Trade Resources Industry Views Mozilla Adding More Flexible Private Browsing and Patching 13 Vulnerabilities

Mozilla Adding More Flexible Private Browsing and Patching 13 Vulnerabilities

Mozilla on Tuesday shipped Firefox 20, adding more flexible private browsing and patching 13 vulnerabilities, five rated "critical" by the company's security team.

Along with the privacy change, Mozilla also revamped Firefox's download manager and added a crash tool that warns when a plug-in has hung for at least 11 seconds. Users can then shut down the offending plug-in rather than rebooting the browser.

But the window-based "Private Browsing" option was the most noticeable change to Firefox. Previously, Firefox saved the current tabs and opened a single privacy window, then reloaded the earlier tabs when the mode was shut down. Now users can open a private window but leave the browser, and its already-open tabs, untouched.

In a blog post announcing Firefox 20, Mozilla billed the change as helpful to "shop for a birthday gift" or "to check multiple email accounts simultaneously." Others, however, regularly refer to such browser features as "porn mode" in the belief that that's their primary application.

Per-window Private Browsing puts Firefox almost on par with Chrome and Microsoft's Internet Explorer 10 (IE10), both which offer per-tab privacy modes.

All the major browsers offer a privacy mode of some kind. Safari was the first to add one in 2005, followed by Chrome, then IE and Firefox in 2009, and finally Opera Software's Opera in 2010. They all work much the same, letting users browse without leaving obvious traces in the application by shutting off the recording of sites visited and files downloaded, and preventing cookies and passwords from being saved. Any lingering evidence is purged from the browser at the end of the session.

Along with the window-based Private Browsing add, Firefox 20 also sports a new download manager that gives users a better view on what files are being or have been downloaded, and easier assess to them for launching or opening. Users call up the new tool by clicking a button just to the right of Firefox's search field.

That button location, and most of the features Mozilla instituted, are reminiscent of Safari's download manager, which debuted in July 2011 with version 5.1.

Firefox for Android was also updated Tuesday with per-tab Private Browsing, and Mozilla extended support to some smartphones that rely on less powerful processors from the older ARMv6 architecture, including Samsung's Galaxy Next and Galaxy Q, and HTC's Legend.

Along with the new features, Firefox also received 13 security patches, five rated critical, Mozilla's highest threat ranking, four judged "high," and another four labeled "moderate." One of the vulnerabilities was an Android-only bug.

Of the 13, one of the more interesting was a DLL load hijacking vulnerability in the Mozilla Updater, a component of the company's update service. Mozilla patched a similar flaw last year in the upgrade to Firefox 13.

As in last year's vulnerability, this flaw could be used to load malware on a Windows PC, assuming the hackers had local file system access through other means.

Windows, Mac and Linux editions of Firefox 20 can be downloaded manually from Mozilla's site; already installed copies will upgrade automatically. Users of Firefox for Android users can retrieve the update from the Google Play store.

Source: http://www.computerworld.com/s/article/9238086/Mozilla_refines_Firefox_s_private_browsing_patches_13_browser_bugs
Contribute Copyright Policy
Mozilla Refines Firefox's Private Browsing, Patches 13 Browser Bugs