Firefox 18 Brings 21 Updates, Fixes Nearly 3000 Bugs

Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:30:58


Developers at Mozilla have pushed out the latest build of their flagship Firefox browser, fixing several security and stability issues for Windows, Mac, Linux and Android platforms.

2917 bugs were patched in total, while 21 security updates — 12 critical, seven high, one moderate – are addressed in Firefox 18.

A fix for the recent TURKTRUST certificate kerfuffle is included in the update, as Firefox has removed the company’s most recent root certificate from its code and marked two other intermediate certificates previously issued by the Turkish authority as untrusted. A post by Michael Coates, Firefox’s Director of Security Assurance on the company’s Security Blog last week notes that TURKTRUST’s new certificate had been included in the Firefox 18 beta but has since been suspended.

According to a post on Mozilla’s blog yesterday, Firefox 18 also boasts a new phishing and malware protection component. Now the browser will warn users when they stumble upon sites that may be spreading malware or trying tFirefoxo phish users.

Firefox 18 also comes with a new mechanism, turned off by default, that stops the browser from sending insecure requests from otherwise secure, HTTPS pages. A bug in the browser had long given users trouble when visiting mixed content sites but when turned on, the new feature will now outright block any unsafe content on HTTPS sites.

PDF.js, Firefox’s integrated own PDF viewer, present in the beta version of the browser did not make the jump to Firefox 18. The viewer can still be downloaded from Firefox via Github but appears to be relegated to beta for the immediate future.

Outside of the security realm, the browser has added faster JavaScript performance through a new compiler, “IonMonkey,” retina display support for those running Firefox on OS X 10.7+ compatible Macs and other, assorted speed and graphic tweaks.

The update comes seven weeks after Firefox 17, which brought click-to-play blocklisting, a feature which blocks out of date and vulnerable plug-ins, to the browser.