Mozilla announced the release of Firefox 61 on June 26, providing users of the open-source web browser with new features and patches for 18 security vulnerabilities.
The Firefox 61 milestone comes just over a month since Firefox 60 was released on May 9 and is the fourth major update of Mozilla’s flagship browser thus far in 2018. Among the new features in Firefox 61 are improved performance capabilities that continue to build on the speed gains that the Firefox 57 Quantum release boasted in November 2017. In addition, tab management gets a boost in Firefox 61, enabling power users to manage browser tabs more effectively.
“One of the most popular uses of browser extensions is to help users better manage their open tabs,” Matt “Potch” Claypotch, a developer and web platform advocate at Mozilla, wrote in a blog post. “Firefox 61 ships with new extension APIs to help power users use tabs more powerfully.”
Another new feature in Firefox 61 is Tab Warming, which promises faster response time when switching between tabs, thanks to Firefox pre-emptively loading tabs as a mouse is hovered over the tab.
Speed is further improved in Firefox 61 with the Parallel CSS (Cascading Style Sheet) Parsing capability. One of the first Quantum improvements that Mozilla deployed in Firefox is a new CSS engine that runs in parallel across multiple CPU cores. Firefox 61 adds more power to Quantum CSS by also parallelizing the parsing step, Claypotch said.
“The extra horsepower pays real dividends on sites with large stylesheets and complex layout,” he wrote.
Security
Security gets a boost in Firefox 61, thanks to default support for the Transport Layer Security (TLS )1.3 web encryption specification. TLS 1.3 became a proposed web standard in March, providing improved cryptographic security for data in transit across the web.
Firefox 61 now also has new policy settings that will block access to FTP sub-resources hidden inside of web pages. File Transfer Protocol (FTP) is generally considered insecure as it does not encrypt data transfer.
“The fundamental underlying problem with FTP is that any data transferred will be unencrypted and hence sent across networks in plain text, allowing attackers to steal, spoof and even modify the data transmitted,” wrote Christoph Kerschbaumer, content security tech lead at Mozilla, in a blog post. “To date, many malware distribution campaigns rely on compromising FTP servers, downloading malware on an end user’s device using the FTP protocol.”
Patches
Firefox 61 patches 18 security issues, with Mozilla rating six of the issues as having critical impact.
Among the critical issues is CVE-2018-12359, which is a buffer overflow issue; CVE-2018-12360, which is a use-after-free memory flaw; and CVE-2018-12361, which is in an integer overflow vulnerability. The other three critical Mozilla advisories (CVE-2018-5186, CVE-2018-5187 and CVE-2018-5188) are all identified as being memory safety bugs that could potentially be exploited to run arbitrary code.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.