ID: IRCNE2013021764
Date: 2013-02-20
According to "computerworld", Mozilla yesterday released Firefox 19, adding a built-in PDF viewer to the browser.
Firefox 19 also included patches for 13 security vulnerabilities, 10 pegged as "critical," the company's most severe threat ranking.
Unlike Chrome's PDF viewer, which operates inside the browser's anti-exploit sandbox, Firefox's does not sport similar defenses. And that matters, as PDF documents are often rigged with malicious code.
Even sans a sandbox, Mozilla claimed its PDF viewer would be more secure than traditional plug-ins such as Adobe Reader. "Many of these plug-ins come with proprietary, closed source code that could potentially expose users to security vulnerabilities," said Bill Walker and Brendan Dahl, engineering manager and software engineer at Mozilla, respectively, in a January blog announcing the viewer.
But security experts have pointed out that Firefox's PDF viewer will likely suffer bugs of its own.
Mozilla also patched 13 vulnerabilities, 10 critical, one marked "high" and two pegged "moderate," in Firefox today.
Nearly half of the bugs were reported by Abhishek Arya, better known as "Inferno," of the Chrome security team, Mozilla said in one of today's advisories, making this the third Firefox upgrade running where Arya has accounted for a major part of the reported vulnerabilities.
Three of the six reported by Arya were use-after-free vulnerabilities, a type of memory management bug that Google's security engineers have rooted out in droves from Chrome and, increasingly, other browsers.
Windows, Mac and Linux editions of Firefox 19 can be downloaded manually from Mozilla's site. Already-installed copies will upgrade automatically.
The next version of Firefox is scheduled to ship April 2, 2013.
- 2