Gnu-Raiz wrote:
Mozilla has already had a fix for it, check your local sites, Firefox 1.04 rc is now out. Some claim it as a RC but I assume they will push this pretty fast.
well it doesn't show up in the auto-notify for updates yet...I agree with the poster that said it should be on the firefox page, not jsut the main page.
Seems to me the vulnerability is overblown. The mozilla site says there is only a proof of concept exploit, they might be down-playing it. But when I have to visit a site with the exploit, I am not too afraid. And supposedly mozilla has changed something on their servers that is supposed to scuddle the exploit. Not sure about the details of that.
http://lwn.net/Articles/135342/ This is an example of how fast Open Source works to fix security problems. Like the article points out, I hope all the news agencies pick it up as fast as they did the orginal problem.
Is a month fast? It only became public a few days ago, but they were notified of it a while ago.
Gnu_Raiz
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 5/10/2005