Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    Mozilla Improves Web Browser Security in Firefox 66 Update

    By
    Sean Michael Kerner
    -
    March 19, 2019
    Share
    Facebook
    Twitter
    Linkedin
      Firefox 66

      Mozilla released the Firefox 66 update on March 19, providing users of the open-source web browser with new features that enhance user experience and improve security.

      Among Firefox 66’s new features is one that blocks websites from auto-playing sound, which can be an annoyance. Also, the search feature within the browser has been improved with enhanced capability to search across multiple open tabs on a user’s system. Additionally, security gets a boost in the new browser release with patches for multiple vulnerabilities and an expansion of the number of web content loading processes.

      “We are working to ensure Firefox users continue to experience best-in-class security and performance,” Eric Smyth, product manager of performance at Firefox, told eWEEK. “Doubling content processes from 4 to 8 will allow you to open more web pages more securely without significantly changing how much memory Firefox uses.”

      Smyth added that expanding the number of web content loading processes is part of Mozilla’s ongoing work to create a browser that is more secure and resilient to security threats. The new release follows Firefox 65, which was released on Jan. 29, integrating improved privacy controls into the web browser.

      With Firefox 66, Mozilla has also improved the way it shows security warnings in the browser to better help users understand risk. Among the warnings that have changes are SSL/TLS certificate error pages. Rather than simply identifying to a user that a given connection is not secure due to an SSL/TLS issue, the new warnings now state that a potential security risk is present and informs users of what steps they can take.

      WebAuthn Support

      Firefox 66 includes support for the new WebAuthn standard based on the FIDO2 protocols, which provide strong authentication capabilities without the need for a password. WebAuthn is an evolution of the FIDO Alliance standards for strong authentication that have been supported in Firefox for several years.

      “As of today, Firefox users on the Windows Insider Program’s fast ring can use any authentication mechanism supported by Windows for websites via Firefox,” J.C. Jon, cryptography engineering lead for Firefox at Mozilla, wrote in a blog post. “That includes face or fingerprint biometrics, and a wide range of external security keys via the CTAP2 protocol from FIDO2, as well as existing deployed CTAP1 FIDO U2F-style security keys.”

      Scroll Anchoring

      A common experience for many visiting a web page is having the content “jump” ahead as slow loading graphics and other media elements push content. In Firefox 66, Mozilla is integrating a web property for scroll anchoring that will provide for smoother scrolling and prevent content from jumping as new content is loaded on a given page.

      Scroll anchoring is achieved with the use of a new draft web specification from the W3C.

      “Changes in DOM elements above the visible region of a scrolling box can result in the page moving while the user is in the middle of consuming the content,” the draft scroll anchoring specification states. “This spec proposes a mechanism to mitigate this jarring user experience by keeping track of the position of an anchor node and adjusting the scroll offset accordingly.”

      Security Updates

      In Firefox 66, Mozilla is also providing 21 security patches for vulnerabilities. The timing of the new security updates comes just ahead of the annual Pwn2Own hacking competition, which gets underway on March 20, where Firefox is a target. At Pwn2Own, researchers are awarded cash prizes for disclosing new zero-day vulnerabilities in software.

      Five of the patched vulnerabilities in Firefox 66 are rated by Mozilla as having critical impact. Among the critical vulnerabilities are multiple use-after-free and memory safety issues (CVE-2019-9790 and CVE-2019-9788). Researcher Samuel Groß of Google Project Zero is credited by Mozilla with reporting an additional pair of critical issues (CVE-2019-9791 and CVE-2019-9792) within Firefox’s IonMonkey just-in-time (JIT) compiler.

      “The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout,” Mozilla warned in a security advisory. “This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×