Mozilla Riddled with Fixed Security Holes

Tuesday November 5th, 2002

The Register is reporting that six Mozilla security flaws were posted to BugTraq over the weekend. The most remarkable detail about these bugs is that most of them are already fixed. In fact, only one of the flaws (reported here in September) is present in the latest stable branch and trunk releases (Mozilla 1.0.1 and 1.1 respectively), while the more recent 1.2 Beta isn't vulnerable to any of them.

UPDATE! Thanks to laszlo for pointing out the glaring typing errors in this article.

#5 fixed in beta (any patch?)

by feepcreature

Wednesday November 6th, 2002 6:41 AM

You are replying to this message

You're right - I suppose I was thinking of "production" releases.

On the subject of final releases and security fixes, if there were a critical security fix or something, would it be possible to distribute "patches" to the binary releases, containing only the DLLs or Libraries and so forth which were changed by the fix? It occurs to me this would be useful for (test) users who can't compile from source, or who would rather not run the hairiest and latest nightly build. And might reduce the bandwidth consumed by the servers and mirrors.

I suppose that would need its own wee branch from 1.0.1 (or wherever)... maybe quite a bit of work... but if the fix were important enough...

-- P