Mozilla is out with the Firefox 21 open source browser release today, fixing at least 8 security vulnerabilities, three of which are rated as being critical. The new release also provides new features that – depending on your viewpoint – could either improve or reduce user privacy.
One of the new features in Firefox 21 is the Health Report. Mozilla first began talking about the health report in September of 2012 as a non-invasive reporting mechanism. The report is intended to deliver information to users about the ‘health’ of the browser and its components. The report also shares that data with Mozilla.
Johnathan Nightingale, VP of Firefox Engineering at Mozilla, explained to Datamation that Firefox Health Report is enabled by default in Firefox 21.
“Firefox users who don’t want to send health data to Mozilla can disable the data sending either from the health report itself, or from the ‘Data Choices’ section in the Firefox options window,” Nightingale said. “Users who turn off the data will still be able to see their own browser health information.”
Firefox 21 also includes an update to Mozilla’s Do Not Track cookie mechanism. In the Firefox 21 release, users will now have three choices: “Do Track,” “Do Not Track,” and “No Preference.”
“From its inception, we have built Do Not Track as an expression of intent,” Nightingale said. “By default, we don’t send a header at all, ‘No Preference’, because we don’t know the user’s intent.”
He added that the user can choose to express a preference either for, or against, tracking and from that point forward Firefox will express that decision to every site they visit. Mozilla’s most recent data shows 17 percent of US users enabling DNT.
Performance is an area that Mozilla is constantly pushing with each new Firefox release, and Firefox 21 is no exception. Nightingale said that new graphics subsystem changes in Firefox 21 should give the browser performance wins on mobile and desktop.
On the security front, Mozilla has issued three critical security advisories with the Firefox 21 release. All three deal with memory related vulnerabilities and exploitations.
Some of the flaws were reported by Google security researchers using the open source Address Sanitizer tool.
“Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software,” Mozilla states in its advisory. “Some of these issues are potentially exploitable, allowing for remote code execution.”
Sean Michael Kerner is a senior editor at Datamation and InternetNews.com. Follow him on Twitter @TechJournalist.