Firefox 3.5.1 fixes critical security problem

Yea, good thing too. Just updated my dad's laptop with it, and it's good that Mozilla keeps on top of this for us.

Didn't know there was a problem. Fired up the PC this afternoon and Firefox automatically updated to 3.5.1. Thought it was a bit odd to see an update as had only updated to 3.5 a little while ago.

It's great to see Mozilla staying on top of things, as well as all those that play with it's source code to find, report and fix such flaws. :)

I don't think that they are finished yet. The "flash got" download manager plugin drove my Avast anti-virus program crazy. I had to uninstall the damned thing...

wouldnt that be third party?

my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?

Originally posted by sandeep14:

---

my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?

---

just checked both my laptop and pc and both have forgotten to find the update. maybe i'll wait another week and if it doesnt automatically find the update i'll do it manually.

actually, just downlaoded it now.

Here's a short bit from Winsecrets, adding this to enlighten everyone.
Unpatched hole in Firefox 3.5.1 browser

Normally, whenever you hear "unpatched" and "browser exploit" in the same sentence, you think of Internet Explorer. But right after Mozilla released Firefox 3.5.1 to fix holes in version 3.5 — as described by the Mozilla Security Center — news arrived from the SANS Internet Storm Center that a new, unpatched vulnerability in Firefox 3.5.1 could result in a denial-of-service attack.

The good news is that this exploit can't take control of your system. The bad news is that the latest version of Firefox isn't as bulletproof at it should be.

After reading that Winsecrets article, it seemed prudent to hold off on the update.

Me again- adding this after reading the July 16 Winsecrets edition. Article by Susan Bradley.

Firefox 3.5 zero-day flaw doesn't affect Win7

Normally, whenever you're unable to patch Internet Explorer, I just tell you to use Firefox. However, there's currently a zero-day vulnerability being exploited in Firefox 3.5. Several security firms were able to reproduce the problem in Vista but not in the Windows 7 release candidate.

The Mozilla Foundation's Security Blog recommends that you temporarily disable the javascript.options.jit.content setting in about.config; or, you can install and use the donationware NoScript add-on to disable JavaScript on a per-site basis. NoScript is available on the InformAction site.

If you're still running Firefox 3.0.1x, your system isn't vulnerable to this flaw. The 3.5 version has been buggy, and several sources — including Andrew R. Hickey on Channel Web's The Channel Wire — have even questioned whether version 3.5 was rushed out. It may be wise to wait before upgrading Firefox until the developers work out the kinks in 3.5.

keep us updated.

p.s. ive always been using NoScript.

Just received notice Firefox 3.52 has been released. Is it safe to jump in?

Originally posted by wazzat:

---

Just received notice Firefox 3.52 has been released. Is it safe to jump in?

---

Thanks creaky I'll try it. :)

oops i forgot to update this. because i noticed i too had v3.5.2 which i was pleased to see be released and auto-update so quickly.