Patch/Configuration Management, Vulnerability Management

Firefox updates for security, user add-on control

Mozilla on Tuesday released Firefox 8, the latest iteration of its open-source web browser, which includes a number of new features and defense against seven vulnerabilities.

Four of the security flaws were rated as "critical" and are susceptible to drive-by downloads, meaning a victim's machine can be infected with malicious code merely by the user visiting a website. The other three bugs were deemed "important" and, if exploited, could result in sensitive data being stolen from users.

The more noticeable adjustments to the browser include a search box that accommodates queries across Twitter. In addition, the new version prevents the default installation of plug-ins distributed by third parties, a move that is designed to put more control into the hands of Firefox users.

"Third-party applications frequently install bundled add-ons into Firefox as part of their own installation process," explained an August blog post from Mozilla. "While some of these applications seek the user's permission beforehand, others install add-ons into Firefox without checking to make sure the user actually wants them."

The default installation of these plug-ins can slow down page rendering, clutter the browser window and lead to security issues, as these add-ons often aren't up to date on patches, Mozilla said.

The new version of the browser replaces Firefox 7, which was released less than two months ago. Meanwhile on Tuesday, both Microsoft and Adobe issued fixes to their software products.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.