Re: Firefox Software Update

From: Kai Howells (kai_at_rocketcat.info)
Date: 03/01/05

  • Next message: Thierry Carrez: "[ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities" 
    Date: Tue, 1 Mar 2005 23:35:25 +1100
To: bugtraq@securityfocus.com

    I've received a lot of replies about this issue, so here's the summary
    for those who are interested:

    No, it's not a bug in the Windows version, the Firefox team are
    staggering the releases to ease the load on the server. Each language
    version is being released at a separate time, en-US should be live by
    now. I suspected something along these lines, however I underestimated
    the amount of time that the releases would be spread over.

    There is, however, a bug in the Mac OS X and Linux versions in that it
    won't auto-update, so users are recommended to head over to
    http://www.mozilla.org/products/firefox/ and download it manually

    Asa has a blog at http://weblogs.mozillazine.org/asa/ that details more
    about the staggered release, which languages have been released and
    what's coming next.

    I didn't want to sound like I am bashing the Firefox team, I just
    wanted to know if others were experiencing similar issues (they were),
    if it was a bug (no, it's not on Windows, yes it is on OS X and Linux)
    and if there was a solution (wait, or download it manually). I do
    believe that it is important that people who are concerned about
    security (such as those who read this list) are aware that there may be
    an issue with something that they would otherwise rely on to deliver
    software updates.

    Cheers,
    Kai Howells

    Kai Howells wrote:
    > It appears that there is a problem with the Firefox Software Update,
    > at least in Firefox 1.0 on Windows and Mac OS X.
    > In Preferences -> Advanced -> Software Update there are checkboxes to
    > Periodically check for updates to Firefox and My Extensions. It
    > doesn't appear that this feature works at all. I've not been notified
    > via this method that Firefox 1.0.1 has been released, even manually
    > hitting the Check Now button (that takes a minute or so to do it's
    > thing over a cable internet connection) happily reports back to me
    > that there are no available updates.
    > Now, there are a couple of bugs, listed as critical in bugzilla, that
    > confirm that I'm not alone with these problems, however they don't
    > appear to be assigned to anyone at this stage. I believe that this
    > issue deserves more attention than it's currently getting as security
    > is one of the stated design goals of the project and with no working
    > auto-update feature we're potentially being put in a worse position
    > than with other vendor's alternatives that at least have monthly
    > updates.
    > Regards,
    > Kai Howells

  • Next message: Thierry Carrez: "[ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities"