Mozilla ships Firefox 6, patches ten vulnerabilities
Mozilla on Tuesday released Firefox 6, the second edition since it shifted to a rapid-ship cycle that delivers a new version of the browser every six weeks. The company also patched ten bugs with the upgrade, and issued an update to 2010's Firefox 3.6 that fixed seven flaws total, six of them different than the ones quashed in Firefox 6.
Tuesday's release of Firefox 6 was the second time in a row that Mozilla met its self-imposed deadline since the debut of a faster shipping schedule in March. Mozilla has historically struggled to ship browser upgrades on time, but is now 2-for-2 after picking up the pace.
There is very little difference between Firefox 6's user interface and that of its immediate predecessor, Firefox 5, or the slightly older Firefox 4. Under the hood, however, Mozilla has added a new permissions manager that lets advanced users tweak options on a per site basis. The new manager, which can be reached by typing "about:permissions" in the browser's address bar, can be used to modify settings for password capture, cookies, pop-ups and more.
On the security front, Mozilla patched vulnerabilities in both Firefox 3.6 and Firefox 6. Five of the seven bugs fixed in Firefox 3.6.20 were rated "critical," the company's most serious threat rating; the two exceptions were tagged as "high." Eight of the ten bugs quashed in Firefox 6 were also rated critical, with two labeled high.
Because Mozilla now bundles virtually all security patches with each version upgrade, users stuck on Firefox 4 are now running a browser vulnerable to 20 different bugs. According to Web metrics vendor Net Applications, about 9 percent of the people using Firefox as of the end of July were running Firefox 4.
One of the critical vulnerabilities patched today was in Firefox's implementation of WebGL, a 3-D rendering standard. The bug was reported to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL. Previously, Context recommended that users and administrators disable WebGL in Chrome and Firefox.
Mozilla outlined the vulnerabilities patched in Firefox 3.6 and Firefox 6 in a pair of security advisories that took a different form than has been the company's custom. Rather than publish an advisory for each vulnerability, today Mozilla bundled each editions' collection in one easily digestible document.
As does Google with Chrome bugs, Mozilla locks its Bugzilla change- and bug-tracking database for just-patched problems, preventing the general public—and presumably hackers—from gleaning information.
Firefox 6 can also be downloaded manually from Mozilla's site. People running Firefox 4 or Firefox 5 will be offered the upgrade to through the browser's update mechanism, which is triggered when the "About Firefox" dialog is opened.
The next version of Firefox is currently scheduled for release on Sept 27.
[Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+, or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.]
Mozilla Firefox 6