User: Password:
|
|
Subscribe / Log in / New account

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 12, 2012 15:30 UTC (Fri) by lmb (subscriber, #39048)
Parent article: Firefox 16 re-released fixing multiple vulnerabilities (The H)

That is a very quick and commendable turn-around time on Mozilla's part. Congratulations.


(Log in to post comments)

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 12, 2012 20:03 UTC (Fri) by epa (subscriber, #39769) [Link]

Unfortunately those who upgraded to 16.0 were left vulnerable (unless they happened to read a news article and were tech-savvy enough to downgrade manually).

This isn't the most severe vulnerability, but Firefox needs a way to push out emergency downgrades as well as upgrades. Reverting to 15.0.1 immediately would have been the safe course of action.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 13, 2012 12:59 UTC (Sat) by freggy (guest, #37477) [Link]

I'm not convinced downgrading was the best option. Firefox 16 fixed several disclosed security vulnerabilities present in Firefox 15. Downgrading made you vulnerable to these vulnerabilities which were known for a longer time.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 14, 2012 18:45 UTC (Sun) by epa (subscriber, #39769) [Link]

In that case, Mozilla should not have pulled the 16.0 upgrade from the download sites. Either it's safer for most users than 15.x or it isn't.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 14, 2012 23:08 UTC (Sun) by Lennie (guest, #49641) [Link]

It's obvious from the actions of Mozilla they thought 15.x was the better temporary choice.

Firefox 16 re-released fixing multiple vulnerabilities (The H)

Posted Oct 15, 2012 9:54 UTC (Mon) by epa (subscriber, #39769) [Link]

Right, my point is, since 15.x is the better temporary choice, they needed to push out a downgrade from 16.0 to 15.x.

(This time it didn't matter too much since the vulnerability was not a severe one. But they need to have the mechanism available the next time a new version turns out to have a security hole.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds