Mozilla drops Firefox 3.6 with security goodies
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
The update, which is being shipped via the browser's automatic update mechanism, includes new features to patch third-party Firefox plug-ins and lock out rogue add-ons.
There are no security vulnerabilities being fixed with this Firefox 3.6 update.
Building on the browser's ability to check for updates to Adobe Flash Player, Mozilla has now fitted a plug-in checker that scans the machine for insecure plug-ins that are installed. If an outdated plug-in is found, the browser will now prompt the user to apply the patch via a one-click interface.
[ SEE: Microsoft exposes Firefox users to drive-by malware downloads ]
Firefox users should keep in mind that plug-ins are different from add-ons or extensions. Many software products add plug-ins to Firefox without the user's knowledge or consent and these are rarely patched by the end-user.
Here is a link to the Firefox Plug-in Checker.
The second major security improvement in Firefox 3.6 is a behind-the-scenes tweak to lock out rogue Firefox add-ons. The feature is called Component Directory Lockdown, blocks browser add-ons from loading in the browser’s application components directory, a move that effectivly stops developers and software vendors from silently installing Firefox add-ons without explicit user permission.
It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said.
ALSO READ: