Firefox updates for security, user add-on control

Share this article:

Mozilla on Tuesday released Firefox 8, the latest iteration of its open-source web browser, which includes a number of new features and defense against seven vulnerabilities.

Four of the security flaws were rated as "critical" and are susceptible to drive-by downloads, meaning a victim's machine can be infected with malicious code merely by the user visiting a website. The other three bugs were deemed "important" and, if exploited, could result in sensitive data being stolen from users.

The more noticeable adjustments to the browser include a search box that accommodates queries across Twitter. In addition, the new version prevents the default installation of plug-ins distributed by third parties, a move that is designed to put more control into the hands of Firefox users.

"Third-party applications frequently install bundled add-ons into Firefox as part of their own installation process," explained an August blog post from Mozilla. "While some of these applications seek the user's permission beforehand, others install add-ons into Firefox without checking to make sure the user actually wants them."

The default installation of these plug-ins can slow down page rendering, clutter the browser window and lead to security issues, as these add-ons often aren't up to date on patches, Mozilla said.

The new version of the browser replaces Firefox 7, which was released less than two months ago. Meanwhile on Tuesday, both Microsoft and Adobe issued fixes to their software products.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.