

Firefox 3.5.1 Released, fixes Windows load time issue - mikeyur
http://en-us.www.mozilla.com/en-US/firefox/3.5.1/releasenotes/#

======
umbrae
Even more important in 3.5.1, that JIT vulnerability is fixed:

MFSA 2009-41 Corrupt JIT state after deep return from native function

[http://www.mozilla.org/security/announce/2009/mfsa2009-41.ht...](http://www.mozilla.org/security/announce/2009/mfsa2009-41.html)

------
blasdel
See the previous thread: <http://news.ycombinator.com/item?id=696652>

From what I can tell, they didn't actually remove the hideously stupid
tempdir-walking rng-seeding code in NSS -- they just fixed it so it's not
called on XP (at least _most_ of the time), as they think XP's RNG is good
enough for them.

They were planning to still use it intentionally on Win2k and WinCE.

Most of the stupid shit that Mozilla does has a freetard angle of some sort,
and it's possible to understand their motivations. This is just plain
baffling. WTF Mozilla?

~~~
derefr
How do _you_ suggest they gather good entropy on Win2k and WinCE, then? If you
actually do have a better idea, I'd be willing to try my own hand at turning
it into a patch, so let's hear it :)

~~~
blasdel
A) Stop being such affected crypto-wankers, and realize that they don't need
more entropy than the TCP stack.

B) Given that (A) is basically untenable for them, find entropy by _looking at
the user's Mozilla profile_.

It's bizarre that they're looking in IE's messy cache directory when they have
their own tidy one that they fully control! There's all kinds of lovely
compact entropy to be found there, especially with the SQLite databases that
it keeps.

