Mozilla Fixes Firefox 9 Crash Issue With Update

Mozilla followed up its Firefox 9 release earlier this week with an update aimed at swatting a bug causing browsers to crash.

Mozilla followed up its Firefox 9 release earlier this week with an update aimed at swatting a bug causing browsers to crash.

The fix was issued Wednesday with Firefox 9.0.1, and addresses the issue for users across Mac, Windows and Linux, though Mac users were reportedly affected the most. The source of the problem appears ironically to have been a faulty bug fix included in Firefox 9. Mozilla addressed the issue by removing the patch in the update. 

The update came roughly 24 hours after the company released Firefox 9 with fixes for several vulnerabilities, including a number of hazardous bugs outlined in four “critical” security advisories.  

Among the critical vulnerabilities addressed in Firefox 9 are two that underscore security concerns tied to HTML5, noted Johannes B. Ullrich of the SANS Technology Institute. One is MSFA 2011-58, which deals with a crash caused when scaling an OGG <video> element to extreme sizes. The other is MSFA 2011-55, which addresses a flaw in Mozilla’s SVG implementation that could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler.

“One problem that was pointed out by various people is the fact that the addition of the <video> and <audio> tags requires the inclusion of respective file format parsers in the browser,” he blogged. “These parsers have been known in the past to be the source of various security issues.”

The two other critical advisories tied to Firefox 9 deal with a crash in the YARR regular expression library that could be triggered by JavaScript in Web content and several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of the memory bugs could be exploited to corrupt memory in certain circumstances and possibly to run arbitrary code, according to Mozilla.

In addition to the critical bugs, Mozilla also plugged a security hole classified as “high” risk that could be exploited to trigger a crash for Mac users. Also fixed was a bug that under certain circumstances could be used to enable a malicious Web page to fool a user into interacting with a prompt thinking it came from the browser or mail program. That vulnerability, MSFA 2011-56, was classified as “moderate.”

Suggested articles

Discussion

  • Anonymous on

    That's it.That's why Avant browser release a silent update for its dual-core browser.

    Now the new version works both in my firefox and avant browser with firefox engine.

  • Anonymous on

    That's it.That's why Avant browser release a silent update for its dual-core browser.

    Now the new version works both in my firefox and avant browser with firefox engine.

  • terrence on

    Firefox 9.0.1 has been crashing CONSTANTLY on my windows 7 (running on an Acer Desktop). 

    Other versions of Firefox have never crashed on me as much as this DOG has - most of them hardly crshed at all!

  • Anonymous on

    Firefox 9.0.1 still crashes constantly on Windows. The 'bug-fix' release has made no difference whatsoever.

    It crashes whether or not plugins are enabled.

    From my experience it would appear to crash immediately with any site with any active content - i.e. anything with flash or java 'widgets' - normal text pages seem OK.

  • JohnyBrambo on

    BUG FIX!!! Y U NO FIX BUGS!?!?

     

    I've got 9.0.1 from the begining and I really dislike those constant updates of firefox. Too fast and too furious MOZILLA DEVELOPERS!! Slow down, and take a good look for what you've done with 9th version

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.