One day after releasing version 9 of its Firefox web browser, Mozilla on Wednesday issued Firefox 9.0.1 to address an issue with a bug fix that caused Windows, Mac and Linux users’ browsers to crash.
Mozilla remediated the problem by removing a faulty patch originally included in version 9.
“We released the fix immediately to ensure that most of our users will only see a single update directly to Firefox 9.0.1,” Johnathan Nightingale, Mozilla’s director of Firefox engineering, told SCMagazineUS.com in an email Thursday.
Mozilla released the update for all platforms, though Windows users were “mostly unaffected” by the issue, Alex Keybl, engineering project manager at Mozilla, wrote on Bugzilla Wednesday. A “small” number (in the low millions) of Windows users had already updated to Firefox 9 by Wednesday.
The browser maker released version 9 the day prior, patching six security vulnerabilities in the process. Four of the flaws fixed in version 9 were designated “critical” in severity, Mozilla’s highest threat rating reserved for bugs that could be exploited to install malware without any user interaction, according to Mozilla’s advisory. Of the remaining issues, one each was rated “high” and “moderate.”
In all, the flaws cold allow an attacker to execute arbitrary code, cause a denial-of-service condition or perform a cross-site scripting attack, according to an advisory from the US-CERT.
One of the six patches addressed 23 individual memory safety hazards in the browser engine used in Firefox.
Mozilla also on Tuesday released Firefox 3.6.25, which includes a fix for one critical vulnerability. The browser maker has warned that it will not be supporting version 3.6 with security and stability updates for much longer, though it has not offered an end-of-life date.
Version 9 did not, however, come with a long-awaited silent update mechanism, used to automatically upgrade users to the latest version of the browser. The feature is currently scheduled for release in version 12 in April 2012.