Mozilla re-patches Firefox after regression bug pops up
Mozilla Corp. Monday rushed out a new version of Firefox to fix a flaw it introduced with the 12-patch security update it shipped less than a week ago.
Firefox 3.0.10, which the open-source browser maker called a "security and stability" release, follows Firefox 3.0.9 by just six days, and was necessary because of a new bug that slipped into last week's update.
Mozilla labeled the new bug a critical security vulnerability. "One of the security fixes in Firefox 3.0.9 introduced a regression that caused some users to experience frequent crashes," the accompanying advisory said. "In analyzing this crash, we discovered that it was due to memory corruption similar to cases that have been identified as security vulnerabilities in the past."
The flaw, which cropped up only in the Windows version of Firefox, was detected by Mozilla's crash reporting system, and by last Wednesday, developers were discussing how to deal with the problem on Bugzilla, the company's bug tracking system.
"So we fixed [bug] 431260, which wasn't really a security problem, and we introduced this bug, which probably is," said Robert O'Callahan, a Mozilla developer who works on Firefox's rendering engine. "Perhaps we need to be more picky about what we land on branch."
By Thursday, a patch had been created and the new build had been passed on to testing.
This isn't the first time that Mozilla has had to deal with a regression bug, one that its own developers introduced while making other fixes. Two different times in late 2007, Mozilla released emergency updates to patch such bugs.
Firefox 3.0.10 can be downloaded for Windows, Mac OS X and Linux from the Mozilla site. Current users can also call up their browser's built-in updater or wait for the automatic update notification, which should pop up in the next 48 hours.
According to Mike Beltzner, director of Firefox, Mozilla also plans to post the delayed Firefox 3.5 Beta 4 later night.
Computerworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
firefox
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
