Firefox update fixes security flaws


Several security vulnerabilities in Firefox 16 are being addressed in an update of the browser software released by the Mozilla Foundation. This is the second time in the last two weeks that the browser has had to be updated to address security problems.

All the security issues are related to the “Location” object in the software. One of the flaws, when combined with some plug-ins, could be exploited to perform cross-site scripting attacks on users. Those attacks typically are used to infect Web applications at trusted websites and push malicious code to unsuspecting visitors of those sites.

Another vulnerability involves the CheckURL function in the browser’s code, which could be forced to return a wrong value. Mozilla said this could be exploited in a cross-site scripting attack, or be used to execute arbitrary code to a browser add-on that interacts with the content on a page.

A third defect addressed by the update allowed the security wrapper on the Location object to be bypassed by a hacker.

Mozilla also pushed out an update of its Thunderbird email client to address to fix similar flaws in that program. It explained in a blog on the update that the Location vulnerabilities addressed by the new release would have less impact on Thunderbird because it uses those functions only through RSS feeds and extensions that load Web content.

When Firefox 16 was released on October 9, it addressed vulnerabilities outlined in 14 security advisories, 11 of them “critical.” Within 24 hours of that release, Mozilla halted downloads of the software because of security concerns. To address those concerns, Mozilla released version 16.0.1 of its browser. That release plugged the hole that allowed malicious websites to read the browsing history of visitors to those sites.

New feature puts Facebook in Your Firefox

Mozilla is rolling out a beta version of its new Social API for Firefox. For this release the company worked with Facebook to create Facebook Messenger for Firefox – a Firefox sidebar that brings your Facebook updates with you wherever you go on the web.

If you’d like to test out Firefox’s new Social API features, head over to the beta channel downloads page and grab the latest release. Then point your browser to Facebook, which will prompt you to install the Facebook Messenger for Firefox.

If you don’t visit Facebook you’ll never know the new Social API exists.

That’s exactly as it should be, according to Mozilla’s Johnathan Nightingale, senior director of Firefox engineering. I spoke to Nightingale ahead of the Social API release and he stressed that the Social API is entirely opt-in by design.

“Our plan is not to push anyone into something they don’t want, but to make easier and better for those that already use it.”

The new Social API can be seen as an extension of the App Tabs Mozilla added to Firefox 4. The App Tabs feature recognizes that all tabs are not equal. Some tabs, like e-mail, document editors or news feeds are easier to use when they get a special spot in your browser. The Social API extends that idea even further, bringing social websites out of tabs completely and into a persistent sidebar that you can access without the need to switch tabs or log in.

Social is not like other things that people do on the internet,” says Nightingale, “it runs as a current through everything they’re doing.” The Social API is designed to make it easier to stay in that current even while you’re visiting other sites. For example, Facebook Messenger for Firefox adds a sidebar that is visible even when you switch tabs. It’s easier to keep up with what’s happening because you see updates rolling in even when you’re browsing other sites. Since constant Facebook updates are annoying when you’re trying to get work done, there’s also a way to hide the sidebar until you want it again.

Facebook’s Social API implementation also adds a “like” button to the address bar, which means you can share a page with your friends on Facebook without leaving that page, which is great for sites that don’t offer their own social sharing buttons.

The Firefox Social API consists of a manifest file and few URLs, but the user interface, the features offered and all the other details are up to the social site itself. For now that’s just Facebook, but Nightingale says Mozilla will add more support for more providers, and eventually even for multiple social sites at once. The idea is to make it easy for any site to build on the Social API, much like the OpenSearch API did for custom search engines.

If you don’t use Facebook there’s nothing to see right now. However, after playing around with the new Facebook Messenger it’s not hard to imagine how other sites might do something similar. Twitter is an obvious example, but the Social API is not limited to just “social networks.” For example, GitHub could create a sidebar with, say, all your project updates and pull requests.

The privacy implications of giving social networks a cozier spot in your browser may make some people nervous, but Tom Lowenthal, of Mozilla’s Privacy and Public Policy team, assures users that nothing has changed regarding your data. “Once enabled, Firefox loads several pages from your social network over secure connections,” writes Lowenthal, “These pages are treated just as if you’d loaded them in another browser tab.”

That means Facebook can set cookies and collect data just like it would if you were logged into the site, but neither Facebook, nor any other social network that builds something with the Social API, will get any special treatment or additional data from Firefox. In other words, just because Facebook is persistent in the sidebar doesn’t mean it has access to any additional information from your browser.

If you’re always logged into Facebook anyway, the new Facebook Messenger for Firefox makes for a smoother, more compelling social network experience. It’s also easy to back out of should you end up disliking it. Those looking for something similar from another social network will just have to wait for those networks to build out their own Social API offerings.

If you liked this Firefox update fixes security flaws, please like, tweet and share this on Facebook, Twitter, Google+, Pin Board or leave a comment. You can also get the latest technical by subscribing to our feed. Don't forgot to share your voice with your friends! They may have also like or have thought on this technical and that will help us to improve our selves!.

Total number of people read this article: 443

Join Our Newsletter

Latest Tamil Cinema news and gossips, like what you read here in this article?
Get more like it delivered to your inbox daily.

You need to do one more thing before you'll start receiving content from us.

  1. Check your email for a message from
  2. Click the link in that email.
  3. If you don't see the email in about 10 minutes, check your spam filter.
  4. Add [email protected] to your list of 'safe senders' in your email program. Otherwise, the content you want might end up in a nasty spam filter. And that's just wrong.

Once you do that, you'll receive the good stuff next time we publish. See you then!

Our Mailing List Policy

We Hate SPAM: Seriously. We don't like to send unsolicited email, and we know you don't like to receive unsolicited email. Below, we outline our Mailing List Policy, which could be summarized simply as "We Hate Spam."

No unsolicited email: We never buy lists of email addresses from other people, period. We never send email newsletters or promotions to people who haven't subscribed, period.

Your email address is safe with us.
We never sell or share your email addresses with other companies.

You can unsubscribe at any time: If you receive a newsletter or email and decide you don't like it, simply click the unsubscribe link at the bottom of the email.

If you feel you've been sent unsolicited email and would like to register a complaint, please email our abuse department.

On this article, we have tried to provide all the information on Firefox update fixes security flaws. However, if you encounter any discrepancy in the information about Firefox update fixes security flaws, do write to us. We welcome any kind of feedback that would improve the quality of the site, a site that strives to provide the best information on Firefox update fixes security flaws.

Centmin Mod

Centmin Mod - Menu based Nginx, PHP-FPM, MariaDB auto installer script for CentOS -