Note: A series of vulnerabilities were discovered and fixed in Firebug last night – it is very important that you upgrade your installation of Firebug immediately.
How to upgrade:
- Go to Tools > Add-ons and look for Firebug. If the version listed is anything but 1.03, then you’ll need to upgrade.
- Click the Firebug entry in Add-ons and click the “Find updates” button below. An entry for Firebug 1.03 should show up. Install it and restart Firefox.
Within 24 hours all Firebug users will be receiving the upgrade – and it will be installed the next time they restart their browser. Regardless, it’s important to get this fix installed right away.
Robert Wetzlmayr (April 5, 2007 at 2:21 pm)
What about the special version 1.1b2 that comes with Aptana? Is this fork also affected by the vulnerablility?
Wladimir Palant (April 5, 2007 at 4:30 pm)
Robert, it is very easy to test this – go to any web page and type “javascript:console.log({‘alert(“bing!”)’:’exploit’})” into the location bar. If you see an alert message then you are vulnerable. Btw, I am pretty sure any fork is vulnerable as well.
Thor Larholm (April 5, 2007 at 9:21 pm)
Well it’s not really 0day when there is a new version out that fixes the problem – so here is a new 0day vulnerability in Firebug :)
http://larholm.com/2007/04/06/more-0day-in-firebug/
Max Stepanov (April 6, 2007 at 8:29 am)
Robert, Aptana’s version of the extension is updated. The new version is 1.1b4.14083 (based on Firebug 1.04). It should automatically update Firefox for you to the latest version.
http://www.aptana.com/blog/?p=104