"Mozilla developers acted fast to patch a new security vulnerability in Firefox, which slipped its way into the first beta build of Firefox 1.5 and exists in earlier versions as well."

It exists in earlier versions so I would say that it has a little weight.

Since going corporate, Mozilla can't get anything right. Firefox has been trashed since 1.04. Sad.

Goind corporate has nothing to do with this. This flaw has been there since the begining. Number of flaws aside I look at how promptly these flaws are fixed hen they are discovered. So far Mozilla seems to be winning that race. Microsoft has this bad thing at time about waiting til the flaw is exploited before they fix it. While this is not a permanent fix at least Mozilla has done something about it.

They also tell you how to manually disable it. Iguess that for those of us using the beta because the patch is for 1.0.6

Again Mozilla fixes things while Microspud dawdles, IE the decision to cancel update tues.......

Again exploiters didn't abuse the flaw because MS is a bigger target.

Indeed, from what I have seen microsoft has a bad tendancy to wait until the flaw has been exploited before they do anything about em.

Yes, they issued a patch... and if you read the article fully, you'd understand that the patch is really just a configuration change that disables IDN functionality. It doesn't really *fix* anything.

MS patches most flaws promptly(within 2 months), but they leave a few extremely dangerous ones in there for years and years...just because.

Heck, they still haven't fixed one vulnerability back from Windows 3.1 that can render your computer dead unless you dual-boot with linux. I'm just waiting for Vista to be released so I can try it out(on my own computer) and see if they've finally gotten around to correcting it..

2 months isn't very prompt. Although this isn't a permanent fix, it's good that the Mozilla foundation isn't just turning their back on it. They are letting people know what they need to do until they can get a patch out, which I would be willing to bet will be available within a week.

bullcrap

Disabling functionality is a work-around... not a fix. You would be stating the same point if the table was reversed and this were an IE issue.

disabling a functionality simply because there will be a major update to the product that will fix the issue anyways IS a valid way to get around that bug and is STILL faster than MS who sometimes took 6 months and still ended up with simply removing a functionality.

To all you MS fanboys: FF is, compared to MSIE, a brand new product that already posesses more than twice the functionality of IE. Ofcurse there will be quite a few bugs/flaws found at first but thats just because we are all humans. The real difference is the fact that those bugs are discussed and fixed imidiately (48h-1week compared to ~2months)

As I previously stated, on other news items, there is definiately NO software that is 100% secure! Microsoft Internet Explorer has been the major target of most security attacks. Now that Firefox is gaining in popularity, we will see more and more vulnerabilities emerge.

We're only human!

Let me know of a vulnerability in calc.exe.

lol. You know what he/she means. In any complex program that has access to the Internet, there's going to be a vulnerability somewhere. Period.

Not a vulnerability, but a fun bug that existed for YEARS.

http://www.cnn.com/TECH/...uting/9811/05/count.idg/

HAHAHAHAHAHA

Oh man that's funny...

And we shall say that the door has slammed him right in the big red nose.

LOL

Not really--the bug mentioned wasn't a security vulnerability at all, and the Calculator in WinXP doesn't have that bug, because it has been fixed. So, no point was made.

Good job Mozilla. I think most people would rather put up with (mildly) reduced functionality than be exposed to malware.

I know I would.

And the permanent fix will be out soon I'm sure.

Agreed. In fact I think that in SOME cases MS may want to consider this. The problem with MS is that changes in IE can affect the rest of the OS. Take this case as an example. What if there is a company that uses the IDN functionality that the patch disables? This happens more so with MS features, so MS would get too much flak for disabling Remote Registry Service to prevent a security compromise, for example.

That's a good point. It's a tough decision either way for MS.

"The problem with MS is that changes in IE can affect the rest of the OS"

Well that's what they get for integrating the blasted thing so tightly into the OS. All they accomplished by integrating it is making it harder on themselves to fix flaws.

As far as them catching flak for disabling a feature, I don't see what it would hurt. From what I can sssssee they catch more flak than any other company in the industry, what's a little more gonna hurt

... As it says it also applys earlier versions ... so plz read the full article ...
But it is a couple of days since they came with a patch for 1.4 ..

Is this real news? Firefox 1.5 is still in beta, the beta phase is to discover present bugs and to wipe those away. No problems with the report though

It was actually discovered in previous versions of FF and Mozilla released the beta right before the announcement, so it has nothing to do with the beta. However Mozilla was quick to respond and has a temporary patch to help folks out for now, so I can't gripe about that.

As if people are going to notice the little red icon to go manually install the patch.