Firefox hit by multiple drive-by download flaws

[djbaxter]

Firefox hit by multiple drive-by download flaws
by Ryan Naraine
October 28th, 2009

Mozilla?s flagship Firefox browser is vulnerable to at least 11 ?critical? vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.

The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser?s form history.

One of the critical issues affect media libraries introduced in Firefox 3.5 when audio and video capabilities were added.

See full article for details of the security vulnerabilities

The Firefox 3.5.4 update will be distributed via the browser?s automatic update mechanism. It should be deployed within the next 24 to 48 hours. Alternatively, users can use the ?Check for Updates? tool to manually apply the update.

 

[SeattlePurple]

Well they'll probably auto-update again.

I hate the auto-update! I'd expect it from Microsoft.

And yes, I've since made it ask first!

 

[djbaxter]

Let me see if understand this: You complain if Microsoft doesn't patch security holes. And you complain if Microsoft does patch security holes.

And you would also prefer that Firefox ignore security vulnerabilities and not issue updates and patches.

Is that about right?