Mozilla is out today with an updated open source Firefox 22 browser release. The new browser release includes fixes for 14 security advisories and bakes in new features for users.
Among the big items that has landed in Firefox 22 is WebRTC. WebRTC is a Real Time Communication (RTC) effort that will enable users to use a browser as a communications and collaboration vehicle. Mozilla has been working on including WebRTC over the last several Firefox releases, and with Firefox 22 now considers it to be ready for prime time.
“WebRTC is currently fully enabled and we are excited to get it into the hands of developers,” Gavin Sharp, lead Firefox engineer told Datamation. “With this release we’ve added DataChannels and PeerConnection in addition to getUserMedia.”
The Firefox 22 release could well be the last major release of Firefox before the upcoming Black Hat Security conference at the end of July. Sharp told Datamation that Mozilla tracks security very closely.
“Our release turnaround time is best-in-class, and our security team will be keeping a close eye on reports from Black Hat,” Sharp said. “Our pro-active security bug identification efforts (including techniques like fuzz testing) are doing a great job of finding flaws before the bad guys do.”
As part of that effort of finding flaws before the bad guys, Mozilla has issued 14 different security advisories as part of the Firefox 22 release. Of those advisories, four are rated as being critical.
Three of the critical advisories deal with memory safety and corruption issues. The 2013-53 advisory details a particularly nasty flaw titled, “Execution of unmapped memory through onreadystatechange event.”
“Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed,” Mozilla warned. “This crash is potentially exploitable.”
Nils is well known in the security industry for exploiting browsers in a very public fashion. Nils first rose to public notoriety in 2009 when he was able to publicly exploit Apple Safari, Microsoft IE and Firefox at the Pwn2own hacking competition.
Sean Michael Kerner is a senior editor at Datamation and InternetNews.com. Follow him on Twitter @TechJournalist.