[+] Wayc0de's Blog[+]


Mozilla Fixes 11 Security Bugs in Firefox 7 Release

Firefox patchMozilla has released Firefox 7, the latest version of its flagship browser, which includes a number of security fixes and other improvements. The new version is being touted as the fastest yet and also includes a new feature meant to conserve memory on users' PCs.

Firefox 7 was pushed out on Wednesday and users who have the automatic update functionality in place should see it downloaded to their machines soon. The new browser is designed to run much faster than even the version that was released just six weeks ago, thanks to improvements in the way that Firefox handles memory usage.

"Firefox 7 now uses much less memory than previous versions: often 20% to 30% less, and sometimes as much as 50% less. This means that Firefox and the websites you use will be snappier, more responsive, and suffer fewer pauses. It also means that Firefox is less likely to crash or abort due to running out of memory," Mozilla officials wrote in a blog post.

" Mozilla engineers started an effort called MemShrink, the aim of which is to improve Firefox’s speed and stability by reducing its memory usage. A great deal of progress has been made, and thanks to Firefox’s faster development cycle, each improvement made will make its way into a final release in only 12–18 weeks. The newest update to Firefox is the first general release to benefit from MemShrink’s successes, and the benefits are significant."

In addition to the memory improvements, there are also are fixes for 11 security vulnerabilities in Firefox 7, including eight critical flaws.

The full list of security fixes:

MFSA 2011-45 Inferring Keystrokes from motion data
MFSA 2011-44 Use after free reading OGG headers
MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope parameter
MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-41 Potentially exploitable WebGL crashes
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-38 XSS via plugins and shadowed window.location object
MFSA 2011-37 Integer underflow when using JavaScript RegExp
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:

On a related note, security researchers are warning that some black hat SEO campaigns are again preying on the new Firefox release to push unsuspecting users to malicious sites. Searching for "Firefox download" can lead to some of these malicious ads on Bing, specifically, warns GFI Labs's Christopher Boyd. You're better off simply going to the official Mozilla Firefox download page or having Firefox download the update automatically.

Tidak ada komentar:

Posting Komentar