Firefox update quells quartet of security vulns
Alka-seltzer patches also soothe stability wobbles
Mozilla pushed out a new version of Firefox on Wednesday fixing four security bugs and a number of stability issues.
Firefox 3.5.3, available in Mac, Windows and Linux flavours, resolves three critical flaws and one less severe bug.
The critical vulnerabilities involve a memory corruption flaw, a Chrome privilege escalation bug involving the "BrowserFeedWriter" and a TreeColumns dangling pointer vulnerability, as explained here.
The release also tackles multiple stability (browser crashing and the like) bugs including an occasional tendency for Mac-based Firefox installations to crash when opening the bookmarks menu.
Firefox's automated update mechanism means installations of the browser should be updated automatically, alternatively users can manually update the software.
First, albeit unscientific, impressions, are that the latest version (3.5.3) of the open source browser loads more quickly and is generally snappier than recent versions. Firefox's memory hogging behaviour of late has become one of the main reasons those adverse to IE have begun to use Google Chrome as an alternative browser of choice. ®
Firefox memory usage myth
Chrome's memory usage is way higher than Firefox 3.5's. Anyone switching because of that should be switching back in a hurry!
(unless you're using Firebug in Firefox, that does eat the RAM, but then you don't get Firefbug in Chrome at all)
I don't like the idea of being vulnerable to a tree column dangling pointer. Is it a potential risk just walking near trees?
Anyway... I'll do the upgrade
another Adobe deceptive install
Using the same peak RAM here (150mb for the same 9 tabs), actual use down about 40mb right now. Does feel like its loading fast but I doubt it ever got flushed out of RAM so I don't trust that impression right now.
Meanwhile, Adobe seem determined to install their download manager, whether I need it or not. Since the flash update installs without it (thanks for giving no hints Adobe) and the bloatware bit can be cancelled in the standalone installer installing the bloatware can be given the heave-ho. Wasn't obvious the recommended 'allow Adobe.com to rape your machine' settings change could complete without allowing this crapware. Just another reason to hate Flash.