Flash Player Security Update
http://www.adobe.com/support/security/bulletins/apsb07-12.html
Adobe released a new version of flash player last week. The update in itself isn't terribly significant, but this brings up a great opportunity to stress the importance of not running Flash Player as a standalone plugin. Firefox currently has the ability to magically install Flash Player if you visit a site that requires it, and you don't have it installed. The problem with this installation method is that you will never get security updates for your local copy. Fedora users should install flash from mplug.org here:
http://macromedia.mplug.org/
This is a great service
Warren provides. As long as you rely on this yum repository for Flash Player, you should receive the necessary updates to keep your browser secure.
Updated
Unknown to me at the time of writing, the flash packages should not be retrieved directly from Adobe. There is a statement on the mplug.org site:
This site used to host RPM and yum/apt repositories of Adobe Flash Player.
Adobe has since taken over the job of RPM packaging and providing a yum
repository. Get the adobe-release package from Adobe to install
their yum config and GPG key.
Existing users of this yum repository must migrate to Adobe's repository.
This site will shut down in the near future.
Security and Accountability
http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/
Last week a security flaw was found in the way Internet Explorer passes a URL to Firefox. This done via a special protocol handler that Firefox registers when installed on a windows system. Microsoft claims this isn't their problem, Mozilla claims it is. Luckily this flaw is going to be fixed in Firefox. It's admirable that the Firefox developers are willing to do what's best for their users.
The moral of this story is that there are significant advantages to the current Linux distribution model. If a similar flaw was found in Fedora or Red Hat Enterprise Linux, there is nobody to bicker with. It's not uncommon for vendors to spend more time pointing fingers at each other when something goes wrong. There can certainly be an advantage to getting all your bits from one place.
