Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Mozilla Updates Firefox 24 With 17 Security Advisories

    By
    Sean Michael Kerner
    -
    September 17, 2013
    Share
    Facebook
    Twitter
    Linkedin
      Firefox

      Mozilla on Sept. 17 released its latest open-source Firefox browser update for both Android as well as desktop versions for Windows, Mac and Linux operating systems. The Firefox 24 release is light on new user-facing features and heavy on security fixes, providing 17 security advisories, seven of which Mozilla has rated “critical.”

      Among the critical vulnerabilities that Mozilla is fixing in Firefox 24 are a number of memory safety related security issues.

      “Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,” the Mozilla Foundation Security Advisory (MFSA) 2013-76 states. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

      There is also a use-after-free flaw with the “select” HTML element. A use-after-free memory error is one where authorized memory is able to be used by unauthorized elements after it is no longer in use. Mozilla noted in its security advisory that security researcher Scott Bell used Google’s open-source Address Sanitizer tool in order to find the flaw. Google commonly uses Address Sanitizer itself to find use-after-free flaws in its own Chrome browser.

      Memory corruption that could be triggered simply by scrolling a document is another critical flaw that Firefox 24 is fixing. Mozilla credits famed security researcher Nils for finding and reporting the flaw. Nils first gained media notoriety when as an unknown security researcher, he showed up at the 2009 Pwn2Own hacking challenge and was able to demonstrate previously unknown zero-day flaws in Internet Explorer, Firefox and Safari Web browsers.

      Nils is also credited with the discovery of a potentially exploitable use-after-free issue that he found in an early test version of Firefox 25. Mozilla has found that they can also fix the same issue in Firefox 24.

      The integrity of Mozilla updates is also going to get a bit better with Firefox 24 with improvements to protect the Mozilla Archive (MAR) file that is part of the Mozilla update process.

      “Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater,” Mozilla warned in its advisory. “This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used.”

      Features

      From a feature perspective, Mozilla provided details on what to expect in Firefox 24 beta version of the browser first became available in August. One of the new user-facing features is the ability to close tabs to the right.

      “When we open new tabs, they appear on the end, and so, naturally, tabs that have a longer lifetime end up being promoted to the start-side of the bar,” Jared Wein, senior software engineer at Mozilla, wrote in a blog post. “This leads us towards the situation where closing tabs ‘to the right’ is a simple way of closing the ephemeral tabs.”

      Mozilla is still also working on a redesign of the Firefox interface, known as Australis.

      Australis is an intensive redesign of the browser surface, Johnathan Nightingale, Mozilla’s vice president of Firefox Engineering, told eWEEK. “It’s really exciting stuff, but that means that there’s a lot of testing to be done before it lands,” Nightingale said. “We’re performance-testing it now, and once we’re confident it’s the fastest Firefox ever, we’ll ship it to the Nightly testing audience.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×