Firefox update takes down three critical flaws Mozilla pushed out a new version of Firefox on Wednesday that fixes five browser bugs, three of which present a critical risk of hacker attack. Firefox 3.5.8 tackles a memory corruption flaw, a heap corruption vulnerability and a flaw in the open-source browser's HTML parser technology. All three of these security bugs create …
Disnae work like that. 3.5.8 is the latest release in the 3.5 series, which is and still will be maintained for a period of time for those unready or unwilling to upgrade to the 3.6 series. The numbers are not decimal despite the points, so you may yet see a version 3.5.10 and beyond. In earlier times, for example, there was a version 2.0.0.17 (they later decided three points was a bit excessive and dropped one for the 3.0 series).
Think of it like Windows XP Service Pack 3 (or maybe better just any old XP security patch, since that's all this is), which came out after Windows Vista had been released.
There's the 3.5 branch and the 3.6 branch. The 3.5 branch just got patched for the 8th time. No amount of patching, not even 100, will bring the 3.5 branch to version 3.6 - only upgrading will. It's not quite decimal. ;-)
As for who'd want to not run the latest and greatest, hate of bloat and general meh about new features are very good reasons. I for one can't see any reason to upgrade - I mean, 120 ms faster at rendering a complex page, who the devil cares? Once 3.5 patching runs out it may be a different story, but I'll jump off that bridge when I come to it.
Absolutely... most of the addons that I run in Firefox still aren't compatible with v3.6 (annoyingly).
This is pretty standard for Firefox releases, I believe 3.6 is more of a major upgrade than a simple 0.1 increment suggests.
Got to love the FF update system though. No secret uninstall->install process running behind the scenes, no ending up with 2 versions installed and a whole bunch of new Start Menu/Desktop shortcuts.
An example to all as to how it should be done... I'm looking at you OpenOffice!
It's also a good thing as it means more people are running more up-to-date browsers. Meaning web developers can/are increasingly able to use newer technologies sooner
F**king Mozilla idiots!
So I'm running Firefox 3.6.
I ask it to look for updates. It does.
It says 3.5.8 is available.
Now, on the ASSUMPTION that this was the one released with the vulns claimed to be fixed, I retrograde to the older version. Looks/feels the same.
Only, the "What's new" page has autoloaded. A message up the top recommends:
"For security reasons, we recommend downloading the latest and greatest version."
I click the link. Security is important, right?
The link takes me to Firefox 3.6.
So I ask my (retrograded) Firefox to look for updates.
It says 3.6 is available.
Which I download and install.
So after 20Mb of pointless downloading, plus the time taken for the installation (at least I was making pasta at the time), I cannot believe the thing is so frigging braindead as to say 3.5.8 is an update from 3.6! I mean, I'm pretty poor at maths but even *I* can work that out!
Between Microsoft, Mozilla, and Adobe, my main computer spends a significant part of its time updating (and prompting me to reboot or restart the application). I can just about stay on top of it for the computer I use everyday, but when I run the one upstairs (that sometimes lies idle for a month or so) it takes the best part of the day to get through several update cycles. The MS ones running in the background are slow to arrive, then interrupt you, then when you think they are through, a new batch starts. I have taken to running my spare boxes every so often JUST to update them, so I have some hope of using them for something else when they are actually needed.
This trend is getting worse. How long before the updates take over completely and we can't get anything else done, at least in the morning? Unattended update sessions running through the night? That sounds like an exploit playground.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
