Firefox 3.6.2 released, plugs critical security hole

By on March 23, 2010, 4:00 PM
Mozilla released a patch last night plugging a critical hole in Firefox that could let an attacker crash a person's browser, and even run arbitrary code on their system. The organization recommends that all Firefox users update to the latest release, version 3.6.2. Users of Firefox 3.6 should receive an update notification within 24 to 48 hours, but the patch can be applied manually via "Check for Updates" under the Help menu.

It's worth noting that the specific vulnerability mentioned above (552216) involves a technology called Web Open Font Format (WOFF) introduced in Firefox 3.6, so previous builds should be safe. Regardless, Mozilla suggests that users of Firefox 3 and 3.5 download the latest version. Version 3.6.2 also addresses over 100 other bugs, which you can read in full detail here.

User Comments: 9

Got something to say? Post a comment
elroacho72 said:

Wow over a hundred bugs... does that seem like alot?

Guest said:

Not if you live in Florida.

GACrabill said:

Not to start a flame war .... but Internet Explorer probably hasn't had over 100 fixes in the last 3 years.

Where are all the IE bashers?

Matthew Matthew, TechSpot Staff, said:

Just to clarify, are you suggesting that IE is superior to Firefox for requiring less bug fixes, or that Mozilla's patches are more thorough than Microsoft's?

Puiu Puiu said:

I'm still waiting for hardware acceleration and separate processes for plugins. I was wondering when a new update for FF will appear. It's been quite a while since 3.6 came out and i though they where working too much on 3.7 or 4.0 to have time for 3.6 fixes. Glad i was wrong.

Vrmithrax Vrmithrax, TechSpot Paladin, said:

IE has had a massive multitude of bugs, but most people outside the Microsoft fold don't know about the majority of them. Mozilla has a very open and transparent development and bug fix process in place, so every little flaw is right out there for all to see. They also are in a perpetual virtual beta cycle with FireFox, relying on the community for feedback and bug catching. Whereas Microsoft does all of their coding and fixing internally, behind closed doors, and we generally only hear about the big bad security issue bugs, not the little tweaks and quirks that also get patched with the big issues. It's all about perception and the information process.

As for this big patch for FF, I'll be switching to the 3.6 platform when more of the extensions get updated to actually run on it. I did the pre-update check, and half of the ones I use don't yet work in 3.6, so I'll just wait patiently

Vrmithrax Vrmithrax, TechSpot Paladin, said:

Haha, joke's on me... They switched from 3.6 being an optional upgrade to automatic with this patch, so now I'm on 3.6.2 whether I like it or not... Don't you just love it when they do that?!?!

9Nails, TechSpot Paladin, said:

I have to hand it to Firefox... Of all the update processes out there, Firefox's process is the least annoying. So they fixed some bugs, that's alright. But they patched them without annoying me, and that's great.

Thompson said:

I ncapable


E verything

But seriously, over 100 bug fixes, that's.... a LOT, that's a good sign and a bad sign.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.