TidBITS Watchlist: Notable Software Updates for 10-Aug-09
QuarkXPress 8.1 from Quark is a maintenance update to the professional desktop publishing software. The latest version adds a Native Transparency mode that increases PDF output support and enables greater control over PDF workflow. Changes also include a refreshed spell checker, the capability to paste text without formatting, added Scale functionality, compatibility with the forthcoming Mac OS X 10.6 Snow Leopard, and enhancement of the Usability and Item Styles features. The update is available via Quark’s Web site. ($799 new, free update, 662 MB)
Firefox 3.5.2 from Mozilla is a security and stability update to the popular Web browser. The latest version addresses several security issues that could lead to attackers executing arbitrary JavaScript with elevated privileges, executing arbitrary code, and intercepting and spoofing what could appear to be encrypted communications. The update’s security notes also identify a crashing bug that could lead to memory corruption, but Mozilla has no fix at the moment and recommends that concerned users disable JavaScript until a
version that does address this issue is released. (Our take is that you’re probably fine unless you frequent dubious sites.) Finally, the update ensures images with ICC profiles render correctly on all displays. (Free update, 17.6 MB)
Notable Software updates for *10th* of August?
We live in the future!
Actually, we tag the Watchlist article with the date of the next email issue (which is sent every Monday). That way, we can collect all of the miscellaneous updates that don't necessarily warrant their own articles into one article.
(PSA: You can subscribe to the free weekly issue at http://www.tidbits.com/list, or click the Email link at the top left of any TidBITS Web page.)
You wrote:
> a crashing bug that could lead to memory
> corruption, but Mozilla has no fix at the moment
but the MFSA 2009-45 page (you linked it right
there) clearly states that the bug was _fixed_ in
Firefox 3.5.2. Why do you say "has no fix"?
Doug's away right now, but I think the way the report is written, it encourages the workaround of turning off JavaScript until a fix is installed. It's also possible this page changed in some way since Doug originally read it.