Mozilla repatches Firefox after regression bug pops up
Bug in last week's Firefox 3.0.9 crashes Windows browser
Computerworld - Mozilla Corp. today rushed out a new version of Firefox to fix a flaw it introduced with the 12-patch security update it shipped less than a week ago.
Firefox 3.0.10, which the open-source browser maker called a "security and stability" release, followed Firefox 3.0.9 by just six days and was necessary because of a new bug that slipped into last week's update.
Mozilla labeled the new bug a "critical" security vulnerability. "One of the security fixes in Firefox 3.0.9 introduced a regression that caused some users to experience frequent crashes," the accompanying advisory said. "In analyzing this crash, we discovered that it was due to memory corruption similar to cases that have been identified as security vulnerabilities in the past."
The flaw, which cropped up only in the Windows version of Firefox, was detected by Mozilla's crash-reporting system, and by last Wednesday, developers were discussing how to deal with the problem on Bugzilla, the company's bug tracking system.
"So we fixed [Bug] 431260, which wasn't really a security problem, and we introduced this bug, which probably is," said Robert O'Callahan, a Mozilla developer who works on Firefox's rendering engine. "Perhaps we need to be more picky about what we land on branch."
By Thursday, a patch had been created, and the new build had been passed on to testing.
This isn't the first time that Mozilla has had to deal with a regression bug, one that its own developers introduced while making other fixes. Two different times in late 2007, Mozilla released emergency updates to patch such bugs.
Firefox 3.0.10 can be downloaded for Windows, Mac OS X and Linux from the Mozilla site. Current users can also call up their browser's built-in updater or wait for the automatic update notification, which should pop up in the next 48 hours.
According to Mike Beltzner, director of Firefox, Mozilla also plans to post the delayed Firefox 3.5 Beta 4 later tonight.
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Web Apps White Papers | Webcasts