Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called “a stability problem that affected some pages with embedded plug-ins”.
The company had released Firefox 3.6.7 two days earlier .
Mozilla patched one critical security bug in the newest update, according to an advisory also published Friday. “In certain circumstances, properties in the plug-in instance’s parameter array could be freed prematurely, leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory,” the warning read.
The bug surfaced in one of the 16 patches that Mozilla applied to Firefox earlier in the week.
Details of that vulnerability, and the stability problem that Beltzner mentioned, were not available to the public as of Saturday.
Several Firefox users, however, had filed numerous reports to the browser’s support forum of problems with Adobe’s Flash Player plug-in after updating to Firefox 3.6.7.
Friday’s patch-and-release was the second in two months for Mozilla. Just three days after updating Firefox to version 3.6.4 in late June, Mozilla delivered another update because people playing Farmville complained that their browser was shutting down the Facebook game. The company said that a new “out of process plug-ins” feature, designed to keep the browser running when a plug-in crashed, was kicking in too quickly.
The older Firefox 3.5 browser, which was upgraded to version 3.5.11 last Tuesday, is not affected by the security bug or the plug-in stability problem.
Users can update to Firefox 3.6.8 by downloading the new edition or by selecting Check for Updates from the Help menu in the browser.