New Firefox 1.0.2 (5)

1 Name: Sling!XD/uSlingU 2005-03-24 19:56 ID:U3hCQt48

Internet Security Systems discovered the problem was with the way Firefox processed GIF files. A buffer overflow attack was possible if the user had opened an "infected" GIF picture file.
Users are asked to download the latest version, 1.0.2, as soon as possible.

...GIF?!

2 Name: 404 - Name Not Found 2005-03-24 20:16 ID:DfJx/x4Z

__ dun dun dun __

Description
An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.

Workaround
Turn off image display. Upgrade to the fixed version.

http://www.mozilla.org/security/announce/mfsa2005-30.html

3 Name: Sling!XD/uSlingU 2005-03-24 21:07 ID:U3hCQt48

Argh. Any about:config's workaround?
I don't want to let go of my v1.0 PR.

Besides, how realistic are those buffer overrun scares?
In all cases I read about, it would just crash the app/the machine.

4 Name: 404 - Name Not Found 2005-03-24 21:27 ID:Heaven

> I don't want to let go of my v1.0 PR.

m9(^Д^)PUUUHAHAHAHAHAHAHA

5 Name: 404 - Name Not Found 2005-03-25 00:51 ID:Heaven

I like the auto update function a lot.

This thread has been closed. You cannot post in this thread any longer.