Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Internet, Web Apps and Networking

Reply
 
Thread Tools Display Modes
Old 31. May 2010, 08:07 AM   #1 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,270
Default Vulnerability in Firefox 3.6.3/3.5.9

A few days ago, Secunia PSI 1.5.0.2 was released. I ran it today, and found that Secunia now has a security advisory on Firefox 3.6.3, because of a vulnerability being discovered. The vulnerability has also been confirmed in Firefox 3.5.9. The vulnerability is less critical though, and can be avoided by staying away from malicious websites.

A new version of Firefox is supposed to be released soon... probably next week. Hopefully, this vulnerability will be patched in the latest version.

Here is the Secunia advisory :

http://secunia.com/advisories/39925/
__________________
Anupam
Anupam is online now   Reply With Quote
Old 22. Jun 2010, 09:46 PM   #2 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,270
Default Firefox 3.6.4

Firefox 3.6.4 has been released, and is now available on the Mozilla site. Apart from fixing various security and stability issues, the most significant update in this latest version is the out-of-process plugins. Means, if a plugin like Flash Player crashes, it won't affect the rest of the browser.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 23. Jun 2010, 11:59 PM   #3 (permalink)
Senior Member
 
Join Date: Feb 2010
Location: Bangalore
Posts: 183
Default

comes with extra process running in memory = plugin-container.exe (36MB app) - I believe its a browser sandbox kind of thing...
tushR is offline   Reply With Quote
Old 24. Jun 2010, 05:09 AM   #4 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,270
Default

The size of the process varies. Yes, it is a kind of sandbox... its used to contain plugins, so that if they crash, it does not affect the rest of the browser. Just yesterday only, flash player crashed on me, but because of this feature, the browser did not crash. It was only a matter of reloading the page, and it was good again. So, its working well .

Just for sometime, the process started taking too much memory, and started hogging the CPU. But, I think that was because of the slow speed of my internet at that time. After that, it worked fine, and I did not have any problem.

Still, I do hope that Mozilla does not extend this into tabs. Because, presently Firefox is performing the memory management quite well. I do not want it to go the route of Chrome/Iron etc, and start sandboxing individual tabs, because it would make Firefox a super memory hog I think. Even though the sandboxing thing makes the browser more secure, still I wish Firefox stays the same.
__________________
Anupam
Anupam is online now   Reply With Quote
Old 24. Jun 2010, 05:16 AM   #5 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Anupam like you , I wish Firefox stays the same. I don't like that extra
process and it disturbs Sandboxie a little bit so I don't feel comfortable
with this new version.
Bo
bo.elam is offline   Reply With Quote
Old 26. Jun 2010, 07:51 AM   #6 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Here are a couple of links about the plugin container. I already got use to it
and don't mind it anymore. FF is running nice.

http://forums.mozillazine.org/viewto...27621#p9527621
http://forums.mozillazine.org/viewto...f=38&t=1930019

Bo
bo.elam is offline   Reply With Quote
Old 26. Jun 2010, 08:01 AM   #7 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default

Same here guys! I don't want Firefox to change too much. Thankfully, there's always "about:config" so that we can customize it as we want to....

I've disabled the "sandbox" thingy for firefox since I don't think that it's necessary right now.
Concerned User is offline   Reply With Quote
Old 26. Jun 2010, 08:17 AM   #8 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

@concerned user. I thought about doing that but I decided against it
because that would be like keeping the browser not updated, and that
is a no/no. My FF never crashed before because of a plugin but I guess
it does happen and that is the reason Mozilla implemented this container
thing. So if your plugin crashes, the browser wont crash. Thats not a bad
idea and my memory and CPU usage is the same. What bothered me at
first is that Sandboxie and Defense Wall had some issues with the plugin
container but I already figured them out and every thing is working nice.
So, if I was you I would undo the changes in about:config unless you have
a issue like the ones I had and can not resolve it.
What is your issue with the plug in container?
Bo
bo.elam is offline   Reply With Quote
Old 26. Jun 2010, 04:59 PM   #9 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default

@ bo.elam: To be very honest, I've had no crashes except for the rare youtube or metacafe (both flash related of course! ).

Maybe I'm just old fashioned or something......This out of tab processes thing does not appeal to me. Don't get me wrong. This is a great idea since your browsing session would be uninterrupted.

I would rather prefer it to be one single process (yeah, I know it hogs CPU, but so does Chrome, Opera and IE). Most crashes which people experience could be due to:

1. Not updating the flash plugin
2. Opening too many tabs especially sites which have streaming video stuff.
3. Having low ram

I'm using an addon called bartab which unloads tabs after a specific period of time (user preference), reducing the memory usage. You can also make it to keep specific sites to be continuously loaded if you want to. This has taken care of my memory issues so far along with noscript.

https://addons.mozilla.org/en-US/firefox/addon/67651/

Maybe eventually I'll grow to like this OOP thing. So far, I don't see the need for it. That's all.

Looks like I'm not alone either in not liking OOP:

http://arstechnica.com/open-source/n...0#comments-bar
Concerned User is offline   Reply With Quote
Old 26. Jun 2010, 05:30 PM   #10 (permalink)
Senior Member
 
Join Date: Nov 2009
Posts: 445
Default

Hi,

Have been following this thread from the start.
Updated Firefox a couple of days ago to 3.6.4 but have not seen plugin-container.exe running. After reading other members' posts I did a little check in my about: config settings and found out that dom.ipc.plugins.enabled is set to "false" by default (and I haven't change it - yet), though individual dom.ipc.plugins.enabled.XXX are set to "true".

So, could it be that this particular setting needs to be set to "true" for plugin-container.exe to run? And if yes, why is the default "false"?

I only have the default Mozilla, Flash, Java (platform) and IE Tab2 plugins installed.

Cheers,
26Dolphins
26Dolphins is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 10:14 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.