Mozilla re-patches Firefox 3.6 to fix plug-in problem
Second time in two months that a just-released update needs a follow-up fix
Computerworld - For the second time in two months, Mozilla on Friday rushed out a fix for Firefox to patch a problem with a browser update issued just days before.
Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called "a stability problem that affected some pages with embedded plug-ins."
The company had released Firefox 3.6.7 two days earlier.
Mozilla patched one critical security bug in the newest update, according to an advisory also published Friday. "In certain circumstances, properties in the plug-in instance's parameter array could be freed prematurely, leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory," the warning read.
The bug surfaced in one of the 16 patches that Mozilla applied to Firefox earlier in the week.
Details of that vulnerability, and the stability problem that Beltzner mentioned, were not available to the public as of Saturday.
Several Firefox users, however, had filed numerous reports to the browser's support forum of problems with Adobe's Flash Player plug-in after updating to Firefox 3.6.7.
"I updated Firefox from 3.6.2 to 3.6.7 and I REGRET IT!," wrote a user identified only as "Steve" in a support forum message posted Friday morning. "I can't watch YouTube. Every time the video is about to start Firefox freezes and I can't do nothing besides going into Task Manager and killing it from there. THIS SUCKS!"
Friday's patch-and-release was the second in two months for Mozilla. Just three days after updating Firefox to version 3.6.4 in late June, Mozilla delivered another update because people playing Farmville complained that their browser was shutting down the Facebook game. The company said that a new "out of process plug-ins" feature, designed to keep the browser running when a plug-in crashed, was kicking in too quickly.
The older Firefox 3.5 browser, which was upgraded to version 3.5.11 last Tuesday, is not affected by the security bug or the plug-in stability problem.
Users can update to Firefox 3.6.8 by downloading the new edition or by selecting "Check for Updates" from the Help menu in the browser.
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Desktop Apps White Papers | Webcasts