Firefox 17.0 is out.
The new version fixes an officially-listed 2365 bugs, from 770056 (tab bar background does not change when window goes inactive) to 636245 (Device Manager window size is hardcoded in XUL).
With Firefox on a rapid release cycle, like Chrome and many other modern software projects, x.0.1 and x.0.2 updates are increasingly rare. Bugs can be fixed and new features introduced without the need for two flavours of release process. This ought, in theory, to be faster, safer and much more efficient.
(The previous version, 16, was the exception that proves the rule, of course, with three critical patches emitted in two post-dot-zero updates, 16.0.1 and 16.0.2. Before that you need to go back to version 10 for a routine update that itself needed an update.)
This time there are 16 bundles of fixes that get their own Mozilla Foundation Security Advisory (MFSA) pages.
Six of these are considered critical because they patch vulnerabilities that the development team are treating as remotely exploitable:
|MFSA 2012-91||Miscellaneous memory safety hazards (19 listed bugs)|
|MFSA 2012-92||Buffer overflow while rendering GIF images|
|MFSA 2012-94||Crash when combining SVG text on path with CSS|
|MFSA 2012-104||CSS and HTML injection through Style Inspector|
|MFSA 2012-105||Use-after-free and buffer overflow issues|
|MFSA 2012-106||Use-after-free, buffer overflow, and memory corruption|
As usual these days, browser updates are one of those actions for which we generally recommend that you “just do it”.
Unless you’re on Mac OS X 10.5 (Leopard).
From today, as originally announced back in February, Firefox on the Mac is available only for OS X 10.6 and later.
In the words of Alex Keybl, Release Management Team Lead, “After a five year run, it’s time for a big cat nap.”
If you’ve still got Leopard systems to worry about – at least, if you look after systems that are stuck on 10.5 because Apple itself disowned them, meaning you can’t upgrade OS X, let alone your applications – then you might as well jump ship.
Consider migrating to an operating system distro that still makes technical and security sense on your hardware. (I’m trying to say just switch to some sort of Linux without using the L-word.)
PS. Don’t shoot the messenger – but if you do switch to Linux, don’t forget about anti-virus. If you must, then make what you consider an informed decision not to use it. But don’t [a] forget about it or [b] assume you have Magic Smoke that works instead.