Mozilla released its first web browser update for 2019 on Jan. 29, with the debut of Firefox 65.
The open-source Firefox 65 web browser improves a number of different features and has a strong focus on helping to advance user privacy. Mozilla is integrating redesigned controls in the updated browser release to enable users to more easily identify and set the level of privacy protection they want. The privacy controls are part of Mozilla’s larger effort to enhance tracking protection for web users.
“Simplified content blocking settings give users standard, strict, and custom options to control online trackers,” Mozilla states in the Firefox 65 release notes.
The Firefox 65 release follows Firefox 64, which was released in December 2018, providing users with improved tab management features.
Online trackers can take many forms that collect and monitor user activities on web services. With the updated privacy controls in Firefox 65, Mozilla is giving users different options for the level of tracking to block. The “Standard” mode will only block known trackers when a user is running a private window. The “Strict” mode will block all trackers that Firefox detects, which might result in some sites not working properly. The “Custom” mode gives user the choice of what they want to block, including different trackers and cookies.
Stack Smashing Protection
For the Linux, macOS and Android editions of Firefox 65, Mozilla is implementing stronger stack smashing protection to help prevent application exploits. Stack smashing is a form of buffer overflow vulnerability that can put systems at risk.
“Stack smashing is a common security attack in which malicious actors corrupt or take control of a vulnerable program,” Mozilla stated.
For those looking to better understand browser performance, Mozilla has improved the Task Manager page in Firefox 65, providing better visibility into how memory is being used for each browser tab. Firefox now also finally supports the WebP image format that was first introduced by Google in October 2010 as a more optimized approach for online images.
“WebP offers both lossless and lossy compression modes, and typically produces files that are 25-34 percent smaller than equivalent JPEGs or PNGs with the same image quality,” Mozilla developers Chris Mills and Dan Callahan wrote in a developer blog. “Smaller files mean faster page loads and better performance, so this is obviously a good thing.”
Mozilla is also issuing seven security advisories alongside the Firefox 65 update, with three of flaws rated as being critical.
Two of the critical advisories (CVE-2018-18501 and CVE-2018-18502) deal with memory safety bugs that, if exploited, could have enable an attacker to run arbitrary code. The other critical vulnerability is CVE-2018-18500, which was reported to Mozilla by security researcher Yaniv Frank from Sophos Labs.
“A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements,” Mozilla warned in its advisory. “This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.