Firefox and Security
Firefox 1.0.5 was recently released and it fixed some now published security flaws, nothing unusual about this, and great that they were patched so quickly, the problem comes when I visit the FireFox front page it offers me:Firefox 1.0.4 for Windows, English (British) (4.7MB)
. This isn’t good, on hearing about the flaws, the first thing people are going to do is download the latest version and think themselves safe, they wouldn’t be here, 1.0.4 isn’t the latest version.
It seems the problem is due to a possibly useful feature of the page, it looks at your accept-language header and picks out the most appropriate download for you, unfortunately though because the local versions come out later - packaging takes time of course nothing unreasonable there - it means I’m being offered the vulnerable version. Should be simple to fix, the script just needs to make sure it’s offering the latest version before it offers the regionalised one. Unfortunately bugzilla.mozilla.org and irc.mozilla.org are down right now, so I can’t even report this, maybe a blog post will be quick.