Firefox updates for security, user add-on control

Share this article:

Mozilla on Tuesday released Firefox 8, the latest iteration of its open-source web browser, which includes a number of new features and defense against seven vulnerabilities.

Four of the security flaws were rated as "critical" and are susceptible to drive-by downloads, meaning a victim's machine can be infected with malicious code merely by the user visiting a website. The other three bugs were deemed "important" and, if exploited, could result in sensitive data being stolen from users.

The more noticeable adjustments to the browser include a search box that accommodates queries across Twitter. In addition, the new version prevents the default installation of plug-ins distributed by third parties, a move that is designed to put more control into the hands of Firefox users.

"Third-party applications frequently install bundled add-ons into Firefox as part of their own installation process," explained an August blog post from Mozilla. "While some of these applications seek the user's permission beforehand, others install add-ons into Firefox without checking to make sure the user actually wants them."

The default installation of these plug-ins can slow down page rendering, clutter the browser window and lead to security issues, as these add-ons often aren't up to date on patches, Mozilla said.

The new version of the browser replaces Firefox 7, which was released less than two months ago. Meanwhile on Tuesday, both Microsoft and Adobe issued fixes to their software products.

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.