“No software is free from bugs” and that statement holds true for the mighty Firefox too. Yesterday the Mozilla Foundation released Firefox 3.0.1, the first update for Firefox 3.0, patching some of the known vulnerabilities. It mainly addresses several security and stability issues. A update was also released for Firefox 2.0 users upgrading them to 2.0.16.

The two critical patches deal with remote code vulnerabilities and command line URLs spawning tabs when Firefox is not running. MFSA 2008-34 is the first critical patch. It was reported via TippingPoint’s Zero Day Initiative, and centers on issues with Mozilla’s internal CSSValue array data structure. An attacker can create a large number of calls to common CSS objects, triggering a crash of the browser when it attempts to free the CSS object while still in use. The resulting crash could be used to execute code on the system.

The second critical issue comes from Billy Rios, who reported that, “if Firefox is not already running, passing it a command-line URI with pipe (“|”) symbols will open multiple tabs. This URI splitting could be used to launch chrome:i URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which was intended to block external applications from loading such URIsi,” Mozilla explains. The vulnerability in MFSA 2005-53 remains patched however.

“For example, web browsers normally handle file: URIs themselves, or block them from web content altogether, but this flaw enabled attackers to pass them from another browser into Firefox. In Firefox 2 scripts running from file: URIs can read data from a user’s entire disk, a risk if the attacker could first place a malicious file in a guessable location on the local disk. Rios demonstrated that the so-called “Safari Carpet-bombing vulnerability” could be used for this, as well as other techniques that do not rely on that now-fixed Safari vulnerability,” the advisory added.

Internal testing on Firefox 3.0 also showed that Rios’ research can be combined with various vulnerabilities to trigger code execution. “In Firefox 3 scripts running in local files have limited access to other files, almost entirely mitigating the file: attack. However, combined with a vulnerability which allows an attacker to inject script into a chrome document the above issue could be used to run arbitrary code on a victim’s computer.”

Firefox 3.0.1 Updated

Related articles

• Mozilla patches Firefox side of Safari ‘carpet bomb’ threat
• Firefox 3.0.1 More Secure and Stable [Firefox]
• Unpatched Web browsers prevalent on the Internet
• Microsoft updates Live Calendar with birthdays, holidays, iCal subscriptions

For those who are bored with their old wallpapers and looking for a hot spicy firefox wallpaper, there are more than 70 wallpaper links at Hongkiat.com. Get your desktop a new look and help to spread the Firefox 3 around.

Visit Hongkiat.com to download the wallpapers

Related articles

• An amazing collection of abstract satellite photos, demonstrating the “impressionist, cubist
• 50 Remarkable Nature Wallpapers
• Landscapes, Cities, Nature full HD photos

Eventhough Shiretoko, is going to have Visual Tab switching feature inbuilt, it will be still some more months before we get the stable release. Till then Ctrl-Tab extension should satisfy the Firefox Tab addicts. This extension emulates the Alt+Tab feature which helps to switch between windows in most of the operating systems. It is much more faster in Firefox 3 than the previous versions.

Pressing [Ctrl]+[Tab], brings up a thumbnail preview of the tabs, and repeated presses of [Tab] proceeds in the order of tab usage. Releasing the [Ctrl] selects the particular Tab window. Holding the [Tab] makes the scroll faster. Press [Shift] to make the scroll in the reverse order.

For those who want to see all the tabs present in the present Firefox session, just press [F4] or the List all Tabs button in the right end of Tab bar to bring up a grid view of all the tabs. There is a filter option also thrown in for the hardcore Tab addicts.

I am using this add-on in Firefox 3 and really recommend all to try it out for yourself. It’s worth the effort.

Download Ctrl-Tab

Related articles

• Simple Extensions in Firefox 3
• Download of the Day: Send Tab URLs
• CLiCk,Speak for Firefox 3.
• Next Tab Keeps Your Tabs in Context [Featured Firefox Extension]

Finally the day has arrived and final release of Firefox 3 is out on open and IE is getting its butt kicked left and right.

Mozilla Foundation had conducted its PR greatly but the execution was poor. First the time of release was not officially announced and all the eastern hemisphere netizens had to guess the whole day when Firefox 3 was getting out and finally it dawned that it would be midnight for most. The time came and when I went will all anticipation, all I got was server time outs and after a few reloads and refreshes,  I was met with this sweet outage page.

OK this was not a great surprise since everybody was trying, the Mozilla servers were melting with the load. But the real surprise was when after nearly an hour of reloading the browser, I finally met with a page to download Firefox but alas it was Firefox 2. The page design was for Firefox 3, but the release was 2.0.0.14

So after another disappointment, I got back to reloading, refreshing and after nearly another one hour got the sweet link for a download and installed it finally. Did another download in my other system and finally got it also up and running.

So after doing my duty to the Mozilla’s Community decided to check out how the Download day was going on. The total downloads till 00:45 GST on 18th June 2008 was 1,861,546 downloads. UAE – 1480, Afghanistan – 0, Iraq – 62, Mynammar – 0, Iran – 6422, Sudan – 54, Somalia – 0, Cuba – 414, Oman – 0, Mongolia – 0, North Korea – 0

For who needs to show around that they did their part on the download day, you can flaunt it here. You will get a certificate like this one below.

Update : The time is 10:30 AM on 18th June 2008, nearly 12 hours after the launch of Firefox 3 and the stastics for the downloads are as below

Total Downloads : 4,462,863

UAE – 2400, Afghanistan – 62, Iraq – 101, Mynammar – 211, Iran – 133,500, Sudan – 73, Somalia -  Still 0, Cuba – 557, Oman – 212, Mongolia -281, North Korea – Still 0, Chad – 0,

Related articles

• Firefox Claims World Download Record (No One Disputes It) [World Records]
• Firefox 3 Launch & Guinness World Record Celebration Party – London
• For nerds and Sinologists alike: the Firefox 3 snarl
• Mozilla officially scores a world record
• Firefox 3 makes up world record to set world record