Firefox 8 Patches 8 Bugs

Thursday, November 10, 2011 @ 09:11 PM gHale


Mozilla released Firefox 8 Tuesday, patching eight security vulnerabilities and also added Twitter search to the browser.

Since Mozilla kicked off its every-six-week upgrade cycle last summer, each new Firefox has had relatively few visible changes. This release also held serve in terms of the look.

RELATED STORIES
Zeus Now Using Autorun
Old Becomes New: DLL Loading is Back
Weak Sites Victimize Visitors
Beware of Printers Spreading Malware

Firefox 8 added Twitter as a choice in its search bar, letting users look up topics, hashtags and usernames on the micro-blogging service. Twitter search is currently available only in the English, Japanese, Portuguese and Slovenian editions of Firefox.

Mozilla also made good on a promise last August to automatically disable add-ons installed without user approval. Behind-the-back add-ons have cropped up at times, most recently in January when one bundled with Skype caused so many browser crashes that Mozilla blacklisted it. When users start Firefox 8, all add-ons surreptitiously installed end up turned off by default.

Other changes and enhancements to Firefox 8 include on-demand tab loading at startup for faster restored sessions, and developer support for additional features of the hardware-accelerated 3D graphics standard, WebGL.

The upgrade also fixed eight vulnerabilities, five of them rated “critical,” the most-serious ranking in Mozilla’s threat scoring system. The remaining three bugs were “high,” the next-most-serious rating.

One of the patches was for a data theft bug originally fixed in August when Mozilla launched Firefox 6, but which came back in Firefox 7 after developers launched a new Windows graphics acceleration framework, dubbed “Azure,” in the September upgrade.

Mozilla blamed a Mac-only vulnerability on Apple and Intel, saying the flaw could let attackers sniff out secrets by monitoring a Mac’s graphics processor.

“This problem is due to a bug in the driver for Intel integrated GPUs [graphics processing units] on recent Mac OS X hardware,” Mozilla said.

Mozilla released Firefox 3.6.24, a security update that patched three vulnerabilities. The aging edition — Mozilla shipped Firefox 3.6 in January 2010 — still gets support, in large part because enterprise users have resisted the company’s rapid release tempo.

But the end is in sight for Firefox 3.6, as Mozilla rescheduled an upgrade originally slated for last month and canceled at the last minute. The pitch, which will urge users to upgrade to Firefox 8, will now appear Nov. 17.

According to plans previously outlined by Mozilla, the company intends to stop patching Firefox 3.6 three months after it offers users the upgrade opportunity.



Leave a Reply

You must be logged in to post a comment.