Releases/Firefox 3.5.1/RRRT

From MozillaWiki
Jump to: navigation, search

Release Rapid Response Team - Firefox 3.5.1

This is the coordination page for the the new Firefox Release Rapid Response Team.

The team will be watching for feedback from all over and reports of "possible" or "emerging" issues will be aggregated here as soon as they're discovered. As issues get confirmed, they'll be turned into bugs and passed on to the Release Drivers team and nominated for fixing in the next dot release. Those confirmed issues will also be "written up" for deployment by Support, blog commenter, Firefox_answers, etc.

Stability

Add-ons

  • Google Gears 0.5.29.0 is no longer compatible
    • Rey Bango has contacted the Gears team to get them to update the maxVer to 3.5.*

Update Mechanism

  • Gandalf reported that the update is presented to users as "Firefox 3.5.1 (build 1" in the updater
    • needs confirmation

Broken Features

Data Migration or Loss

Sites not working

General, Unknown, Security or Other

yet another security exploit (javascript) has appeared to affect 3.5 and 3.5.1 as described here: http://www.securityfocus.com/bid/35707

demo expoit html code: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html
further information from ibm: http://xforce.iss.net/xforce/xfdb/51729
and nvd.nist.gov http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2479
update on this stack overflow exploit: apparently its only supposed to be a denial of service attack, not an execution of code attack: http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
Retrieved from "https://wiki.mozilla.org/index.php?title=Releases/Firefox_3.5.1/RRRT&oldid=157202"