Firefox update takes down three critical flaws
Hotchpotch patch pitch
Mozilla pushed out a new version of Firefox on Wednesday that fixes five browser bugs, three of which present a critical risk of hacker attack.
Firefox 3.5.8 tackles a memory corruption flaw, a heap corruption vulnerability and a flaw in the open-source browser's HTML parser technology. All three of these security bugs create a possible mechanism for hackers to inject hostile code onto vulnerable systems.
The cross-platform update includes stability and performance tweaks, as explained in Mozilla's release notes here.
Mozilla's SeaMonkey web application suite comes bundled with Firefox and therefore also needs updating, to version 2.0.3, to protect against the same flaws as explained here.
Users lagging behind with their open source browser software and still using 3.0.x releases are not spared patching detail and also need to upgrade, to Firefox version 3.0.18. Mozilla doesn't provide a handy list for the security fixes in Firefox 3.0.18 apart from saying the release deals with "several", possibly different, security bugs. ®
If even *you* could work out that 3.5.8 is not an upgrade from 3.6, why did you install it?
Disnae work like that. 3.5.8 is the latest release in the 3.5 series, which is and still will be maintained for a period of time for those unready or unwilling to upgrade to the 3.6 series. The numbers are not decimal despite the points, so you may yet see a version 3.5.10 and beyond. In earlier times, for example, there was a version 126.96.36.199 (they later decided three points was a bit excessive and dropped one for the 3.0 series).
Think of it like Windows XP Service Pack 3 (or maybe better just any old XP security patch, since that's all this is), which came out after Windows Vista had been released.
Getting out of hand
Between Microsoft, Mozilla, and Adobe, my main computer spends a significant part of its time updating (and prompting me to reboot or restart the application). I can just about stay on top of it for the computer I use everyday, but when I run the one upstairs (that sometimes lies idle for a month or so) it takes the best part of the day to get through several update cycles. The MS ones running in the background are slow to arrive, then interrupt you, then when you think they are through, a new batch starts. I have taken to running my spare boxes every so often JUST to update them, so I have some hope of using them for something else when they are actually needed.
This trend is getting worse. How long before the updates take over completely and we can't get anything else done, at least in the morning? Unattended update sessions running through the night? That sounds like an exploit playground.