The free software community Mozilla has released Firefox 27 on Monday equipped with better security and performance. This new version is designed to address the issues identified in earlier versions.
Firefox 27, which is developed to deliver new security features and enhanced performance to its users, comes with more than a dozen of security fixes. Four of these fixes, which are "Miscellaneous memory safety hazards," "Incorrect use of discarded images by RasterImage," "Use-after-free with imgRequestProxy and image proccessing," and "Crash when using web workers with asm.js," are ranked as critical.
When a fix is ranked as critical, it means that if it is not applied, it can be used to run attacker code and install software even without user interaction beyond normal browsing.
The "Use-after-free with imgRequestProxy and image processing" is a fix for a memory error that provides a gateway for hackers to control legitimate memory space in launching arbitrary code and one for an unwanted reset to a user's profile discovered by Yazan Tommalieh.
Tommalieh learned that after viewing the default Firefox start page, or home page, the next pages and sites the user will open in that same tab could employ a script that can trigger a button on the home page.
Another fix is for a download dialog box window issue which was reported by security researcher Jordi Chancel.
According to the company's advisory, "the dialog box for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to be potentially opened instead of only saved in some circumstances."
Firefox 27 also includes default support for the Transport Layer Security (TLS) 1.2 specification, "the next logical step in offering sites support for the latest standards with the protections they want," as described to eWeek by Sid Stamm, a privacy and security engineer at Mozilla.
