Firefox 10.0.2 chemspill to be released on Friday
- Tony-E
- Posts: 8778
- Joined: November 5th, 2004, 11:28 am
Firefox 10.0.2 chemspill to be released on Friday
A chemspill release to address a security issue will be released tomorrow.
As well as Firefox 10.0.2, there will be updates to Firefox ESR 10.0.2, Firefox 3.6.27, beta builds & mobile builds.
As well as Firefox 10.0.2, there will be updates to Firefox ESR 10.0.2, Firefox 3.6.27, beta builds & mobile builds.
- makaiguy
- Posts: 16878
- Joined: November 18th, 2002, 6:44 pm
- Location: Somewhere in SE USA
- Contact:
Re: Firefox 10.0.2 chemspill to be released on Friday
Will this be needed for Thunderbird, too?
Doug Wilson
Win10 64bit: FF 115.0.02 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 115.2.0/115.0.1 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
Win10 64bit: FF 115.0.02 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 115.2.0/115.0.1 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
- Tony-E
- Posts: 8778
- Joined: November 5th, 2004, 11:28 am
Re: Firefox 10.0.2 chemspill to be released on Friday
makaiguy wrote:Will this be needed for Thunderbird, too?
Yes
- WaltS48
- Posts: 5141
- Joined: May 7th, 2010, 9:38 am
- Location: Pennsylvania, USA
Re: Firefox 10.0.2 chemspill to be released on Friday
What is the security issue that is being fixed?
I didn't see any mention of a chemspill release in the recent meeting notes.
https://wiki.mozilla.org/Firefox/Planning/2012-02-15
I didn't see any mention of a chemspill release in the recent meeting notes.
https://wiki.mozilla.org/Firefox/Planning/2012-02-15
Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5
- Chris Wood
- Posts: 33
- Joined: May 20th, 2004, 3:44 pm
- Location: New Zealand
- Contact:
-
- Posts: 2417
- Joined: November 4th, 2002, 4:47 pm
- Location: London, UK
- Contact:
Re: Firefox 10.0.2 chemspill to be released on Friday
Chris Wood wrote:http://techdows.com/2012/02/firefox-10-0-2-released.html
Hrm... not sure where they got that information from - the linked bugs seem to have been fixed in 10.0.0.
The only change between 10.0.1 and 10.0.2 is a security fix for an integer overflow in libpng - bug 727401 (currently restricted). The problem means that it's possible for memory to get overwritten by a malformed PNG file, which could be exploited to execute code with the privileges of the browser.
As the bug is in libpng, this also affects other software - Chrome and various Linux distros also have patches out. It's CVE-2011-3026. Mozilla will presumably publish an advisory shortly.
WLS wrote:I didn't see any mention of a chemspill release in the recent meeting notes.
Looks like the details of the vulnerability were published on Wednesday afternoon, after that meeting.
- Chris Wood
- Posts: 33
- Joined: May 20th, 2004, 3:44 pm
- Location: New Zealand
- Contact:
Re: Firefox 10.0.2 chemspill to be released on Friday
They linked to https://www.mozilla.org/en-US/mobile/10 ... easenotes/ and talked as if it applied to desktop as well?
-
- Posts: 2417
- Joined: November 4th, 2002, 4:47 pm
- Location: London, UK
- Contact:
Re: Firefox 10.0.2 chemspill to be released on Friday
Chris Wood wrote:They linked to https://www.mozilla.org/en-US/mobile/10 ... easenotes/ and talked as if it applied to desktop as well?
Well, yes, but if you look at the 10.0.0 notes https://www.mozilla.org/en-US/mobile/10.0/releasenotes/ you can see that everything is already there, except the security fixes.
- WaltS48
- Posts: 5141
- Joined: May 7th, 2010, 9:38 am
- Location: Pennsylvania, USA
Re: Firefox 10.0.2 chemspill to be released on Friday
Thanks for the info.
I get skeptical when someone reports it without a link to supporting information.
I get skeptical when someone reports it without a link to supporting information.
Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5
-
- Posts: 2417
- Joined: November 4th, 2002, 4:47 pm
- Location: London, UK
- Contact:
Re: Firefox 10.0.2 chemspill to be released on Friday
Mozilla has now posted the advisory:
http://blog.mozilla.com/security/2012/0 ... 2011-3026/
(If you'd like your software to be remotely exploited via any webpage or email, then you don't have to update... I think I will)
http://blog.mozilla.com/security/2012/0 ... 2011-3026/
The libpng graphics library, used by Firefox and Thunderbird as well as many other software packages, contains an exploitable integer overflow bug. An attacker could craft malicious images which exploit this bug, and deliver them to users through websites or email messages.
This bug is remotely exploitable and can lead to arbitrary code execution. Firefox, Thunderbird and Seamonkey users could be attacked simply by displaying a maliciously crafted image.
(If you'd like your software to be remotely exploited via any webpage or email, then you don't have to update... I think I will)
-
- Posts: 597
- Joined: November 10th, 2009, 3:47 am
Re: Firefox 10.0.2 chemspill to be released on Friday
lithopsian wrote:My Linux install cannot update itself automatically even if it tried because it doesn't have sufficient permissions. root and all that ...
Ditto Win 7 as standard user.
- LoudNoise
- New Member
- Posts: 39900
- Joined: October 18th, 2007, 1:45 pm
- Location: Next door to the west
Re: Firefox 10.0.2 chemspill to be released on Friday
Locking temp for surgery
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
- LoudNoise
- New Member
- Posts: 39900
- Joined: October 18th, 2007, 1:45 pm
- Location: Next door to the west
Re: Firefox 10.0.2 chemspill to be released on Friday
I split all the off topic stuff to here: viewtopic.php?f=7&t=2430305
Opinions about frequency of updates should continue there.
Reopened
Opinions about frequency of updates should continue there.
Reopened
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
- Frank Lion
- Posts: 21173
- Joined: April 23rd, 2004, 6:59 pm
- Location: ... The Exorcist....United Kingdom
- Contact:
Re: Firefox 10.0.2 chemspill to be released on Friday
10.0.2 is now out on Firefox 10 ESR.
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
.