Security alert for Mozilla users.

John Corliss · Jul 9, 2004

Read about it here:

http://news.com.com/Security+hole+found+in+Mozilla+browser/2100-1002_3-5262676.html?tag=nefd.top

(link may wrap)

There is already a 1.7.1 version released. It doesn't have the hole.
Note though, that the flaw only affects those using XP.

Haggard the Horrendous · Jul 10, 2004

Read about it here:

http://news.com.com/Security+hole+found+in+Mozilla+browser/2100-1002_3-5262676.html?tag=nefd.top

(link may wrap)

There is already a 1.7.1 version released. It doesn't have the hole.
Note though, that the flaw only affects those using XP.

It looks like it also affects W2K:

http://www.theregister.com/2004/07/09/mozilla_bug/

John Corliss · Jul 10, 2004

Haggard said:
It looks like it also affects W2K:

http://www.theregister.com/2004/07/09/mozilla_bug/

Thanks for clarifying that.

Derald · Jul 10, 2004

John Corliss said:
There is already a 1.7.1 version released.

The site also hosts a self-installing patch that only takes a
couple of seconds to apply but does require (of course) a restart.

John Corliss · Jul 10, 2004

Derald said:
The site also hosts a self-installing patch that only takes a
couple of seconds to apply but does require (of course) a restart.

Hmm. I didn't notice that one. Got a link?

MLC · Jul 10, 2004

sabato 10/lug/2004 _John Corliss_ in

Hmm. I didn't notice that one. Got a link?

http://www.mozilla.org/security/shell.html

John Corliss · Jul 10, 2004

MLC said:
http://www.mozilla.org/security/shell.html

Thanks. Sheesh! There it was, right on the main page:

"Latest News

8 July 2004
The Mozilla Foundation releases an important security update
(http://www.mozilla.org/security/shell.html) for users of Mozilla,
Firefox, and Thunderbird on Windows. Users can install a patch or
download new releases."

It's getting to where, in my case, information overload ain't sayin' much.

Stan Weiss · Jul 10, 2004

Has anyone gotten this to work?

To install the security patch for Mozilla or Firefox, follow these instructions:
1.Click Install Patch.
2.In the Software Installation window, click the "Install Now" button.
3.Exit and restart your Mozilla or Firefox browser.

When I click Install Patch I get the hourglass and then it goes away and
I am on the same page.
Stan

Aaron · Jul 10, 2004

Read about it here:

http://news.com.com/Security+hole+found+in+Mozilla+browser/2100-1002_3-
5262676.html?tag=nefd.top

(link may wrap)

There is already a 1.7.1 version released. It doesn't have the hole.
Note though, that the flaw only affects those using XP.

Apparantly IE is vulnerable too.

Aaron (my email is not munged!)

MLC · Jul 10, 2004

sabato 10/lug/2004 _Stan Weiss_ in said:
Has anyone gotten this to work?
When I click Install Patch I get the hourglass and then it goes away and
I am on the same page.

Did you try this?

<q>

To verify the fix in your Firefox or Mozilla application, be sure to restart
the browser and then follow these steps:

1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type shell.
3. Look for the preference listing network.protocol-handler.external.shell.
4. If you see the preference listed with the value of false then your
application has been patched.

</q>

Stan Weiss · Jul 10, 2004

Thanks but but when I type in shell there are no listings. When I type
in network they are a number of listing for network.protocol-handler.
but none for network.protocol-handler.external.shell
Stan

Derald · Jul 10, 2004

John Corliss said:
Got a link?

Sorry: http://www.mozilla.org/security/shell.html. This was address
in another thread. At any rate, from the mozila.org home page, it is the
destination of the "8 July 2004" security update in "Latest News".

Stan Weiss · Jul 10, 2004

The file it wants to load is shellblock.xpi. Do I need to enable
anything to get this to work?
Stan

MLC · Jul 10, 2004

sabato 10/lug/2004 _Stan Weiss_ in said:
The file it wants to load is shellblock.xpi. Do I need to enable
anything to get this to work?

Yes. You need to enable "Allow web sites to install software" under Tools -
Options - Advanced - Software update.

HTH

Stan Weiss · Jul 10, 2004

Some time ago I had gone into preferences->software installation and
unchecked enable software installations and check for updates. This is
what was causing my problem.
Stan

Stan Weiss · Jul 10, 2004

Thanks that did it.

Yes. You need to enable "Allow web sites to install software" under Tools -
Options - Advanced - Software update.

HTH

five · Jul 12, 2004

Aaron said:
Apparantly IE is vulnerable too.

Aaron (my email is not munged!)

It's actually the exploitation of a vulnerability in WindowsNT/2000/XP,
which is why IE remains unsafe. Micro$oft have been aware of the problem for
2 years and have, as yet, left it unpatched. Mozilla browsers running on
other OS's are unaffected.

JanC · Jul 13, 2004

Aaron said:
Apparantly IE is vulnerable too.

And MSN Messenger, MS Word, ...

Aaron · Jul 13, 2004

And MSN Messenger, MS Word, ...

And yet the headlines of every tech ezine screams Mozilla exploit lol...

Aaron (my email is not munged!)

Security alert for Mozilla users.

John Corliss

Haggard the Horrendous

John Corliss

Derald

John Corliss

MLC

John Corliss

Stan Weiss

Aaron

MLC

Stan Weiss

Derald

Stan Weiss

MLC

Stan Weiss

Stan Weiss

five

JanC

Aaron