Mozilla to Firefox: 'Browser, heal thyself'

Upgrade to Firefox 21 patches 15 security bugs, adds 'Firefox Health Report' tool

Mozilla on Tuesday released Firefox 21, adding more social media connections, tweaking the Do Not Track privacy setting and rolling out a new tool that long term, aims to create a self-healing browser.

The open-source developer also patched 15 vulnerabilities in the upgrade. Nine of those were rated "critical" by the company's security team.

Mozilla highlighted the new social media connections now built into Firefox in a blog post. The company debuted its Social API (application programming interface) last November with Firefox 17, which added a sidebar to show Facebook chat sessions and updates, including new comments, in the browser.

Firefox 21 now also supports the Cliqz, Mixi and msnNOW services with similar sidebars. Cliqz is a German-based news aggregator which already offers iOS and Android apps; Mixi is a Japanese social media network with an estimated 22 million users; and msnNOW is a Microsoft-owned news aggregator that claims approximately 13 million unique visitors monthly.

Although the developer preview of Firefox -- dubbed "Nightly" to note how often they're updated -- has also used the Social API to support the Chinese micro-blogging service Weibo since early April, Weibo did not make the final cut for Firefox 21.

According to a Mozilla spokeswoman, Weibo remains in testing.

Also new to the browser is a minor modification to the Do Not Track (DNT) privacy setting that expanded the choices to a trio. Where previously Firefox offered options that told compliant websites whether the user wanted to be tracked for advertising purposes, a third has been added that states, "Do not tell sites anything about my tracking preferences."

The third option is the new default setting for Firefox.

Mozilla also added a feature called "Firefox Health Report" (FHR) to the browser. FHR collects information -- speed of startup, number of crashes, number of add-ons and plug-ins -- and then displays the data to give users a better understanding of Firefox's performance, and provide tools to solve problems.

FHR is in its early stages, Mozilla cautioned, but it has plans for the tool, including using the reported data -- by default, the statistics are automatically sent to Mozilla -- to craft support documents.

Mozilla has even bigger ambitions for FHR. "In many cases, we will be able to detect these problems before they get out of hand, and your browser can start healing itself," said Johnathan Nightingale, Mozilla's vice president of Firefox engineering, in a blog post.

Firefox health report
Mozilla claims that as it adds more features and tools to Firefox Health Report, it will be able to build a browser that fixes itself.

Users can disable the data reporting from the FHR display, which can be called up by selecting "Firefox Health Report" from the browser's Help menu.

More information about FHR has been published on Mozilla's support site.

Two of the additions -- in-browser access to social media and FHR -- are examples of unique features Mozilla has added to Firefox as it tries to stay in second place. According to measurements taken by Net Applications, Firefox was used by 20.3% of the world's online users during April, more than enough to trump third-place Chrome's 16.4% but still less than half the 55.8% share of Microsoft's Internet Explorer.

After slumping slightly in the second half of 2012, Firefox has regained those losses and returned to a share about equal to what it had a year ago.

Firefox for Android was also updated Tuesday with support for a pair of open-source fonts Mozilla claimed make text easier to read on smaller screens, and other under-the-hood changes to improve the browser's compatibility with HTML5, the next-generation website design language.

Along with the new features and enhancements, Firefox 21 also patched 15 vulnerabilities, nine rated critical, Mozilla's highest threat ranking, five tagged as "high," and one labeled "moderate."

One of the critical bugs was reported by Nils, a German researcher who goes only by his first name. Nils is a notable vulnerability researcher, one of a two-man team who won $100,000 in early March for hacking Google's Chrome at the Pwn2Own contest.

Also patched were two vulnerabilities in the Mozilla Maintenance Service on Windows, which powers the browser's silent updates. A different bug in the service was quashed by Firefox 20 when it debuted in early April.

Security researcher Abhishek Arya, a Google engineer better known as "Inferno," was credited with reporting six memory corruption flaws. Inferno specifically, and Google's security team generally, have reported scores of vulnerabilities to Mozilla based on their "fuzzer" stress testing.

Windows, Mac and Linux editions of Firefox 21 can be downloaded manually from Mozilla's site; already installed copies will upgrade automatically. Users of Firefox for Android can retrieve the update from the Google Play store.

The next version of Firefox is scheduled to ship June 25.

This article, Mozilla to Firefox: 'Browser, heal thyself', was originally published at Computerworld.com.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies