Firefox 10 relieves add-on updating pain
Mozilla patches 8 vulnerabilities, delivers first enterprise edition
Computerworld - Mozilla today patched eight vulnerabilities in Firefox as it shipped the latest iteration in its rapid release schedule.
Firefox 10, sixth in the line of updates that have been rolling off the development line every six weeks since mid-2011, fixed half a dozen flaws rated "critical," Mozilla's highest threat ranking, and another two labeled "high."
One of the notable vulnerabilities addressed in Firefox 10 could open users to cross-site scripting (XSS) attacks because the browser did not properly run a security check when calling untrusted scripting objects, said Mozilla.
"The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts," an accompanying advisory noted.
Mozilla also fixed several bugs that caused Firefox crashes, including one traced to a recent Java update that Apple shipped to users last year.
Although Mozilla touted several new features in Firefox 10 it thought were important to developers, the most noticeable change to users is the browser's ability to automatically mark nearly all add-ons as compatible with each upgrade.
Firefox users have complained about incompatible add-ons since Mozilla shifted to the faster release schedule last summer, as add-on developers have been slow to revamp their code or tag their extensions as suitable for the newest edition.
Mozilla began automatically marking add-ons as compatible back in March 2011 when it launched Firefox 4, but limited that move to extensions distributed through its own website; Firefox 10 does the same for all add-ons, including those not available from Mozilla.
Automatic add-on compatibility marking is one component Mozilla has identified as necessary for a "silent update" mechanism to match that in Google Chrome, which upgrades itself without any user action.
Other pieces, however, are not ready: The final part of the service is now slated to appear in Firefox 13, set to release in early June, or six weeks later than Mozilla's estimate when it shipped Firefox 9 last month.
Mozilla also released Firefox 3.6.26, the latest security update for the two-year-old browser, to patch five vulnerabilities, four of them critical.
Firefox 3.6 is closing on retirement: Mozilla has said it will stop shipping security updates for the browser after April 24.
To replace Firefox 3.6 -- which many enterprises retained when they balked at upgrading every six weeks -- the company also kicked off the first edition of Firefox ESR (extended support release).
Firefox 10 ESR will be supported with security updates through its 54-week lifespan, but its user interface and feature set will not change during that stretch. Mozilla will upgrade ESR users to a new edition starting Nov. 20, 2012.
Windows, Mac and Linux editions of Firefox 10 can be downloaded manually from Mozilla's site. People running Firefox 4 or later will be offered the upgrade through the browser's own update mechanism.
The next version of Firefox is scheduled to ship March 13.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts