heise Security - 02 April 2013
Mozilla has released Firefox 20, the latest update to the browser.
Firefox 20: per-window privacy and fixes three critical bugsMozilla has released Firefox 20, the latest update to the browser. As has been the case with most recent Firefox updates, there is a limited number of new features and a number of security fixes. Amongst the
new features is the per-window private browsing, first seen in the beta of Firefox 20;
this gets around the problem of having to restart Firefox when wanting a session which does not record history or discloses user information via cookies. Now, users can just open a private window while also keeping their normal windows open.
Another feature, as previewed in the beta release, is the new "
download experience". The old
download window has gone in Firefox 20, replaced by a pane in the browser history window – the current status of downloads can be seen by clicking on a
download progress button next to the address bar of the browser. The browser has also gained the ability to close hanging plugins without hanging itself.
The three critical security holes listed on the security advisories page include a bypass of "System Only Wrappers" that can allow protected nodes to be cloned, a WebGL flaw which only affects Linux users using Intel Mesa graphics drivers and a selection of memory safety issues. There are also four high severity bugs related to cross site scripting, privilege escalation through the Mozilla Updater or Maintenance Service and an out of bounds write in the Cairo library. Finally there were four medium severity flaws with an out of bounds array read, corruption when rendering grey scale PNG images, origin disclosure in tabs and read write access to the tmp directory.
Security AdvisoriesThe release notes also note that there have been performance improvements in page loading, downloading and shutdowns. Developers will find it is easier to get at the various tools thanks to a reorganised developer menu and Toggle Tools option which quickly displays the Web Console's new default view with an added ability to be popped out into its own window. The redesign around the tools sets out to reduce the clutter of the older design as there are now so many tools available that it was getting hard to see the actual content.
release noteshttp://www.h-online.com/security/news/item/Firefox-20-per-window-privacy-and-fixes-three-critical-bugs-1833854.html
