After some delay, Mozilla has finally released the bits for Firefox 3.6.4. Users can download the new code with the Check for Updates feature or by downloading it from here.
According to the release notes the main change in 3.6.4 is a stability enhancement which keeps the browser up and running when a major plugin crashes. Other stability and security enhancements are also noted.
This page in the Mozilla wiki describes this new plugin protection as 'Crash Protection.' Mozilla estimates that '...as many as one in three browser crashes are currently caused by problems with various third-party plugins.' Crash protection runs plugins out of the Firefox process, making it easier to close the tab on which the plugin is running. When it crashes, the plugin goes away and content controlled by it is disabled. Reloading the page reloads the plugin.
Crash protection initially is available only for the Windows and Linux versions of Firefox. Implementing it on the Mac is a tougher task, and Mozilla is promising it for version 4 of Firefox. The beta of Firefox 4 is due any day now, but the release code isn't due till the Fall.
It also appears that the initial Crash Protection only works with a few specific plugins: Adobe Flash, Apple Quicktime and Microsoft Silverlight. There's no specific schedule for other plugins to be added.
Version 3.6.4 also fixes 10 vulnerabilities in 7 updates, 4 of them critical. MFSA 2010-26 addresses 4 vulnerabilities, all crashes with evidence of memory corruption, Mozilla's policy is to treat these as exploitable code execution bugs without definitively proving it. The other critical fixes address freed object reuse across plugin instances, a heap buffer overflow and an integer overflow. Two moderate and one low-severity bug are also fixed.
At the same time Mozilla released Firefox 3.5.10 for those who won't upgrade to the 3.6 branch, although Mozilla strongly advises users to do so. There is not, for example, nor will there be, crash protection for the 3.5 versions.
No comments:
Post a Comment