Mozilla ships Firefox 6, patches 10 vulnerabilities

And it fixes flaws in still-supported Firefox 3.6

Mozilla today released Firefox 6, the second edition since it shifted to a rapid-ship cycle that delivers a new version of the browser every six weeks.

The company also patched 10 bugs with the upgrade, and issued an update to 2010's Firefox 3.6 that fixed seven flaws total, six of them different than the ones quashed in Firefox 6.

Today's release of Firefox 6 was the second time in a row that Mozilla met its self-imposed deadline since the debut of a faster shipping schedule in March. Mozilla has historically struggled to ship browser upgrades on time, but is now 2-for-2 after picking up the pace.

Although Mozilla listed more than 1,600 changes to Firefox 6 in a full bug list, the open-source developer called out only a few in its release notes, among them highlighting domain names in the address bar -- both Chrome and Microsoft's Internet Explorer 9 (IE9) do something similar by boldfacing domain names -- reducing startup time and for developers, adding a JavaScript prototyping tool called Scratchpad.

There is very little difference between Firefox 6's user interface and that of its immediate predecessor, Firefox 5, or the slightly older Firefox 4.

Under the hood, however, Mozilla has added a new permissions manager that lets advanced users tweak options on a per site basis. The new manager, which can be reached by typing "about:permissions" in the browser's address bar, can be used to modify settings for password capture, cookies, pop-ups and more.

On the security front, Mozilla patched vulnerabilities in both Firefox 3.6 and Firefox 6.

Five of the seven bugs fixed in Firefox 3.6.20 were rated "critical," the company's most serious threat rating; the two exceptions were tagged as "high."

Eight of the 10 bugs quashed in Firefox 6 were also rated critical, with two labeled high.

Because Mozilla now bundles virtually all security patches with each version upgrade, users stuck on Firefox 4 are now running a browser vulnerable to 20 different bugs.

According to Web metrics vendor Net Applications, about 9% of the people using Firefox as of the end of July were running Firefox 4.

One of the critical vulnerabilities patched today was in Firefox's implementation of WebGL, a 3-D rendering standard that both Chrome and Firefox comply with. The bug was reported to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL.

Previously, Context recommended that users and administrators disable WebGL in Chrome and Firefox.

1 2 Page
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies