Firefox 17 arrives - 2365 bugs zapped, OS X Leopard left behind

Filed Under: Featured, Firefox, Vulnerability

Firefox 17.0 is out.

The new version fixes an officially-listed 2365 bugs, from 770056 (tab bar background does not change when window goes inactive) to 636245 (Device Manager window size is hardcoded in XUL).

With Firefox on a rapid release cycle, like Chrome and many other modern software projects, x.0.1 and x.0.2 updates are increasingly rare. Bugs can be fixed and new features introduced without the need for two flavours of release process. This ought, in theory, to be faster, safer and much more efficient.

(The previous version, 16, was the exception that proves the rule, of course, with three critical patches emitted in two post-dot-zero updates, 16.0.1 and 16.0.2. Before that you need to go back to version 10 for a routine update that itself needed an update.)

This time there are 16 bundles of fixes that get their own Mozilla Foundation Security Advisory (MFSA) pages.

Six of these are considered critical because they patch vulnerabilities that the development team are treating as remotely exploitable:

Advisory Overview
MFSA 2012-91 Miscellaneous memory safety hazards (19 listed bugs)
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-104 CSS and HTML injection through Style Inspector
MFSA 2012-105 Use-after-free and buffer overflow issues
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption

As usual these days, browser updates are one of those actions for which we generally recommend that you "just do it".

Unless you're on Mac OS X 10.5 (Leopard).

From today, as originally announced back in February, Firefox on the Mac is available only for OS X 10.6 and later.

In the words of Alex Keybl, Release Management Team Lead, "After a five year run, it's time for a big cat nap."

If you've still got Leopard systems to worry about - at least, if you look after systems that are stuck on 10.5 because Apple itself disowned them, meaning you can't upgrade OS X, let alone your applications - then you might as well jump ship.

Consider migrating to an operating system distro that still makes technical and security sense on your hardware. (I'm trying to say just switch to some sort of Linux without using the L-word.)

PS. Don't shoot the messenger - but if you do switch to Linux, don't forget about anti-virus. If you must, then make what you consider an informed decision not to use it. But don't [a] forget about it or [b] assume you have Magic Smoke that works instead.

, , , , ,

You might like

6 Responses to Firefox 17 arrives - 2365 bugs zapped, OS X Leopard left behind

  1. Any reason the new update would make viewing videos on Youtube or loading apps on Facebook pretty much impossible?

  2. 2,365 bugs zapped...

    What does that tell us, class?

    That Firefox is a bloated POS with a too quick release schedule and shoddy QA (if any)...

    As Woody Allen said, summing up the human condition in five words: "Nothing works and nobody cares."

  3. Willard · 1047 days ago

    FIrefox also lost 5 years of passwords and did a complete reset on top of that!!!

  4. BobC · 1046 days ago

    No bugs with my update. So far anyway. (He said with fingers crossed)

  5. aharris · 1045 days ago

    Just to mention that TenFourFox 17.0 works on G-3, G-4 and G-5 PowerPC macs running OS X 10.4 (Tiger) and 10.5 (Leopard).

    Editor: I submitted an earlier version without the emphasis on PPCs, so please delete that and run this instead.

    Thanks, Arthur

  6. smidgen barnes · 1035 days ago

    17.01 is already out. That didn't take long. LOL

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog