Maybe less than a week ago there was a pretty neat event called ConSecWest. It’s main purpose is for white hat security researchers to gain recognition for successfully exploiting popular Internet software such as Firefox, Internet Explorer, and Google Chrome, among others. A very cool program! Though, I think the researchers deserve more than $5,000 for finding a bug–but, how can one place value on recognition? A prominent ex-NSA security researched Charlie Millier who was interviewed at tomshardware.com discovered severals flaws at the event one of which exploited Firefox.
Two things need to be done. First, props need to be given to the Firefox team for quickly resolving these flaws and releasing Firefox 3.0.8.
Second, though, just because a new version of the software is available does not mean that a system is now protected against the vulnerability. But, that is not so far from the truth. The most important step is to actually update your system and for a brief second I thought that maybe I would have to update my system manually. I mean, the new version was released so recently! Once again, I doubted the Ubuntu distribution probably due to being scarred by years of using Fedora Core. The moment I discovered there was a new version of Firefox, Ubuntu had notified me of new updates! To my surprised, it was Firefox 3.0.8… Excellent work Ubuntu! Your timeliness is very appreciated.
Mozilla Firefox 3.0.8, Copyright (c) 1998 – 2009 mozilla.org