Firefox 3.6.2 released, plugs critical security hole

[Matthew DeCarlo]

Mozilla released a patch last night plugging a critical hole in Firefox that could let an attacker crash a person's browser, and even run arbitrary code on their system. The organization recommends that all Firefox users update to the latest release, version 3.6.2. Users of Firefox 3.6 should receive an update notification within 24 to 48 hours, but the patch can be applied manually via "Check for Updates" under the Help menu.

It's worth noting that the specific vulnerability mentioned above (552216) involves a technology called Web Open Font Format (WOFF) introduced in Firefox 3.6, so previous builds should be safe. Regardless, Mozilla suggests that users of Firefox 3 and 3.5 download the latest version. Version 3.6.2 also addresses over 100 other bugs, which you can read in full detail here.

Permalink to story.

https://www.techspot.com/news/38333-firefox-362-released-plugs-critical-security-hole.html

 

[elroacho72]

Wow over a hundred bugs... does that seem like alot?

 

[Guest]

Not if you live in Florida.

 

[GACrabill]

Not to start a flame war .... but Internet Explorer probably hasn't had over 100 fixes in the last 3 years.

Where are all the IE bashers?

 

[Matthew DeCarlo]

Just to clarify, are you suggesting that IE is superior to Firefox for requiring less bug fixes, or that Mozilla's patches are more thorough than Microsoft's?

 

[Puiu]

I'm still waiting for hardware acceleration and separate processes for plugins. I was wondering when a new update for FF will appear. It's been quite a while since 3.6 came out and i though they where working too much on 3.7 or 4.0 to have time for 3.6 fixes. Glad i was wrong.

 

[Vrmithrax]

IE has had a massive multitude of bugs, but most people outside the Microsoft fold don't know about the majority of them. Mozilla has a very open and transparent development and bug fix process in place, so every little flaw is right out there for all to see. They also are in a perpetual virtual beta cycle with FireFox, relying on the community for feedback and bug catching. Whereas Microsoft does all of their coding and fixing internally, behind closed doors, and we generally only hear about the big bad security issue bugs, not the little tweaks and quirks that also get patched with the big issues. It's all about perception and the information process.

As for this big patch for FF, I'll be switching to the 3.6 platform when more of the extensions get updated to actually run on it. I did the pre-update check, and half of the ones I use don't yet work in 3.6, so I'll just wait patiently

 

[Vrmithrax]

Haha, joke's on me... They switched from 3.6 being an optional upgrade to automatic with this patch, so now I'm on 3.6.2 whether I like it or not... Don't you just love it when they do that?!?!

 

[9Nails]

I have to hand it to Firefox... Of all the update processes out there, Firefox's process is the least annoying. So they fixed some bugs, that's alright. But they patched them without annoying me, and that's great.

 

[Thompson]

I ncapable
of
E verything

But seriously, over 100 bug fixes, that's.... a LOT, that's a good sign and a bad sign.