Upgrade your Firefox
by Volker Weber
Running Firefox? Then do upgrade to 1.0.3. Now. Here is why.
Comments
What is pretty anoying: the "critical update available" icon in the top-right corner of the menue bar still points to 1.0.2 (18th of April, 18:30 UTC), at least for the german version . This version is error prone and highly vulnerable. Please do a manual update, using this version (German Firefox only):
Firefox 1.0.3 für Windows, Deutsch (4.7MB)
The exploit is pretty simple, even myself understands the source code ;-) Do not wait, until the script kidies understand the exploit too ....
That's exactly the reason why one should use english original versions if he can handle the language.
Sven,
I disagree, not everybody in the world is supposed to speak English even though it's the most commonly used language in the IT world.
Hajo,
same problem with the Italian version and, strangely enough, it's gone with 1.0.3. Is it supposed to show only for "emergencies" such as this one?
Volker,
thanks for pointing this problem out and linking to the Proof-of-concept site. I did the test and found indeed it wrote the boom.txt file on my root directory... a bit of a worry really.
This time we are safe but God knows what's waiting ahead.. ;-)
It´s good to have a tool such as Microsoft AntiSpyware, which alerted me when trying out the test that a .bat file was going to be executed, which I blocked then. No threath :-)
@Peterjan
Exactly, that's why I wrote if one "can" use the language. If not, bad luck but perhaps the reason starting with english exercises...can't be a mistake nowadays...
Thanks, Pieterjan. It was actually Hajo, who pointed out this problem and sent me the link. I was a bit busy the last two days and forgot to attribute this message to him.
