Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firefox Upgrade Available - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox Upgrade Available

Firefox released 3.6 today with a few notable improvements.

  • Changes were made that prevent other programs from adding their own toolbar to Firefox without your permission.
  • Firefox 3.6 will alert you about out of date and insecure plugins.
  • Private browsing also removes TEMP files

The full details can be found at http://support.mozilla.com/en-US/kb/Upgrading+to+Firefox+3.6 and the upgrade can be downloaded from http://www.mozilla.com/en-US/firefox/upgrade.html

Thanks to Jason and Gilbert for letting us know.

Christopher Carboni - Handler On Duty

Chris

140 Posts
I didn't know the TEMP files were not removed in private browsing mode. Seems to me like a huge bug, I can't believe it made it through QA !
Patk7

9 Posts
Firefox 3.6 has the new feature to detect out of date plugins. Both the released version and their secure page at https://www.mozilla.com/plugincheck/ do not report the penultimate version of the Shockwave player as being out of date. It reports the major and minor version, 11.5 but the last three Adobe updates increments are even finer i.e. 11.5.2.602 was the previous version that should now be replaced.

Similarly, the plugin window knows the exact version of Adobe Reader that is installed, but the website does not detect the version at all (but does point out that Adobe recommends their current version, 9.3).

As with Adobe Shockwave, testing a website and loading a PDF in Firefox 3.6 also does not currently trigger the yellow bar to advise that the installed plugin is out of date.
Andrew

41 Posts

Sign Up for Free or Log In to start participating in the conversation!