The new version of Mozilla Firefox browser blocks crashing plugins

Tweet

Mozilla firefox recently released its new version firefox 3.6.4 which introduced a feature that blocks crashing plugins. Users can download the new code with the Check for Updates feature or by downloading it from Mozilla.com. According to release notes the main change in 3.6.4 is a stability enhancement which keeps the browser up and running when a major plugin crashes. Other stability and security enhancements are also noted.

Crash protection initially is available only for the Windows and Linux versions of Firefox. Implementing it on the Mac is a tougher task, and Mozilla is promising it for version 4 of Firefox. The beta of Firefox 4 is due any day now, but the release code isn't due till the Fall.

It also appears that the initial crash Protection only works with a few specific plugins: Adobe Flash, Apple Quicktime and Microsoft Silverlight. There's no specific schedule for other plugins to be added.

Version 3.6.4 also fixes 10 vulnerabilities in 7 updates, 4 of them critical. MFSA 2010-26 addresses 4 vulnerabilities, all crashes with evidence of memory corruption, Mozilla's policy is to treat these as exploitable code execution bugs without definitively proving it. The other critical fixes address freed object reuse across plugin instances, a heap buffer overflow and an integer overflow. Two moderate and one low-severity bug are also fixed.

At the same time Mozilla released Firefox 3.5.10 for those who won't upgrade to the 3.6 branch, although Mozilla strongly advises users to do so. There is not, for example, nor will there be, crash protection for the 3.5 versions.

The new version of Mozilla Firefox browser blocks crashing plugins