Critical update for Firefox released

Author: Gareth Halfacree
Published: 19th December 2008
Comments (13) Stumble
Critical update for Firefox released

The latest update to Firefox - as well as Seamonkey and Thunderbird - fixes a raft of 'critical' security vulnerabilities.

Internet Explorer isn't the only browser to have been getting bolstered against malicious attacks this week – Firefox has been updated to version 3.0.5.

According to CNet the new version, trickled out to users via the in-built automatic update functionality of the browser earlier this week, has been released to fix a series of security flaws described as 'highly critical' that exist in the 3.0.x series of Mozilla's Firefox, as well as the 1.1.x versions of SeaMonkey and the 2.0.0.x series of e-mail client Thunderbird, which shares HTML and JavaScript engines with its browser relatives.

The updates – which move the software on to versions 3.0.5, 1.1.14, and 2.0.0.19 respectively – fix three main security flaws: errors in the layout and JavaScript engine that can be used to corrupt memory and possibly execute a malicious payload; a problem with the processing of the 'persist' XUL attribute which can allow user identification across browser sessions regardless of the cookie preferences the user has set; and an exploitable condition which allows third-party sites to possibly access sensitive information and execute arbitrary JavaScript code under the privileges of the browser.

As usual, the security problems within the browser stem from the use of JavaScript. If a user enables an add-on such as NoScript – which selectively disables JavaScript on untrusted sites and introduces novel protections against cross-site scripting and clickjacking attacks – then the attacks are ineffectual unless being run from a previously trusted site.

While the recently exposed security hole in Internet Explorer has been getting a lot of attention, this latest patch to the popular open-source browser shows that it's difficult to provide a balance of flexibility and security in an application as powerful as a web browser.

Has anyone fallen victim to an attack from a site via the recent Internet Explorer or Firefox vulnerabilities, or is it just a case of the developers keeping things as tightly secured as possible despite a lack of real-world exploitation? Share your thoughts over in the forums.
Quote Zurechial 19th December 2008, 14:00
I'm more concerned with the poor stability and performance of Firefox 3, myself.. I've found it to be slower, more cumbersome and more likely to crash than previous iterations on every system I've installed it or used it, even without addons.

Even the computers in uni which all use Firefox are afflicted by the same slowness and likelihood of crashing out, now that they use Firefox 3, while it wasn't so back when they used Firefox 2..

Has anyone else experienced or noticed this?
Quote Goty 19th December 2008, 14:10
FF3 is probably one of the most stable programs on my PC, let alone web browser. I've found specific instances where it will crash, but it rarely does so randomly.
Quote bowman 19th December 2008, 14:20
Quote:
Originally Posted by Zurechial
I'm more concerned with the poor stability and performance of Firefox 3, myself.. I've found it to be slower, more cumbersome and more likely to crash than previous iterations on every system I've installed it or used it, even without addons.

Even the computers in uni which all use Firefox are afflicted by the same slowness and likelihood of crashing out, now that they use Firefox 3, while it wasn't so back when they used Firefox 2..

Has anyone else experienced or noticed this?

Nope, not at all. I'd get a few crashes with FF2, and some cases of slowdowns which I guess was down to memory leak, but none of that with the release of FF3.
Quote LeMaltor 19th December 2008, 14:23
I've got 4 instances of FF3 open, with 55 tabs open between all of them. I've not found it to be crashy at all :D
Quote Redbeaver 19th December 2008, 15:04
slow.... thats all im gonna say.

im happy with Chrome actually..................... :p
Quote Floyd 19th December 2008, 15:57
Quote:
Originally Posted by LeMaltor
I've got 4 instances of FF3 open, with 55 tabs open between all of them. I've not found it to be crashy at all :D

Good night thats some serious browsing. I think the most tabs ive had open was 5 lol
Quote Demon Cleaner 19th December 2008, 17:36
Yeah I'm definitely a "serious browsing" type of guy. Currently trying to close some of the 186 I've got open to tidy it up a bit. I find that it crashes once a week or so for me. But then again that's one week of it constantly open (dont turn my pc off). It usually happens on a page full of flash, or when trying to stream a p2p flash video.

Much better than IE, which crashes all the time. If I try to open a new tab after I've got 25 or so already, it will just not open. I have to close some to open another.
Quote kingred 19th December 2008, 18:03
good thing i am sticking with shiretoko. thats so bleeding edge its infront of the blood.
Quote jweller 19th December 2008, 20:00
When I upgraded to 3.03 it crashed constantly. The interim update reduced the crashes. 3.05 is working ok, so far, however it is indeed slower than before.

I'm discovering that FF really is no better than IE both in stability, performance and security. I do like some of FF's features better. The find feature is really wonderful.

But I in small part I use FF just to stick it to Microsoft.

For security reasons I now use both IE and FF. When critical unpatched vulnerabilities are discovered in FF I switch back to IE temporarily until FF is patches, then back to FF I go.
Quote UncertainGod 19th December 2008, 20:06
Since I have updated to 3.0.5 today I have had the browser crash out 5 times when loading a site from my bookmarks, not a happy chappy at the minute. :(
Quote The_Beast 20th December 2008, 05:43
I liked FF2 better but FF3 is still my favorite web browser


I'm downloading 3.0.5 right now
Quote g-freak 20th December 2008, 06:12
Wasn't 3.0.5 released three or four days ago?
Quote Xir 22nd December 2008, 10:25
Hmmm, my Firefox doesn't find any updates for itself, but is not on the latest version for it's built...
Strange...will have to update manually.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.







Mobile Phones

LG Arena ReviewHTC Magic Review

Compare over 250 mobile phones &
52,000 deals!



Broadband

Mobile Broadband

Compare over 100 broadband & mobile broadband deals online!