Firefox 10.0.2 chemspill to be released on Friday
14 posts
• Page 1 of 1
A chemspill release to address a security issue will be released tomorrow.
As well as Firefox 10.0.2, there will be updates to Firefox ESR 10.0.2, Firefox 3.6.27, beta builds & mobile builds. Will this be needed for Thunderbird, too?
Doug Wilson
Win10 (64bit): FF 100.0 (64bit), TB 91.9.0 (32-bit) ║ Android 10: FF Mobile 99.2.0, No TB for Android available, dammit! What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
Yes What is the security issue that is being fixed?
I didn't see any mention of a chemspill release in the recent meeting notes. https://wiki.mozilla.org/Firefox/Planning/2012-02-15 Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5
Hrm... not sure where they got that information from - the linked bugs seem to have been fixed in 10.0.0. The only change between 10.0.1 and 10.0.2 is a security fix for an integer overflow in libpng - bug 727401 (currently restricted). The problem means that it's possible for memory to get overwritten by a malformed PNG file, which could be exploited to execute code with the privileges of the browser. As the bug is in libpng, this also affects other software - Chrome and various Linux distros also have patches out. It's CVE-2011-3026. Mozilla will presumably publish an advisory shortly.
Looks like the details of the vulnerability were published on Wednesday afternoon, after that meeting. They linked to https://www.mozilla.org/en-US/mobile/10 ... easenotes/ and talked as if it applied to desktop as well?
Well, yes, but if you look at the 10.0.0 notes https://www.mozilla.org/en-US/mobile/10.0/releasenotes/ you can see that everything is already there, except the security fixes. Thanks for the info.
I get skeptical when someone reports it without a link to supporting information. Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5 Mozilla has now posted the advisory:
http://blog.mozilla.com/security/2012/0 ... 2011-3026/
(If you'd like your software to be remotely exploited via any webpage or email, then you don't have to update... I think I will)
Ditto Win 7 as standard user. Locking temp for surgery
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default." I split all the off topic stuff to here: viewtopic.php?f=7&t=2430305
Opinions about frequency of updates should continue there. Reopened Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default." ![]() 10.0.2 is now out on Firefox 10 ESR.
Metal Lion SeaMonkey Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
14 posts
• Page 1 of 1
Who is onlineUsers browsing this forum: No registered users and 1 guest |
![]() |