ie8 fix
madison

Dev Connection

Ed Burnette
Home / News & Blogs / Dev Connection

Firefox 3.0.6 fixes 69 bugs, some critical

By | February 4, 2009, 7:56am PST

Summary: The latest update to Firefox pushed out to users last night via automatic update addresses 69 bugs and enhancements, according to Mozilla. Some of the changes were trivial, such as fixing the Russian translation of the Window menu (bug 467158), but 26 bugs were marked as “critical” or higher. Six potential security vulnerabilities were patched including [...]

The latest update to Firefox pushed out to users last night via automatic update addresses 69 bugs and enhancements, according to Mozilla. Some of the changes were trivial, such as fixing the Russian translation of the Window menu (bug 467158), but 26 bugs were marked as “critical” or higher.

Six potential security vulnerabilities were patched including one marked as “critical”: MFSA 2009-01, which manifested as 12 different bug reports. Security researchers Jesse Ruderman, Georgi Guninski, Martijn Wargers, and Gary Kwong were credited with identifying and reporting the problem.

Mozilla has been updating Firefox 3 approximately once a month since its release in June of last year. Here’s a list of all the updates so far:

Related articles:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Dev Connection”

Topics

Mozilla Firefox, Bug, Mozilla Corp., Web Browsers, Internet, Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Disclosure

Ed Burnette

Ed Burnette is a Manager of Mobile Development at SAS. However the postings on this site are his own and do not represent the positions, strategies, or opinions of his employer.

Biography

Ed Burnette

Ed Burnette has been hooked on computers ever since he laid eyes on a TRS-80 in the local Radio Shack. Since graduating from NC State University he has programmed everything from serial device drivers and debuggers to web servers. After a delightful break working on commercial video games, Ed reluctantly returned to business software. He currently develops enterprise software for Android phones and tablets.

In his copious spare time, Ed writes and speaks about all kinds of technology and software. His most recent books include the Eclipse IDE Pocket Guide from O'Reilly and Hello, Android: Introducing Google's Mobile Development Platform from the Pragmatic Programmers.

19
Comments
Add Your Opinion

Join the conversation!

Just In

Actually it's for FF only cause its developed by gods...nt
transposeIT 6th Feb 2009
nt
View in thread
0 Votes
+ -
So surfing with Firefox == Surfing Vulnerable?
KTLA 4th Feb 2009
Yep. You've all been surfing wide open with these issues, plus all of the vulnerabilities yet to be announced thoughout the lifetime of FF3.

Yep, SAME goes for you IE, Opera, and Safari.

Is there really a significant difference in the number of vulnerabilities in these browsers anymore? FF3 seems to have more than the rest, but it's also the newest. They all have "plenty" and no matter what speed they fix them at, they all leave the majority of the holes unpatched. (As proven by the subsequent fixes over the next months and years.)

If you want to equate "safe" with "lowest target population" and claim that Safari (for example) is the safest because no one targets it, that's fine. Just don't claim that the browser itself is any more secure than FF, Opera, etc. You just drive a car no one bothers to break into.

There. Maybe getting this in the first slot will temper the coming flame war of ignorant fanboys. (Is there any other kind of fanboy?)
0 Votes
+ -
Message has been deleted.
Gillman_Zorgam Updated - 4th Feb 2009
0 Votes
+ -
Safe because of patching
The-Bytemaster 4th Feb 2009
We say Firefox is safer, in general, because of the security bulletins. Firefox tends to patch found vulnerabilities rather quickly and make them public shortly thereafter.

All browsers have security holes, but the ones hurrying and actively trying to patch the vulnerabilities is what we want -- not hiding and sitting on vulnerabilities unpatched for years like some other vendors -- although, they are all getting better.
0 Votes
+ -
How would we know?
GuidingLight 4th Feb 2009
not hiding and sitting on vulnerabilities unpatched for years like some other vendors

How would we know that is not the case with any patch? We know a patch was released to fix an issue with Firefox, but how do we know when the vendor knew about it?

For all we know Mozilla has been sitting on this issue for years, and they just kept it a secret.
0 Votes
+ -
Sit on vulnerabilities? Only MS is able to do that.
eMJayy 5th Feb 2009
It's quite impossible for the FF team to sit on browser issues for FF3 for years - the browser's less than a year old, my friend!

Open source browsers like FF3 are constantly undergoing development - everyday. It's not like IE where the serious work stops once the first final released is pushed out to the masses.

The most important thing is that Mozilla is able to patch vulnerabilities well before anyone can find them and use them in the wild.
0 Votes
+ -
Unannounced != Unexploited/Unfound
KTLA Updated - 4th Feb 2009
Announced vulnerabilities are the least worrisome ones.

It is the unannounced vulnerabilities that are far more trouble. Quetly exploited by the worst elements, they want nothing more than for the vulnerability to never come to light. An who knows how long FF (or any other browser) knew of these issues. Certainly not you or I. (No matter what FF says publicly.) And even knowing when FF was made aware says nothing about when at least one baddie became aware.

Quickly fixing announced vulnerabilities is nice. It says almost nothing about how safe you are using a particular browser.

A browser that had very large market share and no (or very few) sucurity fixes for a year? Yeah, I'd feel pretty safe on that browser going forward because the lack of any fixes (no matter how fast) shows that the bad guys had significant trouble getting in, COMPARED TO THE COMPETITION.
0 Votes
+ -
LOL
eMJayy Updated - 5th Feb 2009
So you feel safer on a browser that, as you put it, has had very few security fixes yet has had a far lower success rate at stopping 'the bad guys' from taking over their browser this year than any of the other browsers. I was going to wish you good luck, but what you really need is good therapy.

If you operate in reality, you'd realize that ALL browsers have flaws, so if they're not finding and fixing any, they're not looking hard enough and you're really using a time-bomb.

The fact is that the flaws that are the most obvious are going to be found first. Over time, as the simplest of the flaws are eliminated, the technical knowledge required to exploit remaining flaws reduces the number of persons who can actually find and exploit the remaining vulnerabilities. That's ultimately what makes the browser safer. If kids from China and Russia can write code to break your browser's security, it's NOT secure. The last major IE exploit was designed by someone seeking gaming passwords. Security advisers were calling for users to switch just in case someone other than a GAMER decided to use the exploit for more nefarious deeds. The very fact that some gamer could come up with code to hack into IE in a year where there were so few fixes applies to IE isn't supposed to inspire confidence in IE.
0 Votes
+ -
Is This FUD?
PMC-CON 5th Feb 2009
Everyone knows that OSS software like Firefox never CAN have security holes -- the many eyes that can inspect the freely available source code ABSOLUTELY prevent it.

And the FUD that IE 8 RC1 is not subject to the click-jacking attacks (one bug covered here I think) MUST be a LIE, since everyone on ZDNet knows that IE is flawed. The fact that Chrome was patched the other day was just a cover-up ... they CAN'T beat the BEST BROWSER IN THE WORLD FIREFOX out with a patch, just Google doing EVIL.
0 Votes
+ -
RE: Firefox 3.0.6 fixes 69 bugs, some critical
Loverock Davidson 4th Feb 2009
I hope they fixed the bug that caused my firefox to crash. I'm not sure if it was adblock extension or if it was that I was using proxy settings, but something would cause it to crash. Possibly javascript?
0 Votes
+ -
PEBKAC.
itanalyst2@... 4th Feb 2009
wink.
0 Votes
+ -
Heh
KTLA 4th Feb 2009
An application crash that isn't due to a coding error, but merely a dumb user. Interesting. Anything to make sure that (insert FF/IE/Opera/Safari here) is blamed for nothing because it's so great.
0 Votes
+ -
Actually it's for FF only cause its developed by gods...nt
transposeIT 6th Feb 2009
nt
0 Votes
+ -
I'd say its an extension
Kaiwai 4th Feb 2009
9/10 I've found its the extensions at fault. As much as people like to talk
about the benefits of extensions, IMHO the risk of instability just isn't
worth it.
0 Votes
+ -
FF used to be the safe browser
honeymonster Updated - 4th Feb 2009
These days I'm not so sure. It has more vulns discovered each year than any other browser. Add to that the fact that it fails to sandbox its process, meaning that vulnerabilities have much greater chance of being turned into full-blown working exploits on FF. And now it definately has the market share to make it a worthwhile target!

On Vista, Chrome and IE7/8 both use the Vista "low integrity process" sandbox (also called "protected mode"). In addition to having fewer vulnerabilities, these two browsers make it significantly harder to exploit vulnerabilities.

I'm on Windows 7 now. Unfortunately Chrome doesn't play nice with Windows 7 x64 (crashes), so I have to use IE8. While an "ok" browser I had really taken a liking to the simplicity of Chrome.
0 Votes
+ -
FF3 not in protected mode? (Are you sure?)
KTLA 4th Feb 2009
I had thought that was one of the main reasons to upgrade to FF3. (And a REALLY good one.)

Can someone else confirm that FF3 still doesn't run protected? That would be a major slip up if true. Maybe there *IS* a significant sucurity difference between teh browsers...
0 Votes
+ -
Contributr
Doesn't look like it
Ed Burnette 4th Feb 2009
See https://bugzilla.mozilla.org/show_bug.cgi?id=266533 (updated December 2008)
and http://blogs.zdnet.com/Burnette/?p=336 (older, from July 2007)
0 Votes
+ -
You're correct
Kaiwai 4th Feb 2009
I think it is the same situation with Mac OS X and the 'sand box' feature
that was included with Mac OS X 10.5, there are also security features
with Linux and other platforms that aren't taken advantage of.

The problem with multi-platform is that it is inevitable that its going to
be designed for the lowest common denominator rather than taking
advantage of the host platforms unique features.
0 Votes
+ -
No Mozilla 64-bit Native Versions Either
PMC-CON 5th Feb 2009
So, if you want to run in a safer OS mode where the hackers have to WORK to create malware ... no luck.
0 Votes
+ -
What portion is "on" Windows only?
Joe.Smetona 5th Feb 2009
What portion is "on" Windows only?

What does FF have to try and protect?

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix