Comments on: Firefox and Mozilla Patch Exploit

By: Konstantinos

Konstantinos — Wed, 09 Feb 2005 14:10:23 +0000

Speaking of Firefox upgrades, do you still have to remove the version installed, before upgrading to another build?

By: Someone

Someone — Wed, 09 Feb 2005 07:04:34 +0000

Personally, I don’t see how it really fixesa problem unless they are releasing an actual PATCH to the released version of Firefox. Telling a corporation with 500 machines (or 5,000) running Firefox that they need to download the nightly build instead of patching the released build is not really acceptable. That nightly build will have all sorts of bugs from other code churn. Do people really think that it doesn’t matter?

When I get an IE patch, it’s a PATCH to the SHIPPED version so I don’t have to go redeploy the entire browser (and an untested version at that).

By: Phil Ringnalda

Phil Ringnalda — Wed, 09 Feb 2005 05:12:45 +0000

I think it’s fantastic how much good “press” Firefox is getting for that 12 hour fix, when you consider the fact that, um, it ain’t a fix for the ‘sploit, it’s a fix for the fact that until sometime in December, we were ignoring a whole set of prefs including the one to disable IDNs, except for right when you set them. That fix enables you not get phished by letting you completely prevent yourself from getting to domains with non-ASCII characters (except of course that there’s generally an ASCII-only alternative around, since the 800lb gorilla hasn’t implemented IDN yet).