Security Upgrade That Goes Bad

Some types of records shouldn't be broken, but this week, Mozilla appears to be on the verge of breaking its personal best: the shortest time between updates of its Firefox web browser.

What happened? Monday, Mozilla's Firefox 2.0.0.10 update fixed a cross-site scripting threat that used the jar (Java archive) Uniform Resource Locator which, when combined with a bug in Google's Gmail, allowed users to access other users' email address books. Ouch!

Unfortunately, 2.0.0.10 wasn't quite ready for prime time: websites that use the 'Canvas' HTML element to dynamically render bitmaps stopped working, and the FoxSaver and Fotofox extensions also were torpedoed.

Firefox 2.0.0.11 Fixes Bugs, Now Available

Coming, Release Candidate Available Now

Mozilla Firefox version 2.0.0.11 fixes these bugs. To get the final release as fast as possible, check the Firefox download page, as automatic updating may take a day or two once an update is released. Update: Firefox 2.0.0.11 is now available via the Firefox download page. Be sure to check the version number. As of early Friday afternoon, 2.0.0.10 was still the latest version listed. If you don't want to wait for the official release of version 2.0.0.11, you can grab the release candidate from the Mozilla FTP site. Here's the direct link to the US English 32-bit Windows version.

Got Firefox? Got QuickTime? Get (Extra) Security Problems

If that wasn't enough, users of Firefox (and other browsers) that rely on Apple QuickTime 7.3 or earlier as their default multimedia player need to watch out for rogue websites. Symantec reports that an as-yet-unfixed RTSP vulnerability in QuickTime could open users to malicious content, and that Firefox is more vulnerable than Internet Explorer 6, IE7, or Apple's Safari browsers.

Don't Use Firefox? Don't Get Smug

If you use QuickTime, you can get into trouble with any browser, or if you click on a link in an email that directs you to a rogue site. To protect yourself, think before you click!

Tags:
More like this
7

Comments

Comments are closed on this article

avatar

soggybomb

November 30, 2007 at 4:59pm

oh yeah, kudos to MPC for staying on top of this

avatar

soggybomb

November 30, 2007 at 4:56pm

just installed update. extensions work again + bugs fixed. ironic, just after i read this i got the dialog box saying firefox downloaded update.

avatar

Shalbatana

November 30, 2007 at 2:35pm

I rebuff that statement.

Firefox is never more vulnerable, because it's users are generally more aware and in touch with the browser community.

Knowing there is an issue means one can take steps to avoid it until a patch is provided.

Sure it's a theoretical argument, but I believe it's true. When was the last time an IE user said something like, "Hey I know there's an issue with IE and QT so I'll avoid using them together for now."

avatar

yagisencho

November 30, 2007 at 4:50pm

Hey, I know there's an issue with browsers and QT, so I'll avoid using them together for now.

There you go.

Smug -1

avatar

popstop785

November 30, 2007 at 2:06pm

Good thing I stay away from anything Apple. I never use quicktime. Hate it and I never install it. Good thing too :D

avatar

Phosphorous

November 30, 2007 at 2:21pm

Yeh, no doubt popstop, I can't stand quicktime.

avatar

Talcum X

November 30, 2007 at 1:46pm

Even tho we love our Firefox, it's still a product of human labor. We all have jumped the gun in our lives, every product has had it's bad days...so, we forgive you Mozilla, just learn from the mistake. :-D

**********
Every morning is the dawn of a new error.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.
Don't have an account? Join Now.