Firefox zero-day fix set up for 30 March release
Mozilla acknowledges unpatched bug
Mozilla confirmed the presence of an unpatched flaw in its browser on Thursday, with a post promising to release a fix at the end of the month.
The flaw, discovered by security researcher Evgeny Legerov and reported by The Reg last month, creates a means to inject hostile code on vulnerable systems. The vulnerability is due to be fixed in version 3.6 of Firefox on 30 March.
In the meantime, the more technically adept or security-conscious user can update to the beta version of the 3.6.2 release, which already plugs the security flaw.
In other browser security news, Google updated the Windows version of its Chrome browser on Wednesday, addressing nine vulnerabilities of varying seriousness.
Left unfixed the flaws created a possible mechanism to run spoofing attacks or bypass security restrictions, such as sandboxing. Users are advised to update to version 22.214.171.1246.
A flaw in the WebKit engine used by Chrome earned its finder, Sergey Glazunov, the first $1,337 pay-out from Google's bug bounty program.
The release also adds features and fixes stability bugs as explained in an advisory here. Google's update comes just days before the much-watched pwn2own hacking contest at the CanSecWest security conference. ®
Once Firefox's Bloat Set In
You had to realize this is where it would end. I think 1.5 was the last version that didn't include a "gotcha" with its release. Every major upgrade since then has involved giving up one feature in exchange for another.
Symptoms of a software project with Microsoft Envy:
- Every version was released with obvious lies like "5 times faster than the previous version".
- The bloat just wouldn't stop.
- More effort was spent on eye candy (aka skins) than fixing long standing bugs. Form obviously took precedence over function.
Some examples? The switch from plain text to db config files made administration a nightmare. No, I don't want to hear that there is a utility to address that because by the time it came out for version N it was already nearly obsolete by the release of version N+1 with which it was guaranteed to be incompatible, both in implementation and probably a whole new paradigm.
The TV remote control style forward/back button introduced with 3.0 gives you less usable forward and back entries in the history than previous versions. But I guess it looks cool so its better? I liked having the ability to skip more pages at a time.
Firefox still has years old print bugs that will never be fixed.
Every bug I've ever posted or followed on Bugzilla has remained unfixed, passed from maintainer to maintainer until it was finally closed due to being "obsolete." A bug I reported back in MOZILLA 1.7 (Yes, Mozilla, BEFORE Firefox) still exists but has been closed repeatedly in Bugzilla.
Every security rewrite broke all your extensions yet Firefox became increasingly dependent on extensions to replace core functionality they were abandoning. Right now I haven't gone to 3.6 because all the utilities to get cookies out as text are incompatible.
Maybe they can redefine the project and get back to the basics but I doubt it, I think chrome has stolen the lightweight, functional, utilitarian crown from them.
I have been growing increasingly displeased with Firefox from the security and performance standpoint for a while now (why does any web browser need 250mb of ram?).
So the reasons I switched originally were:
- Slightly better rendering on sites that don't cross browser well, as of IE8 not a problem as long as sites have updated their code recently.
- Faster JS engine, no longer an issue. I haven't come across a site in a couple of years that I could notice a problem with
- More stable then IE, getting 1 or 2 crashes a day now on "release" versions so clearly a load of crap these days
- More secure then IE, load of crap these days
- Availability of ABP & NoScript, working on my own version for IE
Basically there is no reason to use FireFox anymore. Bye Bye FF, may you rest in peace when your memory requirements swell to the several gigabytes you clearly want.
I too would downvote this post
if I took it seriously.