Mozilla ships Firefox 8 with Twitter search and 8 bug patches

Browser update automatically disables add-ons installed behind users' backs

Mozilla on Tuesday released Firefox 8, adding Twitter search to the browser and patching eight vulnerabilities.

Since Mozilla kicked off its every-six-week upgrade cycle last summer, each new Firefox has had relatively few visible changes. That held true yesterday.

[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]

Firefox 8's most notable addition was Twitter as a choice in Firefox's search bar, letting users look up topics, hashtags and usernames on the micro-blogging service. Twitter search is currently available only in the English, Japanese, Portuguese, and Slovenian editions of Firefox.

Mozilla also made good on a promise last August to automatically disable add-ons installed without user approval. Behind-the-back add-ons have cropped up at times, most recently in January when one bundled with Skype caused so many browser crashes that Mozilla blacklisted it. When users start Firefox 8, all add-ons that have been surreptitiously installed are turned off by default.

Other changes and enhancements to Firefox 8 included on-demand tab loading at startup for faster restored sessions, and developer support for additional features of the hardware-accelerated 3D graphics standard, WebGL.

As part of Tuesday's upgrade, Mozilla also fixed eight vulnerabilities, five of them rated "critical," the most-serious ranking in Mozilla's threat scoring system. The remaining three bugs were labeled "high," the next-most-serious rating.

One of the patches was for a data theft bug originally fixed in August when Mozilla launched Firefox 6, but which was reintroduced in Firefox 7 after developers launched a new Windows graphics acceleration framework, dubbed "Azure," in the September upgrade.

Mozilla blamed a Mac-only vulnerability on Apple and Intel, saying that the flaw could let attackers sniff out secrets by monitoring a Mac's graphics processor.

"This problem is due to a bug in the driver for Intel integrated GPUs [graphics processing units] on recent Mac OS X hardware," said Mozilla in the accompanying advisory.

Mozilla yesterday also released Firefox 3.6.24, a security update that patched three vulnerabilities. The aging edition -- Mozilla shipped Firefox 3.6 in January 2010 -- is still supported, in large part because enterprise users have resisted the company's rapid release tempo.

But the end is in sight for Firefox 3.6, as Mozilla has now rescheduled an upgrade offer originally slated for last month that was canceled at the last minute. The pitch, which will urge users to upgrade to Firefox 8, will now appear Nov. 17.

According to plans previously outlined by Mozilla, the company intends to stop patching Firefox 3.6 three months after it offers users the upgrade opportunity.

As of last month, Firefox 3.6 was still the preferred browser of approximately one-fourth of all Mozilla users.

Windows, Mac, and Linux editions of Firefox 8 can be downloaded manually from Mozilla's site, while people running Firefox 4 or later will be offered the upgrade through the browser's own update mechanism.

The next version of Firefox is currently scheduled for release Dec. 20.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed. His email address is gkeizer@ix.netcom.com.

Read more about browsers in Computerworld's Browsers Topic Center.

This story, "Mozilla ships Firefox 8 with Twitter search and 8 bug patches" was originally published by Computerworld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies