Firefox 5 fixes security and improves browsing
Mozilla released Firefox 5.0 that fixes several security issues, stability issues and introduces new features.
Privacy-aware users will be happy to learn that the Do-Not-Track header preference has been moved to increase discoverability.
The latest version of Firefox has the following changes:
- Added support for CSS animations
- Tuned HTTP idle connection logic for increased performance
- Improved canvas, JavaScript, memory, and networking performance
- Improved standards support for HTML5, XHR, MathML, SMIL, and canvas
- Improved spell checking for some locales
- Improved desktop environment integration for Linux users
- WebGL content can no longer load cross-domain textures
- Background tabs have setTimeout and setInterval clamped to 1000ms to improve performance.
Fixed in Firefox 5
- It was possible for a non-whitelisted site to trigger an install dialog for add-ons and themes.
- HTML-encoded entities were being improperly decoded when displayed inside SVG elements. This could lead to XSS attacks on sites relying on HTML encoding of user-supplied content.
- Two crashes in WebGL code. One crash was the result of an out-of-bounds read and could be used to read data from other processes who had stored data in the GPU. The severity of this issue was determined to be high. The second crash was the result of an invalid write and could be used to execute arbitrary code. The severity of this issue was determined to be critical.
- An image from a different domain could be loaded into a WebGL texture, and then each pixel could be rendered into a canvas element with a shader program, creating an approximation of the image in a form that was readable by the creator of the WebGL texture. This could be used to steal image data from a different site and is considered a violation of the same-origin policy.
- When a JavaScript Array object had its length set to an extremely large value, the iteration of array elements that occurs when its reduceRight method was subsequently called could result in the execution of attacker controlled memory due to an invalid index value being used to access element properties.
- A crash on multipart/x-mixed-replace images due to memory corruption.
- Under certain conditions, viewing a XUL document while JavaScript caused deleted memory to be accessed. This flaw could potentially be used by an attacker to crash a victim’s browser and run arbitrary code on their computer.
- Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products have been fixed. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.