Mozilla Releases First Patch of the Year


Mozilla released the latest version of its Firefox Web browser, version 3.0.6, this week. This latest release fixes several security-related issues with the browser. Specifically, it fixes a critical vulnerability related to the layout and JavaScript engines, two critical issues that address cross-site scripting and local file stealing, one moderate vulnerability that could run arbitrary code by injecting it into a Chrome document, and two minor issues that fix cached pages and cookies. In addition to the security vulnerabilities, 3.0.6 fixes several stability issues, a screen display problem, and improvement for scripting.


I personally am a big fan of the Firefox browser. I like all the plug-ins available for it, its security model, the speed at which it loads, and its tabbed browsing capability. I also like the fact that Mozilla has a clear release schedule:


  • Platform releases every 12 to 15 months and product releases every 6 to 9 months with product releases between platform releases limited to new features and enhancements with minimal back-end impact, e.g. API additions to the platform but no incompatible changes.
  • Adoption of a consumer-focused support cycle where only the current plus the last major release at any given time would be supported with security and stability updates for up to six months, following general availability of the current release. We'll work with downstream enterprise-oriented distributors and support vendors to provide a program to enable extended support for otherwise legacy releases.
  • Scheduling security and stability updates every 6 to 8 weeks to provide a vehicle to address security and stability issues with critical security vulnerabilities addressed "out of band," unencumbered by other patches.


So although it is another release we have to deal with, this shouldn't be a surprise. Mozilla has been consistent with its release schedule, making improvements and fixing vulnerabilities as it has promised.