On GameSpot: Black Wii Remote, Nunchuk hit US Nov. 16
BNET Business Network:
BNET
TechRepublic
ZDNet

March 30th, 2009

Firefox 3.0.8 fixes Pwn2Own bug and one that "fell through the cracks"

Posted by Ed Burnette @ 6:22 am

Categories: Community, General, Web Browsers

Tags: Mozilla Firefox, Vulnerability, Patches, Web Browsers, XML, Security, Internet, Software/Web Development, Web Development, Ed Burnette

The latest update to Firefox has been pushed out to users via an automatic update. This one was rushed through, mainly to fix the vulnerability used to win the 2009 CanSecWest Pwn2Own contest (MFSA 2009-13: Arbitrary code execution through XUL <tree> element).

In addition it contains a fix to a vulnerability (MFSA 2009-12: XSL Transformation vulnerability) that was first reported in July 2008, re-reported in October, patched in November, and then forgotten until it was re-reported on March 25th. So why did it take 8 months to get a fix out for this serious problem?

More: Why this bug fell through the cracks >

Pages: 1 2 3

Ed BurnetteEd Burnette is a professional developer and author of several articles and books about computing including Hello, Android: Introducing Google's Mobile Development Platform, 2nd Edition. For disclosure of Ed's industry affiliations, click here or to view his full profile click here.

Email Ed Burnette

Subscribe to Dev Connection via Email alerts or RSS.

  • Talkback
  • Most Recent of 11 Talkback(s)
More importantly, they're fixing the reasons why it fell through the cracks
At least they haven't intentionally just left a vulnerability alone for over a year, unlike MS with it's token ring vulnerability.... (Read the rest)
Posted by: D. W. Bierbaum Posted on: 03/31/09 You are currently: a Guest | | Terms of Use
This is a great article to link to...  Qbt | 03/30/09
Just proves that nobody's perfect, but...  eMJayy | 03/30/09
Watch And Learn MS  Alan Smithie | 03/30/09
Move along  Loverock Davidson | 03/30/09
ROTFLMAO @ the hipocrisy.... nt  T1Oracle | 03/30/09
?Move along - nothing to see here?  mhenriday | 03/30/09
RE:?Move along - nothing to see here?  richdave | 03/30/09
Here come the Fanbois from both sides. (NT)  invmgr@... | 03/30/09
Perhaps both Safari and IE developers do, in fact, have something to learn  mhenriday | 03/30/09
RE:Firefox 3.0.8 fixes Pwn2Own bug and one that "fell through the cracks"  richdave | 03/30/09
More importantly, they're fixing the reasons why it fell through the cracks  D. W. Bierbaum | 03/31/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement
Click Here

Recent Entries

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline