Mozilla Squashes a Dozen New Bugs
It's been six months since Mozilla's Firefox 3 leapt onto the scene. In that time, the browser required a tuneup only three times — until Wednesday, when patches for a swath of vulnerabilities upped the count to four.
Several of the same vulnerabilities were also corrected in Firefox 2.0.18, as well as a Flash bug allowing execution of arbitrary code, a crash with execution of remote code via __proto__ tampering, and image stealing via canvas and HTTP redirects. Firefox 2.0.18 is the second-to-last release of Firefox 2 — Mozilla will retire the browser in mid-December with the final 2.0.19 update.
Non-security updates to the browser included official releases for two new languages — Icelandic and Thai — as well as beta releases for an additional six languages. The Public Suffix List — the browser's internal list of top-level domains — was updated, additional EV root certificates were enabled, bugs affecting the saving of passwords and non-HTTP proxy settings were squashed, and an annoying issue where the "Add Bookmark" panel covered the IME input tool used for entering characters from several languages was also fixed.
A number of known issues, as well as system requirements, installation/uninstallation instructions, and other resources can be found in the official release notes for Firefox 3.0.4 (or those for Firefox 2.0.18). Downloads of Firefox 3.0.4 in fifty languages are available from Mozilla's download site; existing users can also use the built-in Check for Updates utility. (Firefox 2 users can pick up the 2.0.18 release from Mozilla's "All Older" page.) Most Linux distributions, if they haven't done so already, should be pushing the update out to users through their normal update mechanisms within the next few days.