Mozilla ships Firefox 31, adds search to new tab page

Patches 14 vulnerabilities, beefs up malware blocker

Mozilla yesterday released Firefox 31, patching 14 vulnerabilities, debuting a search box on the new tab page and adding a Google-provided service that detects and blocks known malicious files before they're downloaded.

The new tab page change was easily the most noticeable to users.

Along with the nine thumbnails representing the user's most-frequently-visited websites, the new tab page in Firefox 31 now sports a search field above those thumbnails. Typing a search string in the box initiates a search on Google, unless the user has changed the default search engine. If the Firefox user has changed the search engine -- say, to Yahoo or Bing -- that choice is also used in the new tab page's search box.

Mozilla's decision to add a search field to the new tab page -- which appears when users press Ctrl-T (Windows) or Cmd-T (OS X), or when they click on the "+" symbol in the tab bar -- followed a similar move by Google in September 2013. Mozilla first deployed the changed new tab page last month in the beta channel of Firefox 31.

With the introduction of a search field in the new tab page, Mozilla users now have three different places in the browser's UI (user interface) where they can begin a search: In the address bar (called "Awesome Bar" by Mozilla) and the separate search field, both at the top of the window; and on the new tab page.

Behind the scenes, Firefox 31 also got a beefed up implementation of Google's "Safe Browsing," the Mountain View, Calif. company's umbrella API (application programming interface) for sniffing out, then blocking malicious websites.

Safe Browsing has long been used by Google's Chrome, but it has also been tapped by Firefox and Apple's Safari to warn users of risky sites before they actually visited them.

Chrome, however, has always had a big advantage, as Google has never documented the API for outsiders, and thus has been able to leverage Safe Browsing to more effectively block rogue sites and incipient downloads than either Firefox or Safari.

According to Mozilla, Google has "offered an application reputation feature to detect malicious downloads as part of Google Safe Browsing since 2012," but still has not documented the API. That meant Mozilla had to experiment with the API. The open-source developer published its findings on its site.

Mozilla admitted that it would not be able to match Chrome's effectiveness in detecting and blocking potentially-malicious files from making it onto a user's system, in part because of a higher incidence of false positives. "Using Google's API, we can never do better than Chrome," the company acknowledged.

"Of the 327 URLs that the release version of [Firefox 31] did not catch, Chrome caught 286 of them," Mozilla said in admitting that its rival did a better job.

Also part of Firefox 31 were patches for 14 security vulnerabilities, four of them rated "critical," Mozilla's top-ranking threat. Of the remainder, five were pegged "high," four as "moderate," and one as "low."

The bugs fixed were the usual mix of "use after free" memory flaws and buffer overflows, with odds and ends thrown in. Coincidentally, Mozilla patched a bug in Microsoft's DirectWrite -- the API is used to render sharper text in Windows Vista and later -- that could be exploited by hackers.

Google just added support for DirectWrite to Chrome 37's beta build last week.

Firefox 31 can be downloaded for Windows, OS X and Linux from Mozilla's website.

Firefox 31 search box
Firefox 31 adds a search box to the new tab page, aping Chrome's similar design change of last year.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies