Posted over the weekend and rated "critical" by Secunia, there is exploit code available currently supposedly. The Secunia advisory (http://secunia.com/advisories/15292/ ) suggests some workarounds. It doesn't seem to be clear at the moment whether other Mozilla browsers are vulnerable.

http://news.zdnet.com/2100-1009-5700204.html

Mozilla Firefox 1.0.4 Update Available (May 11, 2005) All users should upgrade to Firefox 1.0.4, a security update to Firefox 1.0.

Security Advisory (May 8, 2005) The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported. Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit. Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript.



http://www.mozilla.org/products/firefox/

That was quick.

Yup, saw that today. Good stuff.

http://news.zdnet.com/2100-1009_22-5704684.html?tag=zdfd.newsfeed

Apparently for 1.1, they're going to make a better patch system than just "reinstall the browser". Probably something like what IE has.

What I want to know, though, is if any of this affected Mozilla suite. (I've been using Opera recently, but still)

although you say you post these security flaws in order to keep people aware of them becouse otherwise they wouldn't know to update... BS.

Firefox has an Autoupdate feature which yesterday updated my Firefox to 1.0.4, so you really don't need to post these cleverly disgused Firefox is "bad" threads they are just annoying and waste of space.

Jokke_r said:
although you say you post these security flaws in order to keep people aware of them becouse otherwise they wouldn't know to update... BS.

Firefox has an Autoupdate feature which yesterday updated my Firefox to 1.0.4, so you really don't need to post these cleverly disgused Firefox is "bad" threads they are just annoying and waste of space.



And yet amazingly neither you nor anyone else complaining about the existence of the thread posted this fact earlier. Why is that exactly?

BTW, did you really get an update to 1.0.4? Mine just did an update and is at 1.0.3, and when I hit the update now button it tells me there is nothing new??

For me, I never notice that red update arrow at the right top corner so this post was helpful for me. http://forums.3drealms.com/ubbthreads/images/graemlins/redface.gif Plus, sometimes the red arrow doens't come up until a few days after the fix is posted. Reading the forum is just...quicker http://forums.3drealms.com/ubbthreads/images/graemlins/tongue.gif

Scream said:

BTW, did you really get an update to 1.0.4? Mine just did an update and is at 1.0.3, and when I hit the update now button it tells me there is nothing new??



I auto updated to 1.0.4 today

it doesn't deliver the patch to everyone at the same time to not cause sevrer troubles, to me it popped up a box in the down right corner saying there's an update available and it updated it to 1.0.4

Hmm, the autoupdate doesn't seem to be giving me anything, and when I go to manually update it from within the browser options it fails.

Did you call the Mozilla corp and indicate I was posting about their security holes and tell them not to give me the update or something? http://forums.3drealms.com/ubbthreads/images/graemlins/wink.gif

I noticed the flaw had been fixed from an article on one of the news websites I visit. I then used the manual update feature of Firefox to retrieve the update. I suppose I could have waited for Firefox to autoupdate, but I didn't.

KillerByte said:
I noticed the flaw had been fixed from an article on one of the news websites I visit. I then used the manual update feature of Firefox to retrieve the update. I suppose I could have waited for Firefox to autoupdate, but I didn't.



Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif

Ivan said:
Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif



Huh? Can you post a screenshot?

KillerByte said:

Ivan said:
Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif



Huh? Can you post a screenshot?



Sure.

http://img79.echo.cx/img79/6139/kb2xj.th.jpg (http://img79.echo.cx/my.php?image=kb2xj.jpg)

Ivan said:

KillerByte said:
I noticed the flaw had been fixed from an article on one of the news websites I visit. I then used the manual update feature of Firefox to retrieve the update. I suppose I could have waited for Firefox to autoupdate, but I didn't.



Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif

Simple, there's a setting in about:config called app.update.updatesAvaliable that hasn't been reset yet.

attempt an update and it should reset itself, otherwise do it manually by typing it in about:config in the address bar and resetting that config line

Rellik66 said:

Ivan said:

KillerByte said:
I noticed the flaw had been fixed from an article on one of the news websites I visit. I then used the manual update feature of Firefox to retrieve the update. I suppose I could have waited for Firefox to autoupdate, but I didn't.



Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif

Simple, there's a setting in about:config called app.update.updatesAvaliable that hasn't been reset yet.

attempt an update and it should reset itself, otherwise do it manually by typing it in about:config in the address bar and resetting that config line



Cheers dude! o/

Ivan said:

KillerByte said:
I noticed the flaw had been fixed from an article on one of the news websites I visit. I then used the manual update feature of Firefox to retrieve the update. I suppose I could have waited for Firefox to autoupdate, but I didn't.



Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif


That might mean one of your extensions has an update available. Click it and see what it's telling you to update. If it's still telling you to update Firefox, that's a problem.

Dukefan said:

Ivan said:

KillerByte said:
I noticed the flaw had been fixed from an article on one of the news websites I visit. I then used the manual update feature of Firefox to retrieve the update. I suppose I could have waited for Firefox to autoupdate, but I didn't.



Well I instealled the new version but there is still a little red circle with a straight arrow in it at the top corner of my screen. http://forums.3drealms.com/ubbthreads/images/graemlins/frown.gif


That might mean one of your extensions has an update available. Click it and see what it's telling you to update. If it's still telling you to update Firefox, that's a problem.



I fixed it one post above yours! http://forums.3drealms.com/ubbthreads/images/graemlins/smile.gif