Mozilla re-patches Firefox 3.6 to fix plug-in problem

For the second time in two months a just-released update to Mozilla's Firefox browser needs a follow-up fix

For the second time in two months, Mozilla has rushed out a fix for Firefox to patch a problem with a browser update issued just days before.

Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called "a stability problem that affected some pages with embedded plug-ins."

[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter and Killer Apps blog. ]

The company had released Firefox 3.6.7 two days earlier.

Mozilla patched one critical security bug in the newest update, according to an advisory also published Friday. "In certain circumstances, properties in the plug-in instance's parameter array could be freed prematurely, leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory," the warning read.

The bug surfaced in one of the 16 patches that Mozilla applied to Firefox earlier in the week.

Details of that vulnerability, and the stability problem that Beltzner mentioned, were not available to the public as of Saturday.

Several Firefox users, however, had filed numerous reports to the browser's support forum of problems with Adobe's Flash Player plug-in after updating to Firefox 3.6.7.

"I updated Firefox from 3.6.2 to 3.6.7 and I REGRET IT!," wrote a user identified only as "Steve" in a support forum message posted Friday morning. "I can't watch YouTube. Every time the video is about to start Firefox freezes and I can't do nothing besides going into Task Manager and killing it from there. THIS SUCKS!"

Friday's patch-and-release was the second in two months for Mozilla. Just three days after updating Firefox to version 3.6.4 in late June, Mozilla delivered another update because people playing Farmville complained that their browser was shutting down the Facebook game. The company said that a new "out of process plug-ins" feature, designed to keep the browser running when a plug-in crashed, was kicking in too quickly.

The older Firefox 3.5 browser, which was upgraded to version 3.5.11 last Tuesday, is not affected by the security bug or the plug-in stability problem.

Users can update to Firefox 3.6.8 by downloading the new edition or by selecting "Check for Updates" from the Help menu in the browser.

Read more about browsers in Computerworld's Browsers Topic Center.

This story, "Mozilla re-patches Firefox 3.6 to fix plug-in problem" was originally published by Computerworld .

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies