Firefox Security Update (0.10.1)

Hendikins · Post by **Hendikins** » October 3rd, 2004, 7:08 am

On October 1, the Mozilla Foundation released a security update for Mozilla Firefox.

The vulnerability
Trying to save a file from data: protocol deletes every file in the destination directory that is not marked read-only. Combined with Firefox automatically downloading files to a user specified location, this can result in loss of data. [Details...]

Before Installing the update
* Make sure that you allow web sites to install software. To enable this, open the Firefox Preferences or Options window, select "Web Features", and make sure "Allow web sites to install software" is ticked.

* Linux users in particular: make sure that you can write to the directory where Firefox is installed. This may require you to run your browser as root. If you can not write to the directory where Firefox is installed, this update will fail.

Installing the update
The Firefox update notification should tell you that there is an update available. If it does, simply click on it to install the update.

If you are not automatically notified, or have switched notifications off, you can manually check for updates. To do this, open the Firefox Preferences or Options window, select "Advanced", select "Software Installation" if the item is not already expanded, and click "Check Now".

You can also do a manual installation. To do this, save the patch to disk (Right-click -> Save Link Target As) and then drag it to any open Firefox window.

After Installation
After installing this update, restart Firefox. If Firefox still shows the critical update notification (<img src="http://www.mozilla.org/images/update.png" alt="next to the throbber">), checking for updates again should clear it.

Nightly build users
If you are using a nightly build of Mozilla Firefox, either update to a build from September 30 or later, or install the update as described above.

Verifying the update is installed
To verify that the update is installed, open Help -> About. The useragent of your browser is shown at the bottom of this window. If it ends with Firefox/0.10.1, the update is installed.

Notes
* If Firefox insists that there is a critical update available after installation, open about:config and reset the following preferences:

app.update.updatesAvailable
update.severity

* If you can not install the update, you can download a new build of Mozilla Firefox that already contains it.

* Installing this update will not break any localizations. If your browser is in German, for example, it will still be in German after the update.

* If you are using a modified useragent, you obviously cannot use Help -> About to check if the update is installed. In this case, check that <cite>bug259708.js</cite> is present in the default\pref directory of your Firefox installation.