Mozilla re-patches Firefox 3.6 to fix plug-in problem
Second time in two months that a just-released update needs a follow-up fix
Computerworld - For the second time in two months, Mozilla on Friday rushed out a fix for Firefox to patch a problem with a browser update issued just days before.
Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called "a stability problem that affected some pages with embedded plug-ins."
The company had released Firefox 3.6.7 two days earlier.
Mozilla patched one critical security bug in the newest update, according to an advisory also published Friday. "In certain circumstances, properties in the plug-in instance's parameter array could be freed prematurely, leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory," the warning read.
The bug surfaced in one of the 16 patches that Mozilla applied to Firefox earlier in the week.
Details of that vulnerability, and the stability problem that Beltzner mentioned, were not available to the public as of Saturday.
Several Firefox users, however, had filed numerous reports to the browser's support forum of problems with Adobe's Flash Player plug-in after updating to Firefox 3.6.7.
"I updated Firefox from 3.6.2 to 3.6.7 and I REGRET IT!," wrote a user identified only as "Steve" in a support forum message posted Friday morning. "I can't watch YouTube. Every time the video is about to start Firefox freezes and I can't do nothing besides going into Task Manager and killing it from there. THIS SUCKS!"
Friday's patch-and-release was the second in two months for Mozilla. Just three days after updating Firefox to version 3.6.4 in late June, Mozilla delivered another update because people playing Farmville complained that their browser was shutting down the Facebook game. The company said that a new "out of process plug-ins" feature, designed to keep the browser running when a plug-in crashed, was kicking in too quickly.
The older Firefox 3.5 browser, which was upgraded to version 3.5.11 last Tuesday, is not affected by the security bug or the plug-in stability problem.
Users can update to Firefox 3.6.8 by downloading the new edition or by selecting "Check for Updates" from the Help menu in the browser.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts