Mozilla released Firefox 10 today, including a major update that will make both developers as well as Firefox users happy -- default compatibility of almost all add-ons.
Although default compatibility of add-ons will make a lot of people happy, this change is "prioritized as a P1 and part of achieving 'silent update'." as indicated in the feature tracking entry of "Add-ons Default to Compatible" in Mozilla Wiki.
"Title: Frame scripts calling into untrusted objects bypass security checks
Announced: January 31, 2012
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 10.0, Thunderbird 10.0, SeaMonkey 2.7
Description: Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts."
What's NewThe Release Notes include new and fixed features in version 10. The numerous Bug Fixes are in the link available in References.
- NEW -- The forward button is now hidden until you navigate back
- NEW -- Most add-ons are now compatible with new versions of Firefox by default
- NEW -- Anti-Aliasing for WebGL is now implemented (see bug 615976)
- NEW -- CSS3 3D-Transforms are now supported (see bug 505115)
- HTML5 -- New element for bi-directional text isolation, along with supporting CSS properties (see bugs 613149 and 662288)
- HTML5 -- Full Screen APIs allow you to build a web application that runs full screen (see the feature page)
- DEVELOPER -- We've added IndexedDB APIs to more closely match the specification
- DEVELOPER -- Inspect tool with content highlighting, includes new CSS Style Inspector
- FIXED -- Mac OS X only - after installing the latest Java release from Apple, Firefox may crash when closing a tab with a Java applet installed (700835)
- FIXED -- Some users may experience a crash when moving bookmarks (681795)
- Two-digit browser version numbers may cause a small number of website incompatibilities (see 690287)
- If you try to start Firefox using a locked profile, it will crash (see 573369)
- For some users, scrolling in the main GMail window will be slower than usual (see 579260)
- Some synaptic touch pads are unable to vertical scroll (see 622410)
- Firefox notifications may not work properly with Growl 1.3 or later (see 691662) Unresolved on v10 Resolved in v11
- Under certain conditions, scrolling and text input may be jerky (see 711900)
- Silverlight video may not play on some Macintosh hardware (see 715396)
The upgrade to Firefox 10 will be offered through the browser update mechanism. However, as the upgrade includes a critical security update as well as many bug fixes, it is recommended that the update be applied as soon as possible. To get the update now, select Help, About Firefox, Check for Updates.
If you do not use the English language version, Fully Localized Versions are available for download.
- Common questions after updating Firefox
- Mozilla Firefox Release Notes
- Security Advisory MFSA 2012-05
- Bug Fixes