Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Firefox 3.6.7 update last week fixed at least 14 security vulnerabilities in Mozilla's open source Web browser. As it turns out, the organization missed at least one issue, which has now trigged yet another Firefox update.
Mozilla updated its Web browser late Friday with Firefox 3.6.8, fixing at least one critical security flaw that was found in the 3.6.7 update.
"This release fixes a stability problem that affected some pages with embedded plugins," Mike Beltzner director of Firefox at Mozilla wrote in a mailing list posting.
According to Mozilla's security advisory on the issue, there was a crash condition in the plugin parameter array that could have led to a memory corruption issue.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely, leaving a dangling pointer that the plugin could execute, potentially calling into attacker-controlled memory," Mozilla said in its advisory.
Last week's update also fixed multiple memory corruption errors.
The 3.6.8 update isn't the first time that Mozilla has had to issue a quick fix to Firefox for a concern related to a plugin. The Firefox 3.6.6 update quickly followed 3.6.4 (there was no 3.6.5 release), providing users with a plugin configuration fix that was aimed at improving stability.
The Firefox 3.6.4 browser was the first Mozilla release to include out-of-process plugin support. The new plugin feature is intended to make the browser more stable by protecting the core browser from plugin crashes.
The latest Firefox 3.6 update comes as Mozilla developers continue to press forward on the next-generation Firefox 4 browser. The Beta 1 release is the most recent public milestone in the development of Firefox 4. A Beta 2 release was originally expected last week, but hit some delays due to late-breaking bug issues. The latest Mozilla schedule bumped the Beta 2 release back to tomorrow or Wednesday.
Among the new features set to debut in Firefox 4 Beta 2 is the App Tab feature. With App Tabs, Firefox 4 users will be able to lock specific tabs for Web applications. Mozilla has stated that it expects to ship new Firefox 4 betas approximately every three weeks. The final version of Firefox 4 is targeted for general availability by the end of 2010.
As Mozilla developers work on their next generation browser, rival Google Chrome is now accelerating its development cycle, as well. Google is aiming to release a new major stable version of the Chrome browser every six weeks.