Tuesday, January 31, 2012

Mozilla Firefox 10 Released, Includes Security Update

Mozilla released Firefox 10 today, including a major update that will make both developers as well as Firefox users happy -- default compatibility of almost all add-ons.

Although default compatibility of add-ons will make a lot of people happy, this change is "prioritized as a P1 and part of achieving 'silent update'." as indicated in the feature tracking entry of "Add-ons Default to Compatible" in Mozilla Wiki.

Security Update

"Title: Frame scripts calling into untrusted objects bypass security checks
Impact: Critical
Announced: January 31, 2012

Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 10.0, Thunderbird 10.0, SeaMonkey 2.7

Description:  Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts."

What's New

The Release Notes include new and fixed features in version 10.  The numerous Bug Fixes are in the link available in References.
  • NEW -- The forward button is now hidden until you navigate back
  • NEW -- Most add-ons are now compatible with new versions of Firefox by default
  • NEW -- Anti-Aliasing for WebGL is now implemented (see bug 615976)
  • NEW -- CSS3 3D-Transforms are now supported (see bug 505115)
  • HTML5 -- New element for bi-directional text isolation, along with supporting CSS properties (see bugs 613149 and 662288)
  • HTML5 -- Full Screen APIs allow you to build a web application that runs full screen (see the feature page)
  • DEVELOPER -- We've added IndexedDB APIs to more closely match the specification
  • DEVELOPER -- Inspect tool with content highlighting, includes new CSS Style Inspector
  • FIXED -- Mac OS X only - after installing the latest Java release from Apple, Firefox may crash when closing a tab with a Java applet installed (700835)
  • FIXED -- Some users may experience a crash when moving bookmarks (681795)

    Known Issues

    • Two-digit browser version numbers may cause a small number of website incompatibilities (see 690287)
    • If you try to start Firefox using a locked profile, it will crash (see 573369)
    • For some users, scrolling in the main GMail window will be slower than usual (see 579260)
    • Some synaptic touch pads are unable to vertical scroll (see 622410)
    • Firefox notifications may not work properly with Growl 1.3 or later (see 691662)
      Unresolved on v10 Resolved in v11
    • Under certain conditions, scrolling and text input may be jerky (see 711900)
    • Silverlight video may not play on some Macintosh hardware (see 715396)

    The upgrade to Firefox 10 will be offered through the browser update mechanism.  However, as the upgrade includes a critical security update as well as many bug fixes, it is recommended that the update be applied as soon as possible.  To get the update now, select Help, About Firefox, Check for Updates.

    If you do not use the English language version, Fully Localized Versions are available for download.


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Google Chrome Download said...

    I can’t believe they’re calling this Firefox 10… I mean it’s a great browser but these are minor changes. Could have been more impaortant changes for version 10...

    Corrine said...

    Your blog post isn't quite correct. Silent updating hasn't started in Firefox yet -- although the change to add-ons is the first step.

    The update mechanism in Firefox will still prompt you to download and install the latest update. Unlike with Google Chrome, it is your choice whether you do so or not.