#Firefox 3.6.28 update update#
Mozilla also released Firefox 3.6.28, the latest security update for the two-year-old browser, to patch five or six vulnerabilities. Mozilla classified the bug as a "memory safety problem" in JavaScript's "array.join" function.
#Firefox 3.6.28 update software#
Iozzo and Pinckaers rode that exploit to take Pwn2Own's $30,000 second-place prize.Īccording to Mozilla's security advisory, the Iozzo/Pnickaers vulnerability had been discovered earlier by Firefox software engineer Jeff Walden. It turned out that Mozilla already knew of the vulnerability exploited by researchers Vincenzo Iozzo and Willem Pinckaers on Pwn2Own's last day, March 9. The delay, which Mozilla announced last Monday morning and nixed later the same day, was necessary, said Mozilla, to patch a Firefox bug unveiled at the Pwn2Own hacking contest. Before the scheme's January debut, Microsoft had asked users for their permission before upgrading IE from one version to the next, even if Windows' automatic update service was enabled.Īlso this week, Mozilla released Firefox 11 with patches for 12 vulnerabilities, nine of them rated "critical."įor a short time, Firefox 11 faced a launch delay that would have broken Mozilla's perfect record of meeting release deadlines since it switched to an every-six-week pace last year.
#Firefox 3.6.28 update upgrade#
Microsoft has also jumped on the silent update bandwagon: In December 2011, it announced it would automatically upgrade Internet Explorer to the newest browser suitable for each version of Windows. Google's Chrome has used automatic, in-the-background updates since its September 2008 debut.įirefox silent updating would let Mozilla deploy emergency security fixes - it calls those "chem spills" - without bothering users, and potentially push more users to each new version. Implementing silent updating would make Firefox only the second browser to offer the feature. Some of the components of silent updating have already made it into Firefox: Version 10 debuted automatic add-on compatibility marking, for example. Those plans were also revised, and Firefox 13 was tagged as the new goal. Late last year, it said it was shooting for silent updating in Firefox 10, which debuted in January. At one point, it thought it could add the feature to Firefox 4, which shipped in March 2011, but abandoned that work when the upgrade was delayed several times for other reasons. The company has been working on silent updating for about 17 months. Mozilla unloads a Firefox upgrade every six weeks - it launched Firefox 11 just two days ago - and has Firefox 13's release on the calendar for June 5, 2012. "Silent updates are currently planned to land in Firefox 13." "Updates will now be downloaded and installed silently in the background," wrote Nyman in a Wednesday post to the Hacks Mozilla blog. In a sweeping summary of 2011's accomplishments and an outline of plans for 2012, Robert Nyman, a Mozilla technical evangelist, listed silent updates as one the projects the company will finish this year. Mozilla yesterday reiterated that it's still working on silent updates for Firefox and said it should have the Chrome-like service in place by early June.