Releases/Firefox 3.5.1/RRRT
From MozillaWiki
< Releases | Firefox 3.5.1
Release Rapid Response Team - Firefox 3.5.1
This is the coordination page for the the new Firefox Release Rapid Response Team.
The team will be watching for feedback from all over and reports of "possible" or "emerging" issues will be aggregated here as soon as they're discovered. As issues get confirmed, they'll be turned into bugs and passed on to the Release Drivers team and nominated for fixing in the next dot release. Those confirmed issues will also be "written up" for deployment by Support, blog commenter, Firefox_answers, etc.
Contents
Stability
Add-ons
- Google Gears 0.5.29.0 is no longer compatible
- Rey Bango has contacted the Gears team to get them to update the maxVer to 3.5.*
Update Mechanism
- Gandalf reported that the update is presented to users as "Firefox 3.5.1 (build 1" in the updater
- needs confirmation
Broken Features
Data Migration or Loss
Sites not working
General, Unknown, Security or Other
yet another security exploit (javascript) has appeared to affect 3.5 and 3.5.1 as described here: http://www.securityfocus.com/bid/35707
- demo expoit html code: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html
- further information from ibm: http://xforce.iss.net/xforce/xfdb/51729
- and nvd.nist.gov http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2479
- update on this stack overflow exploit: apparently its only supposed to be a denial of service attack, not an execution of code attack: http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/