Description of problem: Firfoxe 10.0.1 has a critical vulnerability described here: https://www.mozilla.org/security/known-vulnerabilities/firefox.html MFSA 2012-11 libpng integer overflow Please upgrade to 10.0.2. Version-Release number of selected component (if applicable): 10.0.1-1.fc16 How reproducible: See URL. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
We fixed that with release of xulrunner-10.0.1-3. See changelog: http://koji.fedoraproject.org/koji/buildinfo?buildID=299915 it's a bit confusing that version is not 10.0.2 but we started to do test builds with fix sooner than mozilla put official source tarballs to their ftp. We did that because we wanted to deliver fix ASAP to Fedora users. Thanks for keeping and eye on us.
The update is here: https://admin.fedoraproject.org/updates/FEDORA-2012-1856
This fix is very bad for me. My company's firewall blocks access to the internet from Firefox browsers that identify themselves as 10.0.1 due the to the critical vulnerability. Therefore, I am currently without a usable browser when on Fedora.
Firefox 10.0.3 is going to ship on Mar/13. You can use upstream binary from mozilla.org or build your own firefox rpm package from sources from ftp://ftp.mozilla.org/pub/firefox/releases/10.0.2/source/ until that.
(In reply to comment #4) Thanks for your quick reply. I tried to use the binary from Mozilla yesterday, but found it requires 32-bit libraries. I'm running a pure 64-bit system. I'll try building Firefox from sources soon, but for now, I browse the Internet on Windows and transfer downloads via pscp. It works. That being said, in the future, please ensure Firefox correctly self identifies so this doesn't happen again.
We understand your problem. Mozilla makes x86_64 builds too, see: ftp://ftp.mozilla.org/pub/firefox/releases/10.0.2/linux-x86_64/