Gizmo's Freeware Forum

Gizmo's Freeware Forum (
-   Internet, Web Apps and Networking (
-   -   Vulnerability in Firefox 3.6.3/3.5.9 (

Anupam 31. May 2010 08:07 AM

Vulnerability in Firefox 3.6.3/3.5.9
A few days ago, Secunia PSI was released. I ran it today, and found that Secunia now has a security advisory on Firefox 3.6.3, because of a vulnerability being discovered. The vulnerability has also been confirmed in Firefox 3.5.9. The vulnerability is less critical though, and can be avoided by staying away from malicious websites.

A new version of Firefox is supposed to be released soon... probably next week. Hopefully, this vulnerability will be patched in the latest version.

Here is the Secunia advisory :

Anupam 22. Jun 2010 09:46 PM

Firefox 3.6.4
Firefox 3.6.4 has been released, and is now available on the Mozilla site. Apart from fixing various security and stability issues, the most significant update in this latest version is the out-of-process plugins. Means, if a plugin like Flash Player crashes, it won't affect the rest of the browser.

tushR 23. Jun 2010 11:59 PM

comes with extra process running in memory = plugin-container.exe (36MB app) - I believe its a browser sandbox kind of thing...

Anupam 24. Jun 2010 05:09 AM

The size of the process varies. Yes, it is a kind of sandbox... its used to contain plugins, so that if they crash, it does not affect the rest of the browser. Just yesterday only, flash player crashed on me, but because of this feature, the browser did not crash. It was only a matter of reloading the page, and it was good again. So, its working well :).

Just for sometime, the process started taking too much memory, and started hogging the CPU. But, I think that was because of the slow speed of my internet at that time. After that, it worked fine, and I did not have any problem.

Still, I do hope that Mozilla does not extend this into tabs. Because, presently Firefox is performing the memory management quite well. I do not want it to go the route of Chrome/Iron etc, and start sandboxing individual tabs, because it would make Firefox a super memory hog I think. Even though the sandboxing thing makes the browser more secure, still I wish Firefox stays the same.

bo.elam 24. Jun 2010 05:16 AM

Anupam like you , I wish Firefox stays the same. I don't like that extra
process and it disturbs Sandboxie a little bit so I don't feel comfortable
with this new version.

bo.elam 26. Jun 2010 07:51 AM

Here are a couple of links about the plugin container. I already got use to it
and don't mind it anymore. FF is running nice.


Concerned User 26. Jun 2010 08:01 AM

Same here guys! I don't want Firefox to change too much. Thankfully, there's always "about:config" so that we can customize it as we want to:)....

I've disabled the "sandbox" thingy for firefox since I don't think that it's necessary right now.

bo.elam 26. Jun 2010 08:17 AM

@concerned user. I thought about doing that but I decided against it
because that would be like keeping the browser not updated, and that
is a no/no. My FF never crashed before because of a plugin but I guess
it does happen and that is the reason Mozilla implemented this container
thing. So if your plugin crashes, the browser wont crash. Thats not a bad
idea and my memory and CPU usage is the same. What bothered me at
first is that Sandboxie and Defense Wall had some issues with the plugin
container but I already figured them out and every thing is working nice.
So, if I was you I would undo the changes in about:config unless you have
a issue like the ones I had and can not resolve it.
What is your issue with the plug in container?

Concerned User 26. Jun 2010 04:59 PM

@ bo.elam: To be very honest, I've had no crashes except for the rare youtube or metacafe (both flash related of course! :D).

Maybe I'm just old fashioned or something....:D..This out of tab processes thing does not appeal to me. Don't get me wrong. This is a great idea since your browsing session would be uninterrupted.

I would rather prefer it to be one single process (yeah, I know it hogs CPU, but so does Chrome, Opera and IE). Most crashes which people experience could be due to:

1. Not updating the flash plugin
2. Opening too many tabs especially sites which have streaming video stuff.
3. Having low ram

I'm using an addon called bartab which unloads tabs after a specific period of time (user preference), reducing the memory usage. You can also make it to keep specific sites to be continuously loaded if you want to. This has taken care of my memory issues so far along with noscript.

Maybe eventually I'll grow to like this OOP thing:). So far, I don't see the need for it. That's all.

Looks like I'm not alone either in not liking OOP:

26Dolphins 26. Jun 2010 05:30 PM


Have been following this thread from the start.
Updated Firefox a couple of days ago to 3.6.4 but have not seen plugin-container.exe running. After reading other members' posts I did a little check in my about: config settings and found out that dom.ipc.plugins.enabled is set to "false" by default (and I haven't change it - yet), though individual dom.ipc.plugins.enabled.XXX are set to "true".

So, could it be that this particular setting needs to be set to "true" for plugin-container.exe to run? And if yes, why is the default "false"?

I only have the default Mozilla, Flash, Java (platform) and IE Tab2 plugins installed.


All times are GMT +1. The time now is 11:08 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.