Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 3.6.4 Released With Out-of-Process Plugins

Posted by kdawson on from the bye-bye-crash dept.

DragonHawk writes "Mozilla Firefox 3.6.4 went to general release today. The big new feature in this release is out-of-process plugins (OOPP). This means things like Flash, Java, QuickTime, etc., all run in separate processes, so when Flash decides to crash, it won't take your browser out with it. If Flash starts consuming all the CPU it can find, you can kill it without nuking your browser session. I've been using this feature since it was in the 'nightly build' stage, and it was still more stable than 3.6.3, just because Flash was isolated." And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."

2 of 261 comments (clear)

  1. Re:Opera! by luckymutt · · Score: 5, Insightful

    However it it was really all that, it would have a much larger fan base.

    Popularity != better. Since IE has the largest fan base, you're saying that IE is the browser that is "all that?"

    Just because they have had something for a while now, does not mean that Firefox, which is a far more popular browser, getting it is not a big deal.

    Sure it's a big deal. Although it would have been a bigger deal if they were the first on the block to have gotten it.

    Opera people always crack me up.

    FF fanbois always crack me up. Do you people ever get tired of the pissing contest? Ever? And by the way, I am typing this in Konqueror. Suits my needs well enough.

  2. Privilege separation, anyone? by FraGGod · · Score: 5, Insightful

    Ok, now that we're able to put flash code in a separate proc, my question is: can we cut it's privileges so another (monthly) "zero-day vulnerability" will finally become just a tale to scare little children?
    Strangely enough, with all the concern about flash security, article seem to miss that point.