On 19/06/08 22:23, Alex Kruchkoff wrote:
> There is a security vulnerability has been discovered in FF3, FF2:
> 
> http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30 
> 
> 
> Just wonder if firefox-1.5.0.12-15.el5_1.i386 is safe?

I would guess that right nobody (except the anonymous reporter, ZDI and 
Mozilla) can tell - no details are available. Since 1.5 is officially 
dead, Mozilla wouldn't care about that version anyway. Red Hat might 
(even if they have moved to 3 with the latest update), if 1.5 is still 
the official browser in the 5.1.z stream (don't know).. else they 
wouldn't care either. ut with the current rate of vulnerabilities in 
Firefox, I would guess that the next "public" vulnerability will come 
sooner rather than later, and that one will force everybody to go for 
latest T.U.V-release anyway..

regards
jan