On 19/06/08 22:23, Alex Kruchkoff wrote:
> There is a security vulnerability has been discovered in FF3, FF2:
>
> http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
>
>
> Just wonder if firefox-1.5.0.12-15.el5_1.i386 is safe?
I would guess that right nobody (except the anonymous reporter, ZDI and
Mozilla) can tell - no details are available. Since 1.5 is officially
dead, Mozilla wouldn't care about that version anyway. Red Hat might
(even if they have moved to 3 with the latest update), if 1.5 is still
the official browser in the 5.1.z stream (don't know).. else they
wouldn't care either. ut with the current rate of vulnerabilities in
Firefox, I would guess that the next "public" vulnerability will come
sooner rather than later, and that one will force everybody to go for
latest T.U.V-release anyway..
regards
jan