Categories: BrowsersWorkspace

Mozilla Fixes 32 Security Flaws, Accelerates Performance In Firefox 58

Mozilla released its first web browser update for 2018 on Jan. 23 with the debut of Firefox 58. The new release includes features designed to accelerate performance as well as patches for 32 security vulnerabilities.

Firefox 58 is the second major release in the Quantum series, which became generally available in November 2017 with Firefox 57. A core element of the Firefox Quantum browser series is performance, and that has been improved even more in Firefox 58, thanks to a capability called Off-Main-Thread-Painting (OMTP).

“Off-Main-Thread-Painting is an incremental improvement to the way Firefox has long handled graphics and is an evolution of Firefox’s C++ codebase,” Mozilla spokesperson Justin O’Kelly told eWEEK.

Mozilla Firefox 58

ccording to Mozilla, OMTP can improve the graphics frame rate for Firefox by as much as 30 percent. OMTP builds on other optimizations that Mozilla has already included in Firefox as part of Quantum to accelerate web graphics rendering performance.

In addition to performance, Mozilla is using Firefox 58 as an opportunity to remind users about the Tracking Protection feature that debuted in Firefox 57. With Tracking Protection, users can block tracking, including cookies and unwanted advertisements. The feature, however, is an opt-in feature and to date not many users have opted in.

“Tracking Protection is an optional user feature because the occasional site may not work properly when enabled,” O’Kelly said. “So far, a small percentage of Firefox users have set Tracking Protection to ‘always on.’ We expect usage to increase as awareness builds.”

Security Fixes

Although Mozilla tends to group its security updates together as part of major milestone releases, it will also issue incremental updates for urgent issues. That was the case with the high-profile Spectre CPU side-channel attack that impacts Intel and other processor vendors. Mozilla patched for Spectre issues as part of the incremental Firefox 57.0.3 update that was released on Jan. 4.

In Firefox 58, Mozilla patched 32 new security vulnerabilities, three of which are rated as having critical impact. Among the critical issues are a pair of memory safety issues identified as CVE-2018-5090 and CVE-2018-5089.

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code,” Mozilla warned in its advisory.

The third critical issue patched in Firefox 58 is a use-after-free (UAF) memory vulnerability with DTMF (dual-tone multi-frequency signaling) timers that are used in WebRTC (Real Time Communications) connections.

Among the other interesting issues patched in Firefox 58 is a moderate impact bug identified as CVE-2018-5115 involving background network requests.

“If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page,” Mozilla warns in an advisory. “Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site.”

Originally published on eWeek

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

1 day ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

2 days ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

2 days ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

2 days ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

2 days ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

2 days ago