December 16, 2009 - 8:33 am
Mozilla has released a new Firefox update, 3.5.6 which addresses seven security vulnerabilities, three of them labeled as critical,so users are encouraged to update as soon as possible.
Among the vulnerabilities, I find MFSA-69 an interesting one, as it could lead a user into believing he is in a secure web page (https://) due to an error on how certain server responses are handled.
To update, select Check for Updates… in the Help menu or just accept it when prompted within the next couple of days. Linux users using distro packages will have to wait for the update to be released to their respective repositories.
http://www.mozilla.org/securit/announce/2009/mfsa2009-69.html
November 6, 2009 - 11:04 am
Mozilla has relased a quick Firefox update to address several stability bugs that may lead to crashing in very specific cases like sites that use a GIF image as their favicon.
Users are encouraged to update as soon as possible by selecting Check for Updates… in the Help menu. Otherwise, you should be prompted for the update in the next few hours.
You can check the release notes for more details.
October 28, 2009 - 7:48 pm
Mozilla has released a new update for Firefox 3.5 featuring several stability bug fixes and most notably, six critical vulnerabilities, among a total of 11 for this release.
As usual, you will be prompted to update in the next few hours or you can force it by selecting Check for Updates… in Firefox’s Help menu.
More details in the release notes.
October 23, 2009 - 8:42 pm
With over 30,000 personas now available at Mozilla Add-ons, it’s no surprise there are now 81 Halloween themed available ready for the scary night!
Here are my favorite five, but there is something for everyone: really scary, cute , and even pink ones!
September 10, 2009 - 11:21 am
Mozilla has released a new update for the Firefox 3.5. Firefox 3.5.3 introduces a number of big fixes including patches for three critical security vulnerabilities.
Also new in this release is a plugin update verification currenlty limited to Flash, Adobe’s ubiquituous and generally outdated plugin. On first run, Firefox will verify the current version of Flash and will suggest and link the update so you can take action.
August 3, 2009 - 10:47 pm
Mozilla has released a second update for Firefox 3.5 that addresses 3 security vulnerabilities, 2 labeled as critical by Mozilla that were disclosed last week at BlackHat /Defcon security conferences.
Among stability improvements, it also brings proper ICC profiles rendering.
You will be automatically prompted to update in the next 48 hours. To get the update immediately, select Check for Updates… in Firefox’s Help menu.
July 16, 2009 - 11:45 pm
As announced, Mozilla has released the first update for Firefox 3.5, prompted by the disclosure of a critical security flaw related to TraceMonkey, the new JavaScript optimizer, earlier this week.
Users who applied the suggested workaround and set javascript.options.jit.content to false via about:config, can reverse it to gain the enhanced performance back. Just double click on the preference to set it to true.
The update also fixes some cases of slow startups due to very long temporary folders scans on Windows.
Oddly, Google Gears, which was finally updated this week is incompatible again. Since there’s no change in extensions API, it’s probably it has a wrong range of compatible versions.
You should be prompted for the update soon, or you can do it manually clicking on Check for Updates… in the Help menu.
July 15, 2009 - 8:21 pm
Mozilla has confirmed that it will release the first update for Firefox 3.5 later this week to address a critical security vulnerability disclosed a couple of days ago that could lead to malicious code execution.
The update will most likely also address a bug related to slow startups due to large Windows temporary folders being scanned for Firefox’s randomness needs. However, some testers report the fix already available in a release candidate doesn’t improve the startup time, so it seems there are other possible causes and the fix may not help all users.
July 14, 2009 - 5:19 pm
Mozilla has confirmed a critical security vulnerability disclosed yesterday by Milworm, that may lead to remote code execution.
As it is related to the new TraceMonkey JavaScript optimizer, users can mitigate it by temporarily disabling the optimizer. To do so:
- Enter about:config in the location bar to access advanced preferences.
- Look for javascript.options.jit.content and double click it to set it to false.
Mozilla reports that they are already working on a fix for the flaw and it will be released as soon as it becomes available.
- 11:07 am
For those who rely on Gears to get some features already available in Firefox 3.5 (web workers, offline applications or geolocation), or are just forced to do so by unaware web applications/services, Google has finally made it compatible with Firefox 3.5.
Available for Windows and Mac only, at this time, you can get it here.
