lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Mar 2005 23:35:25 +1100
From: Kai Howells <kai@...ketcat.info>
To: bugtraq@...urityfocus.com
Subject: Re: Firefox Software Update

I've received a lot of replies about this issue, so here's the summary 
for those who are interested:

No, it's not a bug in the Windows version, the Firefox team are 
staggering the releases to ease the load on the server. Each language 
version is being released at a separate time, en-US should be live by 
now. I suspected something along these lines, however I underestimated 
the amount of time that the releases would be spread over.

There is, however, a bug in the Mac OS X and Linux versions in that it 
won't auto-update, so users are recommended to head over to 
http://www.mozilla.org/products/firefox/ and download it manually

Asa has a blog at http://weblogs.mozillazine.org/asa/ that details more 
about the staggered release, which languages have been released and 
what's coming next.

I didn't want to sound like I am bashing the Firefox team, I just 
wanted to know if others were experiencing similar issues (they were), 
if it was a bug (no, it's not on Windows, yes it is on OS X and Linux) 
and if there was a solution (wait, or download it manually). I do 
believe that it is important that people who are concerned about 
security (such as those who read this list) are aware that there may be 
an issue with something that they would otherwise rely on to deliver 
software updates.

Cheers,
Kai Howells

Kai Howells wrote:
> It appears that there is a problem with the Firefox Software Update, 
> at least in Firefox 1.0 on Windows and Mac OS X.
> In Preferences -> Advanced -> Software Update there are checkboxes to 
> Periodically check for updates to Firefox and My Extensions. It 
> doesn't appear that this feature works at all. I've not been notified 
> via this method that Firefox 1.0.1 has been released, even manually 
> hitting the Check Now button (that takes a minute or so to do it's 
> thing over a cable internet connection) happily reports back to me 
> that there are no available updates.
> Now, there are a couple of bugs, listed as critical in bugzilla, that 
> confirm that I'm not alone with these problems, however they don't 
> appear to be assigned to anyone at this stage. I believe that this 
> issue deserves more attention than it's currently getting as security 
> is one of the stated design goals of the project and with no working 
> auto-update feature we're potentially being put in a worse position 
> than with other vendor's alternatives that at least have monthly 
> updates.
> Regards,
> Kai Howells

Download attachment "smime.p7s" of type "application/pkcs7-signature" (2365 bytes)

Powered by blists - more mailing lists