beartooth wrote: > On Fri, 20 Jan 2006 11:19:59 +0000, Paul Howarth wrote: > > >> Beartooth wrote: >> >>> On Thu, 19 Jan 2006 18:37:44 +0000, Paul Howarth wrote: >>> >>> >>> >>>> Beartooth wrote: >>>> >>> >>> Gee, and I'd've sworn I saw some ballyhoo weeks and weeks ago to the >>> effect that 1.5 was a big security fix. Worse, I *thought* what I read >>> said it wasn't for once just another MS problem, but something *in* >>> Firefox. Maybe I better go on avoiding it a while yet. What I have is >>> 1.0.7. Thanks! >>> > [....] > >> If there is a real security issue with firefox 1.0.x (I don't know if >> there is or not), I'd expect an FC4 update that either: >> >> (a) updated to a later version that fixed the problem, or (b) included >> a backported fix in the existing version >> >> The choice between the two largely depends on what the impact of a >> significant version upgrade would be on users/other applications that >> depend on the package. If there are significant plugin >> incompatibilities between firefox 1.0.x and 1.5.x then I'd expect the >> second option to be chosen if possible. > > I've since gotten a CERT alert, available at > > > http://www.us-cert.gov/cas/techalerts/TA04-261A.html Are you sure you have the correct link? That link is for vulnerbilities that existed in the Pre-1.0 Firefox. They are definitely fixed in 1.0.7. -- William Hooper
