Ajaxian

Jobs @ Ajaxian

Find a Job, Post a job.

Topics

.NET (64)
Accessibility (46)
Adobe (72)
Advertising (3)
Ajax (360)
Ajaxian.com Announcements (4)
Android (2)
Announcements (85)
Apple (1)
Aptana (21)
Articles (205)
Atlas (5)
Book Reviews (19)
Books (30)
Browsers (144)
Builds (4)
Business (16)
Calendar (12)
Canvas (59)
Chat (22)
Cloud (3)
ColdFusion (10)
Comet (47)
Component (109)
Conferences (24)
CSS (118)
Database (9)
Debugging (21)
Design (14)
Dojo (189)
DWR (16)
Editorial (267)
Email (5)
Examples (153)
Ext (64)
Firefox (76)
Flash (73)
Framework (57)
Fun (60)
Games (55)
Gears (65)
Google (138)
GWT (71)
HTML (37)
IE (114)
Interview (28)
iPhone (44)
Java (142)
JavaScript (1014)
jMaki (7)
jQuery (104)
JSON (43)
Library (473)
LiveEdit (5)
LiveSearch (17)
Mac (1)
Mapping (36)
Microformat (3)
Microsoft (34)
Mobile (43)
MooTools (32)
Office (9)
Offline (28)
OpenAjax (5)
OpenWebPodcast (2)
Opera (16)
Performance (88)
Perl (8)
PHP (81)
Plugins (5)
Podcasts (36)
Portal (13)
Pragmatic Ajax (2)
Presentation (56)
Programming (134)
Prototype (210)
Python (10)
Qooxdoo (2)
Rails (37)
Recording (7)
Remoting (19)
RichTextWidget (17)
Roundup (13)
Ruby (62)
Safari (43)
Screencast (36)
Scriptaculous (37)
Security (71)
Server (13)
Showcase (645)
Social Networks (15)
Sound (7)
Standards (39)
Storage (3)
Survey (12)
SVG (14)
Testing (39)
The Ajax Experience (66)
TIBCO (24)
Tip (70)
Toolkit (167)
Tutorial (20)
UI (109)
Unobtrusive JS (20)
Usability (75)
Utility (154)
W3C (5)
Web20 (24)
Widgets (10)
Workshop (7)
XmlHttpRequest (41)
Yahoo! (111)

Update Firebug to 1.0.4

Update — go get 1.04 — its a more robust fix for the security issue - read Joe’s comment here.

Joe Hewitt has posted an update to Firebug that you should grab right away as it fixes a couple of issues and covers a 0-day security hole.

The update has been published to addons.mozilla.org, so you can get it by updating Firebug from the Firefox Add-ons window. Alternatively, you can install the update using the big orange button on the getfirebug.com home page.

Posted by Dion Almaer at 2:00 am

4.4 rating from 26 votes

6 Comments »

Comments feed TrackBack URI

ouch… this is the blog page that discussed the issue http://www.gnucitizen.org/blog/firebug-goes-evil

Comment by kongo — April 5, 2007

Thanks for posting this Dion. :)

Comment by Rey Bango — April 5, 2007

/me updates…

How did the article writer know I was a geek?

Comment by Mike Ritchie — April 5, 2007

Wow, that exploit is pretty serious. Once an attacker can control FF chrome from an *extension*, they basically can do whatever they want to the underlying OS. Something about that doesn’t seem quite right.

Comment by Rob Sanheim — April 5, 2007