Mozilla Releases Firefox 26.0

The Mozilla organization today released a new version, 26.0, of its Firefox Web browser, for all platforms: Windows, Linux, and Mac OS X.  The new version includes fixes for 14 identified security vulnerabilities, five of which Mozilla rates at Critical severity.  There are also some other bug fixes:

• Text rendering on Windows 7 or 8
• Improved page load times
• MP3 back end on OS X

This version also incorporates some new features:

• Java plugins default to “click to play”
• H.264 is supported on Linux
• Password manager supports script-generated password fields

More details are available in the Release Notes.

Because of its security content, I recommend that you update your system as soon as you conveniently can.  You can get the new version using the built-in update mechanism, or you can get a complete installation package, in any of 70+ languages, from the download page.

Mozilla Updates Firefox, Thunderbird

Earlier this week, the Mozilla organization released new versions of its Firefox browser and Thunderbird E-mail client, for all platforms: Mac OS X, Linux, and Windows.

The new version, 24.0, of Firefox includes fixes for 17 identified security vulnerabilities, including seven that Mozilla rates as Critical, and four that it rates as High  severity.  It also includes several performance and stability improvements; more information is available in the Release Notes.  You can obtain the new version of FIrefox via the built-in update mechanism, or download a complete installation package, in a variety of languages.

The new version of Thunderbird, also 24.0, has fixes for 13 security vulnerabilities; Mozilla rates six of these as Critical, and three as High severity.  It also includes some new capabilties, including the ability to watch or ignore message threads, and the ability to zoom the composition window.  There are also some miscellaneous bug  fixes.  More detail is available in the Release Notes.   As with Firefox, you can get the new version using the built-in update capability, or download a complete installation package.

Because of the security fixes included in these releases, I recommend that you update your systems as soon as you conveniently can.

Mozilla Updates Firefox, Thunderbird

Last week, the Mozilla organization released a new version, 23.0, of its Firefox browser, for all platforms (Linux, Windows, and Mac OS X).   The new version fixes 13 identified security vulnerabilities.  Mozilla rates four of these as being of Critical severity, and seven as High severity.

In addition, the new version introduces some new and changed capabilities.  It incorporates mixed content blocking, to protect against eavesdropping and “man-in-the-middle” attacks on secure pages.  It also incorporates a new Options panel for the Web Developer Toolbox.

This version also removes the JavaScript options from the Preferences page, and resets all values to the defaults.  (The controls under about:config  still work, but they are for experts.)  The rationale is that, because JavaScript is so widely used, turning it off breaks an unacceptable number of Web pages.  The suggested alternative, for those concerned about JavaScript-based exploits, is to use the NoScript extension, which allows more selective control.  Although my initial reaction to the Preferences change was negative, on reflection I think this approach, with NoScript, really is the better way to go.   I have been using NoScript myself for several years, and recommend it.

For further information on these changes, please see the Firefox Release Notes.  You can obtain the new version using the built-in update mechanism, or download a complete installation package.

Mozilla also released a new version, 17.0.8, of its Thunderbird E-mail client for Linux, Windows, and Mac OS X.  This is a security release, which fixes eight identified vulnerabilities; Mozilla rates two of these as Critical, and six as High severity.  For more information, see the Thunderbird Release Notes.

As with Firefox, you can obtain the new version via the built-in update mechanism, or download a complete installation package.

Because of the security content of these releases, I recommend that you upgrade your systems if you have not already done so.

Security Updates in Thunderbird 17.0.7

Mozilla has released a new version, 17.0.7, of its Thunderbird E-mail client, for Windows, Linux, and Mac OS X.  This release includes fixes for eight identified security vulnerabilities, four of which Mozilla rates as Critical. The Release Notes don’t really have much else to say.

Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can. You can get the new version via the built-in update mechanism, or you can download a complete installation package here.

Mozilla Releases Firefox 22

Today the Mozilla organization released a new version, 22.0, of its Firefox browser for Linux, Windows, and Mac OS X.  The new version includes some new features:

• HTML5 audio/video playback rate can now be changed
• Social services management implemented in Add-ons Manager
• The WebRTC communications API is now enabled by default
• Additional optimizations for JavaScript

There are also several miscellaneous improvements, and fixes for 14 identified security vulnerabilities, four of which Mozilla categorizes as Critical.  Further information is available in the Release Notes.

Because of its security content, I recommend that you update your Firefox installations as soon as you conveniently can.  You can obtain the new version via the built-in update mechanism, or you can download a complete installation package, in your choice of language(s).

Update Tuesday, 25 June, 16:25 EDT

This blog post on the Mozilla Blog explains some of the new features in more detail.

A Tastier Selection of Cookies

I’ve written here a number of times about browser cookies: small pieces of text that your browser stores on your system at the request of a Web server.  The cookie’s contents can be returned to the server with a later HTTP request.  The cookie mechanism was developed to provide a means of maintaining state information in the otherwise stateless HTTP protocol, which deals only in page requests and responses; the concept of logging in to a Web site, or having a session, is grafted onto the underlying protocol via the cookie mechanism.  This can lead to some security problems; it also impacts users’ privacy, since cookies are very widely used to track users as they browse to different sites.  (For example, those ubiquitous “Like” buttons from Facebook can set tracking cookies in your browser, even if you never visit the Facebook site itself.)

For some time now, several browsers have offered an option to disallow so-called “third party” cookies: those set by sites other than the one you are visiting.  And  Apple’s Safari browser, as well as development builds of Mozilla’s Firefox, have included heuristics to accomplish something similar.  These are helpful, but imperfect, since the definition of a “third party” is not as precise as one might like.  For example, XYZ.COM might have a companion domain for videos, XYZ-MEDIA.COM; logically, both are part of the same site, but simple heuristics won’t see things that way.

Now, according to an article at Ars Technica, Stanford University, along with the browser makers Mozilla and Opera Software, is establishing a Cookie Clearinghouse to serve as a sort of central cookie  rating agency.

The Cookie Clearinghouse intends to provide lists of cookies that should be blocked or accepted. Still in the planning stages, it will be designed to work in concert with the heuristics found in Firefox in order to correct the errors that the algorithmic approach makes.

The Clearinghouse is just being set up, so it’s too early to say how much it will help.  Similar cooperative efforts have helped reduce the impact of spam, phishing, and malicious Web sites, though, so we should hope for the best.