Firefox security and start-up problems fixed
The Firefox development team has also fixed the slow launch bug in the Windows version. The cause of the problem was that, since some Windows systems lack the Windows CryptoAPI, the developers had chosen the alternative of initialising the Network Security Services random number generator with a seed number generated by reading files from the Internet Explorer cache folder and the Windows temporary file folder. Frequent use can leave both folders containing a large number of files, causing the process to take an inconvenient amount of time. According to the Bugzilla entry, the developers have now replaced the RtlGenRandom CryptoAPI call with CryptGenRandom, available on all systems.
Under Linux and Mac OS X, the NSS library opens the
/dev/urandom pseudo-file so there is no significant delay in seeding the generator. Frans Bourna, who discovered the problem, has stated on Bugzilla, that he has the impression that many Firefox developers don't really give a lot of thought to the Windows version, as most of them are developing on Linux systems and are consequently unaware of potential problems with Windows.
More details about the release can be found in the release notes. Firefox 3.5.1 is available to download in over 70 different languages for Windows, Mac OS X and Linux. Firefox binaries are released under the Mozilla Firefox End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.
- Corrupt JIT state after deep return from native function, security advisory from Mozilla.
- Mozilla confirms critical vulnerability in Firefox 3.5, a report from The H.
- Slow Firefox 3.5 start up time, a report from The H.
- First Zero Day Exploit for Firefox 3.5, a report from The H.