Patch/Configuration Management, Vulnerability Management

Mozilla fixes crash issue after new Firefox version issued

One day after releasing version 9 of its Firefox web browser, Mozilla on Wednesday issued Firefox 9.0.1 to address an issue with a bug fix that caused Windows, Mac and Linux users' browsers to crash.

Mozilla remediated the problem by removing a faulty patch originally included in version 9.

“We released the fix immediately to ensure that most of our users will only see a single update directly to Firefox 9.0.1,” Johnathan Nightingale, Mozilla's director of Firefox engineering, told in an email Thursday.

Mozilla released the update for all platforms, though Windows users were “mostly unaffected” by the issue, Alex Keybl, engineering project manager at Mozilla, wrote on Bugzilla Wednesday. A "small" number (in the low millions) of Windows users had already updated to Firefox 9 by Wednesday.

The browser maker released version 9 the day prior, patching six security vulnerabilities in the process. Four of the flaws fixed in version 9 were designated “critical” in severity, Mozilla's highest threat rating reserved for bugs that could be exploited to install malware without any user interaction, according to Mozilla's advisory. Of the remaining issues, one each was rated “high” and “moderate.”

In all, the flaws cold allow an attacker to execute arbitrary code, cause a denial-of-service condition or perform a cross-site scripting attack, according to an advisory from the US-CERT.

One of the six patches addressed 23 individual memory safety hazards in the browser engine used in Firefox.

Mozilla also on Tuesday released Firefox 3.6.25, which includes a fix for one critical vulnerability. The browser maker has warned that it will not be supporting version 3.6 with security and stability updates for much longer, though it has not offered an end-of-life date.

Firefox 9, meanwhile, also came with several other changes, including “significant” improvements to JavaScript performance thanks to the addition of Type Interface, a feature in development for more than a year which boosts the speed of JavaScript-heavy websites. The update also includes enhancements for Mac OS X Lion, including two-finger swipe navigation.

Version 9 did not, however, come with a long-awaited silent update mechanism, used to automatically upgrade users to the latest version of the browser. The feature is currently scheduled for release in version 12 in April 2012.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.