Mozilla Security Blog
Categories: Announcements Firefox Security Security Updates Vulnerabilities

Firefox 3.6.2 Released

Lucas Adamski

46 responses

Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. This release contains a number of security fixes, including a fix to Secunia Advisory SA38608 which was previously discussed on this blog when we were first made aware of and were then able to confirm the issue.

For additional information please see Mozilla Foundation’s Security Advisory MFSA-10-08 as well as the Firefox 3.6.2 Release Notes. We urge users to promptly update to this release by selecting “Check for Updates…” from the “Help” menu, or by visiting https://www.mozilla.com/ for a free download.

46 comments on “Firefox 3.6.2 Released”

  1. Mike Beltzner wrote on

    I can’t thank our build, QA, web development and release management team enough for the hard work done in the past few days to accelerate the Firefox 3.6.2 release. Great story for our users.

  2. Yuhong Bao wrote on

    Was it inspired by Germany recommending a switch away from Firefox earlier on the same day or was that a coincidence?

  3. Concerned User wrote on

    That was very quick:). Thanks Mozilla for taking the time to reschedule your regular release dates and realize the important of zero day vulnerabilities. Kudos!

  4. pheldespat wrote on

    Good job!

    Thank yo very much, Mozilla.

  5. emv x man wrote on

    Wow, that’s impressive – respect and thanks to all at Mozilla.
    @Yuhong can you name one outfit that regularly out-paces Mozilla in terms of reacting/solving issues?
    IMO it’s normally better to be grateful than snippy – especially to a bunch of people who give us a consistently great platform.

  6. another_sam wrote on

    https://bugzilla.mozilla.org/show_bug.cgi?id=552216

    Correct me if I am wrong, but in
    https://bugzilla.mozilla.org/show_bug.cgi?id=552216
    what I see is the fix done on 14th but the patch released on 22nd.

    What happened during these 8 days?

  7. Just a user wrote on

    Thanks Firefox team…I’m just a bit disappointed that it took the German announcement to prompt this – I always thought FF was more proactive, but you’ve done the right thing now.

  8. Dan wrote on

    What happened to 3.6.1??

  9. emarell wrote on

    I’m also impressed with the quick attention to this kind of thing that always occurs with the Firefox people. Thanks go to the team members.

    That said, with this particular incident I have some problems. If I update to 3.6.2 or to 3.6, a dozen-plus of my add-ons become incompatible. Not OK for me; they are why I love Firefox instead of the G-brand or any other contender. I do understand it always takes a while for the independent developers to catch up. So I pretty much always wait a while before putting in a new version.

    In this case, though, it seems to amateur old me that patching the vulnerability is quite urgent; yet I have seen mention here and there that prior versions such as 3.5.8 are not vulnerable. Version 3.5.8 does not run well on my system… at all! It fails to load many, many sites at moments when two alternate browsers have no trouble whatsoever (so it can’t be an ISP snag).

    Regarding this Secunia Advisory SA38608 episode, I have seen no instruction or guidance about:

    [1] Does typical anti-virus (avast! v5.0.462), anti-malware (IO Security 360 v1.41), and/or firewall (ZoneAlarm v9.1.007.002) freeware stop this particular danger? I use those.

    [2] What about an even earlier Firefox version – namely 3.5.7 – which truly runs like a top on my machine? Is that as vulnerable as 3.6? Or some other, pre-3.5.7, version?

    I’ll keep an eye on this Comments section for whatever help someone can post here – and thank you.

  10. seedy wrote on

    Anyone noticed that FF now tries to connect via random ports? My Zone Alarm is requesting permission for FF on random ports every time I run FF. Is this normal? It wasn’t happening with previous versions.
    Thanks

  11. another_sam wrote on

    @Dan
    https://wiki.mozilla.org/Platform/2010-01-26#Notices_.2F_Schedule
    read “Firefox 3.6.2”

  12. David Baron wrote on

    @emarell, The WOFF vulnerability does not affect Firefox 3.5.*; WOFF support is new in Firefox 3.6.

  13. whatever wrote on

    Great! Thanks a lot for speeding up the release.
    Hopefully this will also save FF during CanSecWest Pwn2Own 2010 🙂

  14. Tytan wrote on

    I have installed Firefox 3.6.2 and now no add-ons work at all! So I uninstalled it and went to 3.5.8 when I knew they were working and now they don’t work in that either! I highly regret installing Firefox 3.6.2. Can anyone help me?

  15. emarell wrote on

    @David Baron

    Thanks for the clarity.

    Now I am beginning to understand what WOFF support is about (browser’s ability to show a wider variety of fonts designed into a web page, yes?).

    Maybe you’d be so kind as to explain what a user would see when loading one of these pages if his/her browser doesn’t support WOFF?

    (My amateur guess: the browser substitutes a predetermined default font, and loading is slower???)

  16. Daniel Veditz wrote on

    @Tytan: if you open the add-on dialog are the add-ons missing? Hard to imagine why they’d be present but not working if you switched back. If they’re missing perhaps a new “profile” was created somehow during the upgrade. http://support.mozilla.com/ can help you with this (try the forums or live chat).

  17. Damon wrote on

    Same here. All add-ons down. If I try to open the add-on page, it locks the computer up.

    xp sp2

  18. emarell wrote on

    @Tytan
    During all that maneuvering that I did earlier (see entry #9 above) I had that same experience – version 3.6.2 certainly made a real mess. Not just disabled and missing add-ons. It *inserted* one add-on I had tried out long ago and uninstalled; this one would not let go! Couldn’t close its sidebar or get rid of the add-on itself.

    Until you posted here I’ve seen no mention of the scrambled eggs that upgrading to 3.6.2 made out of Firefox 3.5.* – bet it’ll be popping up webwide!

    That is why I am asking so many questions. Basically it seems to me, so far, that this newfangled WOFF font transmission thing is a mere frill, not another giant leap for mankind. It might not be worth all the “critical danger” and related or other shenanigans just to get more fonts in our face. I thought we had plenty-o-fonts before WOFF. It’s just the question of what happens if one sticks with a non-WOFF browser version. Anybody know?

    Unfortunately all I can tell you is that to fix it I had to restore the entire C-drive.

    I have Vista; once upon a time it did backups – a feature which became unusable. So now I use Macrium Reflect to put backups onto an external hard drive twice a week. Using that, I restored a few-day-old full C-drive backup done when 3.5.7 (my favorite Firefox) was still on board and intact.

    ***But***
    Before doing so, I made an ordinary
    copy (on a stick drive) of: the
    current contents of Documents
    [the folder] and Pictures and
    whatever else I knew I’d altered
    in the few intervening days since
    making that Macrium backup file.
    The stuff I placed on the stick
    drive… all unrelated to Firefox.
    *********

    Following the full C-drive restore (from the Macrium backup), I wrote my stick drive copies over what the restore gave me for those few folders.

  19. Concerned User wrote on

    @ Mozilla team: Just saw this:

    http://www.theregister.co.uk/2010/03/25/pwn2own_2010_day_one/

    So will the “hacker” guys tell your team how they “did” it? and if so, would Mozilla release more updates? Please clarify.

    The update (3.6.2) was very smooth and my addons are working just fine!

  20. Nevi wrote on

    Mozilla is the best!Thank you friends.

More comments:1 2 3