On 2/21/10 10:45 PM, Manuel Reimer wrote: > my distributor, so far, didn't publish an updated package, so I'll have > to keep with an old Firefox for some days. > > For all of the current holes, disabling Javascript seems to be OK for > the meantime, according to your advisories, so I did so. > > Does this also work for the following hole: > http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
Disabling JavaScript should protect you for the time being. It doesn't actually prevent the underlying parser flaw but people would have to invent new techniques for manipulating memory without scripts. Plugins essentially count as scripts for this purpose though, so you need to turn those off too. Or use FlashBlock and only play videos you're confident are OK--let other people go first :-) -Dan Veditz _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security