I was browsing an online news site today and found this news, dated 14 July "The Mozilla Foundation has patched several flaws in the Firefox browser and the Mozilla suite of applications, advising users to upgrade. Firefox version 1.0.5 has been released to patch flaws that could be exploited to bypass some security settings, conduct cross-site scripting attacks and compromise a user's system. A new version of the Mozilla suite is expected soon. The flaws have been fixed in the source-code repository." http://smh.com.au/articles/2005/07/14/1120934346317.html I have been using firefox for some time and it appears to be great with it always telling me if there's an update available. The question is why didn't it tell me about this update? Does anybody get an automatic update notification by mozilla about this flaw?
On the Windows version there's a little green icon that turns red for me when updates to the browser and/or extensions I have installed are available. It won't automatically update Firefox for me though, and on OS X I don't seem to have any notification at all. I tend to hear about upgrades through at least one of the forums I visit though so it doesn't bother me too much. Normally I'd suggest using freshmeat to keep up to date, but its Firefox page still shows version 1.0.3 unfortunately.
i always get a notification when upgrade is available, so when there's a security flaw and i didn't get notified, it's a bit uncomfortable for me... ( hopefully my 1.0.4 browser didn't hijacked). Just upgraded to 1.0.5
iskander: I wouldn't worry too much about the security flaws, often they're theorectical vulnerabilities that would only get exploited in a very specific set of circumstances (try reading some of the security advisories - most of them say "if this and this and this happened, something bad might happen! ). Obviously it's always a good idea to keep up with patches though.