Releases/Firefox 3.5.1/RRRT: Difference between revisions
< Releases | Firefox 3.5.1
Jump to navigation
Jump to search
m (→General, Unknown, or Other: - new javascript vulnerability appeared in 3.5 and 3.5.1) |
m (→General, Unknown, Security or Other: stack overflow is apparently not exploitable) |
||
| Line 23: | Line 23: | ||
== General, Unknown, Security or Other == | == General, Unknown, Security or Other == | ||
yet another '''security exploit''' (''javascript'') has appeared to affect '''3.5''' and '''3.5.1''' as described here: http://www.securityfocus.com/bid/35707 | yet another '''security exploit''' (''javascript'') has appeared to affect '''3.5''' and '''3.5.1''' as described here: http://www.securityfocus.com/bid/35707 | ||
:demo expoit html code: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html | :demo expoit html code: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html | ||
:further information from ibm: http://xforce.iss.net/xforce/xfdb/51729 | ::further information from ibm: http://xforce.iss.net/xforce/xfdb/51729 | ||
:and nvd.nist.gov http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2479 | ::and nvd.nist.gov http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2479 | ||
:update on this stack overflow exploit: apparently its only supposed to be a denial of service attack, '''not''' an execution of code attack: http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/ | |||
Latest revision as of 22:13, 23 July 2009
Release Rapid Response Team - Firefox 3.5.1
This is the coordination page for the the new Firefox Release Rapid Response Team.
The team will be watching for feedback from all over and reports of "possible" or "emerging" issues will be aggregated here as soon as they're discovered. As issues get confirmed, they'll be turned into bugs and passed on to the Release Drivers team and nominated for fixing in the next dot release. Those confirmed issues will also be "written up" for deployment by Support, blog commenter, Firefox_answers, etc.
Stability
Add-ons
- Google Gears 0.5.29.0 is no longer compatible
- Rey Bango has contacted the Gears team to get them to update the maxVer to 3.5.*
Update Mechanism
- Gandalf reported that the update is presented to users as "Firefox 3.5.1 (build 1" in the updater
- needs confirmation
Broken Features
Data Migration or Loss
Sites not working
General, Unknown, Security or Other
yet another security exploit (javascript) has appeared to affect 3.5 and 3.5.1 as described here: http://www.securityfocus.com/bid/35707
- demo expoit html code: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html
- further information from ibm: http://xforce.iss.net/xforce/xfdb/51729
- and nvd.nist.gov http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2479
- update on this stack overflow exploit: apparently its only supposed to be a denial of service attack, not an execution of code attack: http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/