The little periodic update ran on my system and it gave me the following updates. Critical Updates (1) - data: Downloading fix from ftp.mozilla.org You should install these updates immediately to protect your computer from attack. Firefox 1.0 Preview Release - Firefox 1.0 Preview Release is available. We strongly recommend that you install this upgrade as soon as possible. Optional Components (2) - Quality Feedback Utility - The Document Inspector Now it sounds like the top thing is a security issue.. However it should not tell me to install Firefox 1.0 Preview Release as I have it installed already. Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040929 Firefox/0.10 That's from help about firefox. I have firefox-1.0_pre-r1 installed since the day it came out.
Well. I've got the answer.. Preview Release has been updated to .10.1 for a security issue... URL is included above and here... http://www.mozilla.org/press/mozilla-2004-10-01-02.html
*** Bug 66086 has been marked as a duplicate of this bug. ***
Mozilla guys, Sorry for the bug confusion, please bump to 0.10.1
Filesystem overwrite with user rights : downgrading severity mozilla-firefox and mozilla-firefox-bin should be upgraded.
firefox and firefox-bin are updated to 0.10.1 and pushed to x86 stable.
archs, please mark mozilla-firefox-1.0_pre-r2 stable.
ia64 stable
stable on sparc
stable on ppc
Not sure we should issue a GLSA for this issue since the user must download the file [him|her]self in order to exploit this. What does everyone else think?
I would have the same opinion. Waiting for someone else to play devil's advocate...
How should this update work? If I run firefox as root I can update for this fix through the firefox interface and it seems to work (about box reports 0.10.1 as the version number). However when I then run firefox as my normal app user I don't see the new version number. If I try to update running as the normal user I get an error. Do I need to rebuild firefox instead using the ebuild? If so, can alpha be added to this ebuild?
I'm having trouble emerging this on alpha. I'll keyword alpha as soon as those problems are solved.
amd64: please mark mozilla-firefox-bin-1.0_pr-r1 stable too.
done
Limited DoS with (unlikely) user interaction. I'd say no GLSA>
I can achieve the same result with improper use of the 'rm' command, so I vote for no GLSA.
Closing without GLSA alpha: good luck with your testing
