yes, the vulnerabilities exist and the new candidate builds have been released:
http://weblogs.mozillazine.org/asa/archives/008121.html
-----Original Message-----
From: [KS] [mailto:lists04@fastmail.fm]
Sent: Tue 5/10/2005 5:47 PM
To: debian-user@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: OT Firefox security leak: bogus or genuine?
Jonathan Kaye wrote:
> The BBC website is now carrying a story about an alleged security
> vulnerability of Firefox.
> http://news.bbc.co.uk/1/hi/technology/4532127.stm
> I checked on the "From other news sites" section of the article for
> possible sources and found this.
> http://software.silicon.com/security/0,39024655,39130254,00.htm
> I sound want to sound overly suspicious but the silicon article is
> straddled by a big advert for Windows XP SP2. The article also says,
> "Mozilla has changed its update web service and advises people to
> temporarily disable _javascript_.".
> I've just has a look around the Mozilla Firefox site and can't find
> anything about it; not even in the firefox forums where you'd expect it
> to feature prominently.
> Has anyone heard anything about this?
> Cheers,
> Jonathan
Here is the official security advisory link from mozilla.org
http://www.mozilla.org/security/announce/mfsa2005-42.html
You should be fine as long as you haven't added any website to the
whitelist to install software except the official update website.
/KS
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org