Bug 138790 - Security Holes Fixed in Firefox 1.0
Summary: Security Holes Fixed in Firefox 1.0
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-11-11 06:10 UTC by Jason Bucata
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2004-11-13 22:16:57 UTC

Attachments (Terms of Use)

Description Jason Bucata 2004-11-11 06:10:07 UTC
Buried in the fanfare for the 1.0 release of Firefox, were notices
that some security holes were fixed from prior versions (up to and
including 0.10.1 aka 1.0PR), and that everybody should upgrade to 1.0
gold immediately.

A list of the security holes purported to be closed in 1.0 is in the
"unofficial changelog":

In particular, these two bugs are noted there as being fixed, and both
of them point to advisories on secunia.com; both of those advisories
state that the remedy is to upgrade to 1.0 gold:

An update to Fedora Core 3 to inclue 1.0 gold should be made ASAP so
as to get those holes plugged--or alternatively, if the Debian
approach is preferred around here ;), patches should be made to the
1.0PR codebase to fix these vulnerabilities, and an errata release made.

Comment 1 Sitsofe Wheeler 2004-11-11 09:28:03 UTC
Looking at the changelog for firefox suggestes that b.m.o#124750 has
already been fixed:
* Fri Oct 08 2004 Christopher Aillon <caillon@redhat.com>
- Add patches to fix tab focus stealing issue (b.m.o #124750)

Comment 2 Jason Bucata 2004-11-11 16:02:44 UTC
According to the log for b.m.o#124750, the change that was checked in
on or around October 8 didn't fix it.  The corresponding Secunia
advisory says that 0.10.1 is vulnerable.  Besides which, this press
release says that 0.10.1 was released on October 1:

The final checkin to fix b.m.o#251297 was on October 22.

At any rate, double-checking them for the sake of the paranoid is a
Good Thing(TM) ;).

Comment 3 petrosyan 2004-11-12 14:28:52 UTC
This bug should be closed since firefox-1.0 was released as an update
for FC3

Comment 4 Jason Bucata 2004-11-13 21:56:44 UTC
I see it on FTP, but no announcement has been posted to

Comment 5 Christopher Aillon 2004-11-13 22:16:57 UTC
Just because no announcement has made does not mean this is not fixed.
 It is.  The announcement is waiting on a few clearances.  There is an
embargo on some information I want to announce.

Note You need to log in before you can comment on or make changes to this bug.