Firefox 3.5.4 closes security holes

Mozilla released Firefox 3.5.4 for Windows, Mac, and Linux on Tuesday to patch six critical security holes and some other problems.

The new browser version also improves stability and fixes a problem with clearing browser history, according to the release notes. Mozilla updated the corresponding version of its earlier browser to fix some of the same security problems by issuing Firefox 3.0.15.

The six vulnerabilities potentially could let remote attackers take over the computer by running their own software on the machine. For details, check the Firefox security site.

Meanwhile, Mozilla is on the brink of releasing the first beta of Firefox 3.6, a version that will add the Personas feature for a customizable look. Mozilla, trying to move to a faster Firefox release cycle, is debating whether to issue 3.6 as a minor release that arrives automatically or a major release that people must actively download.

Also Tuesday, Mozilla released SeaMonkey 2.0, which combines the Firefox browser and Thunderbird e-mail software into an all-in-one package. It uses Firefox 3.5.4.

[blariz]

The article states that 3.0.14 is the latest update of 3.0.xx. Actually 3.0.15 is the corresponding update to 3.5.4.

[Shankland]

Thanks, fixed that!

[cuz84d]

Both patched similar holes in the program at the same interval.

The upgrade path:

FF 3.0.14 -> FF 3.0.15.
FF 3.5.3 -> 3.5.4

[elrond_15800]

the home page short description still says 3.014

[rmva]

Is Firefox ever going to fix the bug that causes Check for Updates to be grayed out unless you Run As Administrator. The number of users who think they are current because they never get update notices must be phenominal.

[shellcodes_coder]

that's not a bug

[SergeM256]

It is a bug. OK, it is not a bug in a sense that somebody who is totally clueless intentionally made it this way. Proper design would be to allow this option to any user and Windows would request admin password when installing update, that's how most applications handle updates.

[firefoxluva95]

Wouldn't that just be fixed by right clicking and clicking "Run as Adminstrator" and then typing the username and password for the admin? Or are we still using outdated Windows XP?

[GalaxyFox]

A bug is not something that is intentional. The Check for Updates is intentionally grayed out.

Just right click and Run as Administrator. Its not that difficult.

I agree with SergeM256 in the fact that non-admins could just request the admin password, but its not a bug.

[irondog1970]

I would like to thank CNET for posting these articles. My company's firewall prevents Firefox's ability to check automatically for updates. So, the only way I knew 3.5.4 was released was through your article. (And, no, it doesn't make any sense that I can download 3.5.4 manually?)

[ittesi259]

You could...I dunno check the Firefox website on occasion.....

[Imalittleteapot]

When I updated Firefox it told me my Flash was out of date and asked if I wanted to update to the newest version of Flash as well. In fact it recommended I update to the newest version. So, I did and went to the Flash site via the FF link that was provided and just clicked through everything without paying attention which was stupid and my fault. I know.

Then I double checked and made sure my Flash was updated for IE too by going directly to the site in IE.

But the point is, when installing the new Flash either through the FF prompt or through the IE ActiveX prompt (don't know which and perhaps both), somewhere along the way (because I wasn't friggin paying attention) Adobe sneakily installed McAfee Security Scanner or some crap on my machine as well which I didn't want!

Also with a nice shortcut put in the Start Menu's startup folder so something called McAfee Security Scheduler or some crap would run in the background on every boot of the computer. Like I need more crap running in the background every time I start my computer! Why would it have to run at startup every time I boot my computer to scan one single friggin download I'm only going to install once? Talk about friggin bloat! I have quickly removed said scanner.

Anyway, when doing the FF update, if it prompts you to update your Flash plugin and you don't use or like anything McAfee pay attention so you don't get a bunch of McAfee crap installed along with it from the wonderful people at Adobe along with your stupid Flash plugin.

You know it's crap when they can't sell it directly and they have to sneak it in behind enemy lines hoping someone doesn't notice the nefarious defaults. This goes for any company that ships those friggin toolbars with their software too. STOP IT! JUST STOP IT! If I want your software, I'll go to your site and get it. Stop piggy backing on other people's wares.

If you like McAfee though, then I guess it's not that big of deal.

Anyway, the point is just don't be lazy like me and pay attention.

[bousozoku]

It asks about the McAfee bit, but even though I clicked the checkbox to disable it, it still installed it.

[Imalittleteapot]

bousozoku:

Okay now that's just plain annoying. I've had someone else today tell me they disabled it as well and it still installed too. Oh well. At least it's fairly easy to remove.

[shellcodes_coder]

IE on Vista and 7 is more secure than Firefox because of Protected mode, though Firefox is way better than IE

[G-Skaf]

Everything is more secure on Vista/7, since people don't have to use an administrator account all the time :-)

[bornlikethis38]

so after I upgraded to 3.5.4 none of my add-ons work

[Shankland]

What version did you update from? There are problems from 3.0.x series but 3.5.3 should be pretty easy going.

[GalaxyFox]

Most add-ons work with 3.5.*. What add-ons are you referring to and what version did you update from?

[drbyte]

Flash runs like crap on firefox. DId they address that?

[Charleston Charge]

To be fair, Flash runs like that on all browsers.

[4score20]

I have to agree with drbyte. In my experience Flash vids sputter and stall in my copy of Firefox (3.5) but run smoothly in IE8 and Chrome. Still, it's not enough to make me use IE on a regular basis.

[drbyte]

I had hope when I googled and found someone attributed it to the snapshot firefox takes every 10 seconds for recovery from browser crash. The fix didn't help. Flash plays fine in chrome and IE, but I'm so used to firefox.

[ittesi259]

To be fair....Flash is crap

[firefoxluva95]

Even Silverlight runs better in Firefox than Flash. Flash is a resource hog.

[WelshMullet]

@shellcodes_coder firefox has a private mode as well :P

[kojacked]

IE Protected mode is not the same thing as FireFox private mode. IE "InPrivate" is the direct comparison. IE Protected mode deals with security not browsing for pr0n.

[cary1]

my firefox updated and now I can't do text search on the page. This sucks

[tsinger254]

My Firefox has never once crashed, until 15 seconds after I updated to the new version. Fortunately, I always (hopefully) check to make sure that other garbage isn't also being installed (as mentioned, above).

And it's really annoying that I have to physically go to each user's workstation, login as Admin, then update their software. It is so much easier when the "updates" is not grayed out, and I can simply type-in the Admin password.

[GalaxyFox]

If you are running Vista+, just right click and click Run as Administrator.

Or you can just download the new Firefox exe package.

[malcarada]

Firefox needs to improve its popup blocking a lot, most pop ups get through.

[86lg4b4c]

I agree.stopped using it because of the netflix pop under.Never seen this many pop ups get by with IE.Thier blocker just doesnt work.

[exactlyy]

the update process went smooth and like always ..Firefox w'll prevail .

[fjferrell]

Firefox became the nightmare and disaster that I feared would happened! Everything that could go wrong did happened. Firefox crashed and burned what has taken a year to get comfortable with.

My add-ons and plug-ins won't work; my Norton 2010 is in a tizzy keeping me out of firefox; and, worst of all, all the features that made my using Firefox a breeze keep telling me 'invalid errors' or "error 203"!!! What gives my ISP is no where the speed and convenience I once had with Mozilla.

I am not a techno-geek but when I follow the directions I expect results. What gives???
I need help and fast for some personal research endeavors dependon Firefox delivering the goods! My system is hurting and I need help!

[firefoxluva95]

Here are your three problems:.
1. Norton
2. Norton
3. Norton

[kflgik]

Same issue when I perfored a required Norton 360 update restart. Have querried Norton but no response. Running Norton NIS 17.1.0.14

[kflgik]

Correction, I'm running NIS 2010.

[kflgik]

Norton required restart of 17.1.0.14 update caused Firefox 3.5.3 and 3.5.4 to go on the blink. Norton fell back and deinstalled 17.1.0.14 to 17.0.0.136 and Norton toolbar, etc and Firefox addons started working again. Unfortunately Norton lost over 2 years of passwords when they deinstalled and reinstalled.

[GalaxyFox]

I'm running Norton IS 17 (2010) as well and have no problems at all.

[Vegaman_Dan]

I'm curious why it is that it seems like all the browser security issues could lead to remote execution of vode on a browers or allow remote access to the host system. Why not have issues like- oh... if you click on two links too quickly while the space bar is down that the screen turns pink and green and your mouse cursor turns into a flying hippopotamus? That would be more entertaining. :)

[Imalittleteapot]

If I still had enough free time like I used to, I swear I would find a way to make that happen LOL.

[G-Skaf]

It may already have happened with IE. Everything is possible there :-P

[fjferrell]

My system just totally crashed again after reinstalling Firefox 3.5.4 and updates!!! What gives??? I need my computer! Please help for this is frustrating!

[cuz84d]

by 4score20 October 28, 2009 12:12 PM PDT
" I have to agree with drbyte. In my experience Flash vids sputter and stall in my copy of Firefox (3.5) but run smoothly in IE8 and Chrome. Still, it's not enough to make me use IE on a regular basis."

To fix Flash performance on Firefox, the network/perf is affected by session restore capturing restore history every 10 seconds. This can be easily changed via pref change in Firefox.

Here are the steps to improve flash performance on Firefox.

1. Open a new tab

2. type about:config in the location bar
3. hit enter
4. click the button past the warning page.
5. Type "browser.sessionstore.interval" in the search field.
6. Change the value to something like 120000 for every 2 minutes or 300000 for every 5 minutes.

10000 = 10 seconds session capture of all the tab/forms and other things etc so it can be restored if you do quit and save or run into a crash, your data comes back up. Try doing that with IE.

Flash will work much better afterward!

[cuz84d]

Firefox 3.5.4 is way better than 3.5 (which had a noticeable performance bug fixed by 3.5.1).

[SJ2571]

Can anyone explain why there is a 3.0 and 3.5 release anyway? Why are Mozilla maintaining two versions? Ditch the 3.0 I say. Why bother supporting it?

Also, when is the bug of favicons EVER going to be fixed? I've got a YouTube logo next to Yahoo's link, for example. So sick of that, and it's never fixed with each new update.