Mozilla Foundation Security Advisory titled the issue the “dangling pointer crash regression from plugin parameter array” and labeled it as having critical impact. The problem was discovered by Mozilla developer Daniel Holbert, who reported on July 20 that the fix to the plugin parameter array crash that had been introduced in the earlier Firefox build (3.6.7) unleashed a crash that showed signs of memory corruption. As an effect of this, the plugin instance’s parameter array could be freed too soon in some cases, leaving a dangling pointer that could be called by the plugin. This translates into the risk of executing attacker-controlled memory.
The previous bag of stability and security fixes had been dropped in the web browser less than a week ago when version 3.6.7 of Firefox has been released, fixing plenty of critical vulnerabilities. These could have been exploited to launch remote code execution attacks. An attacker successfully exploiting them could have gained control over the computer and, depending on the privileges of the logged user, install programs, view or change data.
With version 3.6 continuing to improve both security and stability, Mozilla is also looking in perspective and adds new features in the upcoming Firefox 4. Future releases of this edition of the application pushes in a new set of features designed to raise the standards in tab usage. We took a peek into the Beta 3 pre-release build, code-named Minefield and bumped into the visual tab interface feature.
The new tab management feature introduced by Firefox approaches tab grouping according to your tasks. It allows you to gather tabs on the same subject of interest into a single group. Moreover, you can launch only that group so that nothing else hinders your web research. The amount of flexibility injected into the new approach allows you to move the tabs from one group to another, stack them up into thumb view or fan them out into a preview window.
Follow me on Twitter @Ionut_Ilascu