Firefox 3.0.11 fixes 67 bugs including bookmark corruption

Firefox 3.0.11 fixes 67 bugs including bookmark corruption

Summary: The latest update to Firefox addresses 67 bugs and enhancements, according to Mozilla. 23 bugs were marked as "critical" or higher.


The latest update to Firefox addresses 67 bugs and enhancements, according to Mozilla. 23 bugs were marked as "critical" or higher. (Coincidentally this was the same number addressed by the 3.0.9 update in April.)

Nine potential security vulnerabilities were patched including 1 marked as "high" and 4 "critical":

  • MFSA 2009-32 JavaScript chrome privilege escalation (critical)
  • MFSA 2009-31 XUL scripts bypass content-policy checks
  • MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar
  • MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null (critical)
  • MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object (critical)
  • MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests (high)
  • MFSA 2009-26 Arbitrary domain cookie access by local file: resources
  • MFSA 2009-25 URL spoofing with invalid unicode characters
  • MFSA 2009-24 Crashes with evidence of memory corruption (rv: (critical)

The new release addresses a problem that apparently affected a lot of people (bug 464486). If Firefox crashed or your machine died at just the right time, your bookmarks and history database could have been lost or corrupted. The earliest report I could find of the problem was on September 7th, 2008.

In the end, a 2 line fix to turn on full synchronous operation of the SQLite database used to store bookmarks was all that was needed. Although the fix was known in January, it wasn't backported to Firefox 3.0 until recently because of concerns about how it might affect performance, especially on Linux. Further study showed, however, that performance was only slightly degraded on newer versions of Linux, and data integrity was deemed to be more important.

Mozilla has been updating Firefox 3 approximately once a month since its release in June of last year. Here's a list of all the updates so far:

Topics: Operating Systems, Browser, Linux, Open Source, Software

Ed Burnette

About Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Firefox 3.0.11 fixes 67 bugs including bookmark corruption

    That's a lot of bugs. Now if they can just get 3.5 out the door.
    Loverock Davidson
    • Just like Longhorn

      And wow wasn't it worth the wait - not
      Alan Smithie
  • Hats off to the Mozilla FF Development Team!

    Go Open Source! ;)
    Dietrich T. Schmitz
    • That's funny ...

      ... I am sure you are one of the ABM'ers who gloats every Patch Tuesday about how poor Microsoft's code must be that there are "so many" bug fixes, despite the fact that Patch Tuesday incorporates fixes from across the entire Windows OS and other products including Office.

      One might argue that Mozilla should be testing their code more thorougly in order to elminate, for example, URL spoofing errors.

      Personally, I commend any company that regularly ships well tested fixes for reported issues, including Microsoft, Mozilla, etc. I just wish other companies were as actively comitted to their customers. Are you listening Adobe?
      • I use Windows OS and Firefox

        I love the fact that both are set for Automatic
        Updates and it's always been without issue to my
        box. I feel better (even if I'm somewhat ask
        risk for a small period of time) that these two
        companies really take this approach to keep our
        software current. This is one reason we at home
        and in the office can run XP on hardware that
        are 6 - 9 years old.

        I know Adobe has an update check, too, but I
        don't seem to like it as much. Maybe it's just
        because Acrobat is such a hog, and it updates
        in-your-face, rather than in the background.
      • I'm all in favor of lots of bug fixes...

        But there's a significant difference between
        (1) pro-actively and assiduously searching out potential avenues of exploitation, and plugging them as fast as they're found, before anybody can use them, and
        (2) lackadaisically fixing publicized flaws weeks or months after they're found, after dismissing them as theoretically viable, but not, as far as anybody knows, exploited on a major scale yet.

        Of course, perfect, flawless, error-free code would be even better... but that's not going to happen any time soon.
  • RE: Firefox 3.0.11 fixes 67 bugs including bookmark corruption

    Personally one of the reasons I use FireFox is it's book mark and navigation book mark system. This allows me to have a myriad of different browser configs that I use constantly on several computers. I also personally have not had any issues with corruption in the 3.0 releases, but I diligently create daily/weekly backups just in case...
    • Wither Google sync

      That reminds me - whatever happened to the Google sync plug-in that was supposed to keep all your bookmarks and passwords in sync across all your browsers and computers?
      Ed Burnette
  • Hopefully now the updater works better..

    in 64bit Windows. I never could get FF to download the updates; it would just sit there and make swirlies in the header and never connect.

    I've always had to download the entire browser(seperately), and uninstall the old one. Maybe that is normal?
  • RE: Firefox 3.0.11 fixes 67 bugs including bookmark corruption

    I use and love Firefox. Suggestion regarding updates: update(partially?)as soon as the fix for a single bug is available.
  • Bugs

    I'm sorry but this is starting to sound like curing pimples
    on a teenager. Some software is "clean" and some have
    terminal acne and will require intensive care. In the
    meantime, we are expected to use these offerings with
    "confidence" that "Everything is computerized and nothing
    will go wrong,,,,,,ahgfch, go wrong, rtgyuu, go wrong."
    The real sad part of all this is the battle scared followers of
    any particular flag who claim that they are winning and all
    others are losing because their total lack of intelligence
    had them make the wrong choices.
  • Move on to Chrome

    I like FireFox over IE. But I use Chrome and I love it.