News Firefox releases security patch

Loru

Loru

Retired Staff Member
Retired Staff
Addon Developer
Donator
Joined
Sep 30, 2008
Messages
3,731
Reaction score
6
Points
36
Location
Warsaw
I've got "auto update" on so it's done already.
 
Urwumpe

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,604
Reaction score
2,324
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Izack said:
How is an open-source browser project releasing a patch newsworthy?
Click to expand...

Open-source is not different to closed source in significance or releases more small patches instead of few bigger ones. Open-source is only a difference in license, the differences in work are minimal. Instead of many responsible coders, you have few maintainers in open-source, who decide which code additions are becoming mainstream.
 
Izack

Izack

Non sequitur
Addon Developer
Joined
Feb 4, 2010
Messages
6,665
Reaction score
13
Points
113
Location
The Wilderness, N.B.
Urwumpe said:
Open-source is not different to closed source in significance or releases more small patches instead of few bigger ones. Open-source is only a difference in license, the differences in work are minimal. Instead of many responsible coders, you have few maintainers in open-source, who decide which code additions are becoming mainstream.
Click to expand...
I didn't mean to place significance on the fact that it was open source. I just meant it's not exactly important news to know that Firefox released a patch. Like normal, the people who use it will find it, download it and get on with it. Maybe it will save some users from a security threat. Nothing new or significant there.
 
Izack

Izack

Non sequitur
Addon Developer
Joined
Feb 4, 2010
Messages
6,665
Reaction score
13
Points
113
Location
The Wilderness, N.B.
Urwumpe said:
It is because it fixes a significant bug, that is worth being in the news.
Click to expand...
I digress it is an important patch, especially in light of Internet Explorer's recent failings, and thus should be posted on various software/computer-related boards, but the BBC?
 
Urwumpe

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,604
Reaction score
2,324
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Izack said:
I digress it is an important patch, especially in light of Internet Explorer's recent failings, and thus should be posted on various software/computer-related boards, but the BBC?
Click to expand...

If Toyota can't build a proper pedal into their cars, it is reason enough for being on the first page.
 
Urwumpe

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,604
Reaction score
2,324
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
Izack said:
You can't run a guy over with a web browser.
Click to expand...

If you lost 50,000 € due to a phisher, being run over by a car doesn't hurt so much.
 
Izack

Izack

Non sequitur
Addon Developer
Joined
Feb 4, 2010
Messages
6,665
Reaction score
13
Points
113
Location
The Wilderness, N.B.
Bj said:
and you have experienced this? :p


Anyway security is important, you always always always have to keep updated.
Click to expand...
I got squashed against a wall by the back of a van once. I've never been phished, though, so I can't give you an accurate comparison. :lol:

But yeah, I did grab the 3.6.2 patch as soon as it came out. I'm not arguing against the usefulness of security patches by any stretch.
 
MeDiCS

MeDiCS

Donator
Donator
Joined
Sep 22, 2008
Messages
602
Reaction score
2
Points
0
Bj said:
Anyway security is important, you always always always have to keep updated.
Click to expand...
It's interesting to note that it's not always true. There is an OSS OS, called OpenBSD which is advertised as the most secure OS today, and they distribute it with 'outdated' software (for example, Apache V1), but with their own set of patches. It's more like a fork actually, but it's interesting to note that a higher version number does not always guarantee a more secure app...
 
Urwumpe

Urwumpe

Not funny anymore
Addon Developer
Donator
Joined
Feb 6, 2008
Messages
37,604
Reaction score
2,324
Points
203
Location
Wolfsburg
Preferred Pronouns
Sire
MeDiCS said:
It's interesting to note that it's not always true. There is an OSS OS, called OpenBSD which is advertised as the most secure OS today, and they distribute it with 'outdated' software (for example, Apache V1), but with their own set of patches. It's more like a fork actually, but it's interesting to note that a higher version number does not always guarantee a more secure app...
Click to expand...

Yes, just like clock rate does not say anything about speed. But generally, there is a relation between version number and security.
 
cjp

cjp

Addon Developer
Addon Developer
Donator
Joined
Feb 7, 2008
Messages
856
Reaction score
0
Points
0
Location
West coast of Eurasia
I'm running Firefox 3.5.8 in Linux. Would that be a problem? Some websites say that only 3.6.x is affected.

It would be a real inconvenience to update to a 3.6 version, because in Ubuntu (and most other Linuxes), updating of software is done automatically by the update manager of the distribution, and the Ubuntu repositories still contain version 3.5.8. Updating manually could make the whole system very messy, with all sort of potential problems as a result.

---------- Post added at 07:59 PM ---------- Previous post was at 07:52 PM ----------
MeDiCS said:
It's interesting to note that it's not always true. There is an OSS OS, called OpenBSD which is advertised as the most secure OS today, and they distribute it with 'outdated' software (for example, Apache V1), but with their own set of patches. It's more like a fork actually, but it's interesting to note that a higher version number does not always guarantee a more secure app...
Click to expand...

If it turns out to be true what I asked in my previous post, then 3.5.8 is currently more secure than 3.6.0.

As long as security holes are still actively being fixed, it could be beneficial to have an older version. Newer versions tend to have newer features, so they have more 'new code' that has not yet been exposed to security experts for very long.
 
H

Hielor

Defender of Truth
Donator
Beta Tester
Joined
May 30, 2008
Messages
5,580
Reaction score
2
Points
0
MeDiCS said:
It's interesting to note that it's not always true. There is an OSS OS, called OpenBSD which is advertised as the most secure OS today, and they distribute it with 'outdated' software (for example, Apache V1), but with their own set of patches. It's more like a fork actually, but it's interesting to note that a higher version number does not always guarantee a more secure app...
Click to expand...
But they are patching the vulnerabilities in the original app, which is the point. Going up a version number, in addition to introducing fixes for the old bugs, also introduces new features which may contain other bugs. If you don't add new features and only fix old bugs, you'll obviously end up with a more secure system.
 
You must log in or register to reply here.

Similar threads

misha.physics
General Question Open Source Orbiter, other releases, addons
Replies
7
Views
2K
Max-Q
Max-Q
IronRain
News State of Orbiter Forum, Orbit Hangar Mods
5 6 7
Replies
134
Views
17K
Ericman832
E
Mr Martian
Project IPEC Pegasus (ISV Pegasus 3.0)
Replies
16
Views
2K
Mr Martian
Mr Martian
DarkWanderer
Roadmap proposal - Orbiter development
5 6 7
Replies
121
Views
16K
misha.physics
misha.physics
dbeachy1
XRSound Open-Source Development
2 3 4
Replies
74
Views
9K
Abdullah Radwan
Abdullah Radwan
Top