Mozilla details security holes fixed in Firefox 14

Following the recent release of Firefox 14, Mozilla has now detailed all the major bugs and exploits that were fixed in the new versions of Firefox, Thunderbird and the SeaMonkey “all-in-one internet application suite." As they are all based on the same platform, Gecko, the latest versions of Firefox, Thunderbird and SeaMonkey have fixed many holes, some of which are rated “Critical” by the project. Updates have also been released for the Enterprise versions of Firefox and Thunderbird.

Some of the critical vulnerabilities include a code execution through javascript: URLs, a JSDependentString::undepend string conversion which could result in memory corruption, some bad code in Gecko that could cause memory corruption and some miscellaneous memory safety hazards. According to Mozilla, these vulnerabilities could be exploited by an attacker to run code and install software, requiring no user interaction beyond regular web browsing.

Mozilla's blog post states, “Firefox has new features that make browsing more secure and Web applications like games more powerful.” It states that Firefox automatically secures Google searches to protect a user’s data from potentially prying eyes such as network administrators, when using public or shared Wi-Fi networks. Google is currently the only search engine that allows Firefox to make a user’s searches private, but Mozilla is looking forward to supporting additional search engines with this feature in the future.

Many security holes were fixed

The brand goes on to state that Firefox makes it easier to see a website’s verified identity by changing the way a user displays the icon to the left of the URL. Mozilla add,s “For developers, Firefox now supports Pointer Lock API to allow applications, including first-person games to better control the mouse. Firefox now supports native full screen mode on OS X Lion 10.7 for a better experience with videos and Web games like Mozilla’s BrowserQuest.”

Commenting on the latest version of Firefox, a report by The Inquirer states, “It cited its own HTML5 Browserquest game as an example of improved performance. With HTML5 expected to become the markup language of choice for web-based games developers, it seems a very good time for Firefox to support it. Since Mozilla has put Firefox on its six-week rapid release schedule the organisation has come in for vocal criticism, with some people within Mozilla's developer community questioning whether the move has resulted in users flocking to Chrome. Although Mozilla has produced an extended support release of Firefox, the problems Mozilla has had getting users to download and install the standard version suggest that only the most informed users will move to the long-term release.”

The list of security holes that Mozilla has patched up can be found here.

To download the latest version of Firefox, click the link here.