What’s New in Firefox 3.5.2
Firefox 3.5.2 fixes the following issues:
* Several security issues.
* Images with ICC profiles now render properly on all monitors.
Please see the complete list of changes in this version. You may also be interested in the Firefox 3.5.1 release notes for a list of changes in the previous version.
Security Advisories for Firefox 3.5
* Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
* High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
* Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
* Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
Fixed in Firefox 3.5.2
MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:126.96.36.199/188.8.131.52)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
Fixed in Firefox 3.5.1
MFSA 2009-41 Corrupt JIT state after deep return from native function
MFSA 2009-35 Crash and remote code execution during Flash player unloading
Fixed in Firefox 3.5
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__ on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/184.108.40.206)
Before installing, make sure your computer meets the system requirements.
* Windows 2000
* Windows XP
* Windows Server 2003
* Windows Vista
* Pentium 233 MHz (Recommended: Pentium 500MHz or greater)
* 64 MB RAM (Recommended: 128 MB RAM or greater)
* 52 MB hard drive space
* Mac OS X 10.4 and later
* Macintosh computer with an Intel x86 or PowerPC G3, G4, or G5 processor
* 128 MB RAM (Recommended: 256 MB RAM or greater)
* 200 MB hard drive space
Please note that Linux distributors may provide packages for your distribution which have different requirements.
* Firefox will not run at all without the following libraries or packages:
o GTK+ 2.10 or higher
o GLib 2.12 or higher
o Pango 1.14 or higher
o X.Org 1.0 or higher
* For optimal functionality, we recommend the following libraries or packages:
o NetworkManager 0.7 or higher
o DBus 1.0 or higher
o HAL 0.5.8 or higher
o GNOME 2.16 or higher
Mozilla provides Firefox 3.5 for Windows, Linux, and Mac OS X in a variety of languages. You can get the latest version of Firefox 3.5 here. For builds for other systems and languages not provided by Mozilla, see the Contributed Builds section at the end of this document.
Please note that installing Firefox 3.5 will overwrite your existing installation of Firefox. You won’t lose any of your bookmarks or browsing history, but some of your extensions and other add-ons might not work until updates for them are made available. You can reinstall an older version later if you wish to downgrade.
You can remove Firefox 3.5 through the Control Panel in the Start Menu on Windows, by removing the Firefox application on OS X, or by removing the firefox folder on Linux.
Removing Firefox 3.5 won’t remove your bookmarks, web browsing history, extensions or other add-ons. This data is stored in your profile folder, which is located in one of the following locations depending on your operating system:
Windows Vista Users\<UserName>\AppData\Roaming\Mozilla\Firefox
Windows 2000, XP, Server 2003 Documents and Settings\<UserName>\Application Data\Mozilla\Firefox
Mac OS X ~/Library/Application Support/Firefox
Linux and Unix systems ~/.mozilla/firefox
Any version of Firefox that you install after removing Firefox 3.5 will continue to use the data from this profile folder.
Extensions and Themes
Extensions installed under Firefox 3 may be incompatible and/or require updates to work with Firefox 3.5. Please report any issues to the maintainer of the extension. When you install Firefox 3.5 all of your Extensions and Themes will be disabled until Firefox 3.5 determines that either a) they are compatible with the Firefox 3.5 release or b) there are newer versions available that are compatible.
This list covers some of the known problems with Firefox 3.5 which will be fixed in future updates or releases:
* After installing this version, users will not be able to return to a previous beta version of Firefox 3.5 without creating a new profile (see bug 488966)
* Restoring your bookmarks from a backup can take some time, during which the browser may seem unresponsive (see bug 493731)
* After using Clear Recent History some SSL sites will not load all images and styles without pressing reload (see bug 480619)
* Firefox 3.5 will only support color profiles as specified by ICC v2, later versions will add support for ICC v4 (see bug 463221)
* Websites using the new downloadable font support that wish to change the color using :hover will also need to add text-rendering : optimizeLegibility for font sizes less than 20 pixels (see bug 495455)
* Some sites with Flash can cause problems with the Cookies dialog (see bug 495035)
* Web pages can no longer automatically install PKCS11 cryptographic tokens. Users are now required to do this manually or install an Add-on that installs them (see instructions and documentation)
* Pressing enter in the Location Bar will not do anything if you are running AVG SafeSearch v8.0 or lower. Upgrading AVG SafeSearch fixes the problem (see bug 479095)
* If you select Fax from the Print Dialog, the Windows Fax dialog will appear and then disappear. Faxing still works from other applications (see bug 440486)
Mac OS X
* If the user repeatedly changes the paper size and asks for a Print Preview, Firefox may crash (see bug 495567)
Linux and Unix
* Zooming out on some sites may result in grey or black lines appearing (see bug 477552)
* Poorly designed or incompatible extensions can cause problems with your browser, including make it crash, slow down page display, etc. If you encounter strange problems relating to parts of the browser no longer working, the browser not starting, windows with strange or distorted appearance, degraded performance, etc, you may be suffering from Extension or Theme trouble. Restart the browser in Safe Mode. On Windows, start using the "Safe Mode" shortcut created in your Start menu or by running firefox.exe -safe-mode. On Linux, start with ./firefox -safe-mode and on Mac OS X, run:
When started in Safe Mode all extensions are disabled and the Default theme is used. Disable the Extension/Theme that is causing trouble and then start normally.
* If you uninstall an extension that is installed with your user profile (i.e. you installed it from a Web page) and then wish to install it for all user profiles using the -install-global-extension command line flag, you must restart the browser once to cleanse the profile extensions datasource of traces of that extension before installing with the switch. If you do not do this you may end up with a jammed entry in the Extensions list and will be unable to install the extension globally.
* If you encounter strange problems relating to bookmarks, downloads, window placement, toolbars, history, or other settings, it is recommended that you try creating a new profile and attempting to reproduce the problem before filing bugs. Create a new profile by running Firefox with the -P command line argument, choose the "Manage Profiles" button and then choose "Create Profile...". Migrate your settings files (Bookmarks, Saved Passwords, etc) over one by one, checking each time to see if the problems resurface. If you do find a particular profile data file is causing a problem, file a bug and attach the file.
Frequently Asked Questions
1. What can I do to help?
We need help from developers and the testing community to provide as much feedback as possible to make Firefox even better. Please read these notes and the bug filing instructions before reporting any bugs to Bugzilla. You can also give us your feedback through this feedback form.
2. Why haven’t you responded to the mail I sent you?
Use the newsgroup. The Firefox team reads it regularly, and your email may have gotten lost.
3. Where can I get extensions and themes (add-ons)?
Extensions and Themes can be downloaded from Firefox Add-ons.
4. Who makes Firefox 3.5?
Lots of people. See Help->About Mozilla Firefox, Credits for a list of some of the people who have contributed to Firefox 3.5.
5. Where’s the Firefox 3.5 source code?
A tarball of the Firefox 3.5 source code is available for download. The latest development code can be obtained through Mercurial. Firefox-specific source is in mozilla-central's "browser", "toolkit", and "chrome" directories. Please follow the build instructions.
6. Where is the mail client?
Firefox 3.5 works with whatever mail client is the default on your system. However, we recommend Mozilla Thunderbird, our next-generation email client and the perfect complement to Firefox.
These are unofficial builds and may be configured differently than the official Mozilla builds. They may also be optimized and/or tested for specific platforms. You can browse through the available contributed builds on the FTP site.
Other Resources and Links
The following resources contain useful information about Firefox 3.5
* Firefox Support Page
* MozillaZine's Knowledge Base
* Developer Information