Firefox Patches 11 Security Bugs

Friday, September 30, 2011 @ 03:09 PM gHale

Mozilla patched 11 vulnerabilities in the desktop edition of Firefox as it upgraded the browser to version 7.

Firefox 7 patched 11 security vulnerabilities, 10 of which were rated “critical,” the company’s most serious threat rating; the sole exception was “moderate.”

Study: Poor Patching Allows Windows Malware
Hack Attack: 700,000 Sites Hit
Browser Update Really a Worm
Malware Hits IE, then Attacks Firefox

Because Mozilla now bundles security patches almost exclusively with each version upgrade, users stuck on Firefox 6 or earlier must update to quash the bugs.

Two of the critical vulnerabilities patched were in Firefox’s implementation of WebGL, a 3-D rendering standard Firefox and Google’s Chrome comply with. One of the pair was reported to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL.

The other was credited to a member of Google’s security team.

Firefox has received several patches specific to WebGL since Context recommended users and administrators disable the standard in Mozilla’s browser and in Chrome.

Mozilla also released Firefox 3.6.23, a security update that patched four vulnerabilities. That aging edition — Mozilla first shipped Firefox 3.6 in January 2010 — is still maintained, in part because enterprise users have resisted adopting the rapid release cadence.

For Firefox, release 7 marks the third consecutive upgrade Mozilla has met its every-six-week deadline for a new version of the browser.

The biggest improvement to Firefox 7 is a reduction in memory use. Mozilla has previously claimed the upgrade slashes memory consumption by as much as 50%.

“Firefox [7] manages memory more efficiently to deliver a nimble Web browsing experience,” Mozilla said when it launched the new edition. “Users will notice Firefox is faster at opening new tabs, clicking on menu items and buttons on websites.”

Most users will see a 20%-to-30% reduction in memory usage compared to Firefox 4, Mozilla said, but in some situations that can climb to 50%.

Mozilla said that Windows users will see the most benefit.

The company also said the memory diet has boosted the browser’s performance, especially in scenarios where users have opened numerous tabs and leave Firefox running for long stretches.

Firefox has always hogged memory, criticism prompting Mozilla to kick off the “MemShrink” project, designed to drive down Firefox’s memory use and close “memory leaks” — bugs that prevented memory releasing to the system when tabs close.

Other changes that debuted in Firefox 7 included a new hardware acceleration framework to speed up HTML5 rendering, and an opt-in tool called Telemetry that lets users send performance data to Mozilla.

Leave a Reply

You must be logged in to post a comment.