The Mozilla organization today released version 17.0 of its Firefox browser, for Mac OS X, Windows, and Linux. The new version incorporates some new capabilities:
- A revision to the Social API, and support for Facebook Messenger
- “Click to Play” blocking of outdated or vulnerable browser plugins. Plugins on the block list will not be loaded unless the user specifically approves them.
- “Sandbox” attribute implemented for iframes, to improve security
This release also fixes 16 identified security vulnerabilities. Mozilla rates 6 of these as having Critical severity, and 9 as High. There are also several miscellaneous bug fixes; further details are available in the Release Notes.
Because of the security fixes incorporated in this release, I recommend that you update your systems as soon as you conveniently can. You can use the update mechanism built into the browser (Help / About Firefox / Check for Updates), or you can get a complete installation package from the Firefox download page.
Update Tuesday, 20 November, 21:45 EST
The “Webmonkey” blog at Wired has an article discussing the new Social API capability in more detail.
Update Tuesday, 20 November, 22:12 EST
Ars Technica also has a review of the new Firefox release.
I should have noted earlier that this release drops support for Mac OS X 10.5 (Leopard). It is also an Extended Support release, and will receive security updates for 54 weeks.
Posted by Rich 
