Mozilla today is releasing updates to its flagship Firefox browser for both desktop and mobile device users. Firefox 25 provides new features, including enhanced Web audio capabilities ,and delivers at least 10 security updates for the open-source browser.
Mozilla rates as critical five of the security updates for Firefox 25. All five of the issues relate to various memory corruption risks that could potentially enable an attacker to use system memory to launch arbitrary code.
Firefox 25 also provides a security fix for a flaw that leverages the HTML iframes element. Mozilla warned in its security advisory that there was a flaw by which an attacker could maliciously manipulate an iframe with the PDF.js library for rendering PDFs.
“This can be used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object,” Mozilla advised. “This can lead to information disclosure of local system files.”
Mozilla is also providing a fix for a spoofing security flaw that is rated as having moderate severity.
“Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within <select> elements and place it in arbitrary locations,” Mozilla warned in its advisory. “This can be used to spoof the displayed address bar, leading to click-jacking and other spoofing attacks.”
Firefox 25 for Android introduces a concept called “guest browsing,” which will complement regular and private-mode browsing options.
“Guest browsing opens an entirely clean Firefox profile, which means the guest cannot access any bookmarks, settings or other data associated with the owner’s Firefox browser,” Karen Rudnitski, Firefox for Android product manager, told eWEEK. “With private browsing, Firefox doesn’t store the information on the Web pages you are visiting, but you still have access to your own bookmarks, non-private history, settings and customizations you have made.”
Firefox 25 also marks the debut of new Web audio capabilities in the open-source Web browser. While Firefox has supported the HTML5 audio tag since 2009, the new feature in Firefox 25 goes beyond what has been available to date.
The audio tag is for media playback (playback of audio) while the new Web Audio API is a powerful tool for audio generation, Gavin Sharp, lead Firefox engineer at Mozilla explained to eWEEK.
Another enhancement in Firefox 25 is one that aims to help make it easier for users to find content inside a Web page. “The Find bar now is no longer persistent on every tab,” Sharp said. “This means the Find bar is there when you want to use it but is no longer there when you move on to a new tab and no longer need to find something.”
Most existing Firefox desktop users will get the new browser update as an automatic background update today. It is also available as a free download from Mozilla.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.