Mozilla Releases Firefox Browser 3.01 Security Update
On July 16, 2008, Mozilla released Firefox 3.01, patching three critical vulnerabilities, and 2.0.0.16, patching two critical security vulnerabilities, as reported by Secunia and other locations. Here is an outline of what has been patched in FF 3.01:
- Fixed these security issues:
- MFSA 2008-36 Crash with malformed GIF file on Mac OS X
- MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
- MFSA 2008-34 Remote code execution by overflowing CSS reference counter
- Fixed several stability issues.
- Fixed an issue where the phishing and malware database did not update on first launch.
- Under certain circumstances, Firefox 3.0 did not properly save the SSL certificate exceptions list.
- Updated the internal Public Suffix list (List of known domain suffixes).
- In certain cases, installing Firefox 2 in the same directory in which Firefox 3 has been installed resulted in Firefox 2 being unstable. This issue was fixed as part of Firefox 2.0.0.16.
- Fixed an issue where, when printing a selected region of content from the middle of a page, some of the output was missing (bug 433373).
- Fixed a Linux issues where, for users on a PPP connection (dialup or DSL) Firefox always started in "Offline" mode (bug 424626).
If you haven't already received your notice to upgrade, from the browser itself, go to the Firefox download page and get it manually. Just install over your previous installation, overwriting your existing installation of Firefox. You won’t lose any of your bookmarks or browsing history, but some of your extensions and other add-ons might not work until updates for them are made available (or you learn how to hack the install.rdf files like I do).
As always, after you update your browser you may have to allow it to connect to the Internet, if you have ZoneAlarm FIrewall, or a similar firewall that monitors for program md5 signature changes.
Firefox can be installed onto any of these operating systems:
Windows Operating Systems
* Windows 2000
* Windows XP
* Windows Server 2003
* Windows Vista
Mac
Mac OS X 10.4 and later
Linux
Firefox will not run at all without the following Linux libraries or packages:
* GTK+ 2.10 or higher
* GLib 2.12 or higher
* Pango 1.14 or higher
* X.Org 1.0 or higher
If you are still using Firefox version 2.x I recommend that you upgrade to 3.x as soon as possible. Although Firefox 2 has been patched regularly and is now up to version 2.0.0.16 (as of July 15, 2008), that is set to come to an end sometime in December, 2008. After that time there will be no more security or stability updates for that series.
A lot of people are probably holding out because their beloved extensions or add-ons haven't been updated to be compatible with the series 3 Firefox browsers. Did you guys and gals know that in many cases you can hack the install files, or sometimes just from a downloaded extension onto an open Firefox browser window and it will begin the installation routine?
Hacking the installation files requires an unzipping program like Winzip, WinRar, 7zip, Unzip, etc. A downloaded add-on always has the file extension .xpi which is a compressed archive that can be opened in any of the above mentioned unzipping programs. I use Winzip to do this. Here is my routine.
- Right-click on the desired add-on or extension and select Save As.
- Download the file to my downloads folder for Firefox stuff.
- When the extensions are all downloaded I open them, one at a time, by right-clicking and selecting "Open With:" > "Winzip."
- Winzip opens with a list of files and folder locations, of the archive.
- Find the file named "install.rdf" and right-click on it and select "View with Notepad." If that option isn't listed yet, use the right-click option "View with internal viewer" and place a dot in "Viewer," making sure that "Notepad" is showing in the input field, then click VIEW.
- Search the text in the rdf file until you find a section labeled "
- Look at the numbers right after that tag and make sure they say, or change them to say:
- Click File > Save then close Notepad. Winzip popos up a box asking if you want to "update the archive with this file?" ... answer "Yes."
As long as the add-on or extension doesn't use a procedure or call accessory files that are forbidden in the newer versions of Firefox - it should install and work just like it did in the 2.x series browsers. Just be prepared for the occasional rejection of totally incompatible extensions.
Ok, class is out. Time for recess! Wiz Out!
Get Norton 360 Version 4.0 - All-In-One Security.
If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.
Wiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. 