Buried in the fanfare for the 1.0 release of Firefox, were notices
that some security holes were fixed from prior versions (up to and
including 0.10.1 aka 1.0PR), and that everybody should upgrade to 1.0
A list of the security holes purported to be closed in 1.0 is in the
In particular, these two bugs are noted there as being fixed, and both
of them point to advisories on secunia.com; both of those advisories
state that the remedy is to upgrade to 1.0 gold:
An update to Fedora Core 3 to inclue 1.0 gold should be made ASAP so
as to get those holes plugged--or alternatively, if the Debian
approach is preferred around here ;), patches should be made to the
1.0PR codebase to fix these vulnerabilities, and an errata release made.
Looking at the changelog for firefox suggestes that b.m.o#124750 has
already been fixed:
* Fri Oct 08 2004 Christopher Aillon <firstname.lastname@example.org>
- Add patches to fix tab focus stealing issue (b.m.o #124750)
According to the log for b.m.o#124750, the change that was checked in
on or around October 8 didn't fix it. The corresponding Secunia
advisory says that 0.10.1 is vulnerable. Besides which, this press
release says that 0.10.1 was released on October 1:
The final checkin to fix b.m.o#251297 was on October 22.
At any rate, double-checking them for the sake of the paranoid is a
Good Thing(TM) ;).
This bug should be closed since firefox-1.0 was released as an update
I see it on FTP, but no announcement has been posted to
Just because no announcement has made does not mean this is not fixed.
It is. The announcement is waiting on a few clearances. There is an
embargo on some information I want to announce.