Bug 259708 fully disclosed

Several readers were curious about the details of bug 259708, the security hole 0.10.1 was released to fix. The bug is now public. In addition, the reporter, Alex Vincent, blogged the story of the bug.

4 Responses to “Bug 259708 fully disclosed”

  1. José Aliste P. Says:

    In Linux, as root I install the xpi and get as root firefox 0.10.1. As another user I simply get 0.10 in the about mozilla firefox and I cannot install the patch

  2. Bill Says:

    Jose: I have witnessed the same on my Linux installation.

  3. Simplex Says:

    The patch XPI provided by Mozilla.org has wrong file permissions, you can simply chmod the two patched files. You will find instructions in this bug: https://bugzilla.mozilla.…rg/show_bug.cgi?id=262604

  4. Simplex Says:

    https://bugzilla.mozilla.org/show_bug.cgi?id=262604