Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Firefox vulnerabilities and 1.5 Release Candidate

I know there's been at least one and probably a couple of Mozilla Firefox vulnerabilities announced in the last month or so. There are currently (according to Secunia) 3 unpatched Firefox vulnerabili…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

I know there's been at least one and probably a couple of Mozilla Firefox vulnerabilities announced in the last month or so. There are currently (according to Secunia) 3 unpatched Firefox vulnerabilities.


The secunia page for firefox has the details. There are two vulnerabilites for which there is a workaround (as opposed to a patch) to resolve the issue. I don't know what the status of those vulnerabilities are in the upcoming Firefox 1.5, but the other Firefox news I have is that the first Release Candidate for 1.5 has been released at the Mozilla.org site.

One of the GREAT improvements coming in 1.5 is an automatic update for the browser. Of course, to update Internet Explorer you either visit windowsupdate.microsoft.com, or let windows update itself automatically. Well, now Firefox will be able to auto-update which makes me a bit more comfortable about installing firefox on client systems.

I know I've typically been harder on Explorer for unpatched vulnerabilities and have recommended Firefox as a more secure browser. The simple fact is, in spite of 3 unpatched vulnerabilities, that still pales in comparison to Explorer 6.x with 20 unpatched vulnerabilities.

No piece of software is perfect, open-source or otherwise. With open source software the hope is that when anyone is free to review the code, vulnerabilities will hopefully be 1) less likely to make it into general release and 2) more likely to be quickly fixed on discovery (or at least quickly worked around.)