Firefox 14 Brings HTTPS Search, Click-to-Play Plugins

[JMH]

Mozilla has once again done what it has been doing every six weeks for over a year now. Confused? Well, we’re talking about the highly controversial tri-fortnightly practice of bundling up a handful of new Firefox features, tweaks and bug fixes, and pretending that the ensuing software package is significant enough to be rolled out as a major version update. In other words, Mozilla has once again updated its flagship browser.

According to Mozilla, Firefox 14 offers a much more secure browsing experience than before. This is not only due to its various bug fixes, though. The latest stable build of Firefox includes HTTPS support for Google searches and an improved site identity manager.

http://www.maximumpc.com/article/news/firefox_14_brings_https_search_click--play_plugins

 

[JMH]

Firefox 14 protects search queries from 'bad guys,' not advertisers

The latest edition of Mozilla Firefox protects Google search queries from hackers, but not from advertisers.

Basically, Google has designed its HTTPS encryption feature to encrypt your search query under most circumstances&just not if you click on an ad that appears on your search results page. Google explains that when you click on a search result from its HTTPS site, your search terms are encrypted and not sent to the target site.

But it's different when you click on an ad.


"If you click on an ad on the results page, your browser will send an unencrypted referrer that includes your query to the advertiser's site," Google writes on its Inside Search page.


This exception has been made to make advertisers happy: Google likes to equate advertiser satisfaction with customer satisfaction.

http://www.itworld.com/software/286556/firefox-14-protects-search-queries-bad-guys-not-advertisers

 

[JMH]

Firefox 14 gets kudos for security

Security experts are praising the improvements in the latest version of Firefox, which fixes a total of 14 vulnerabilities, five critical, and adds three security-related features.

One of the most important patches in Firefox 14, released this week by Mozilla, is one that fixes a flaw within the sandbox, where the Web browser executes JavaScript, a common exploit by hackers. The vulnerability enabled an attacker to run scripts outside the sandbox with elevated privileges.

Running scripts found on web pages in sandboxes is a trend among makers of browsers. The special containers limit applications to accessing only the services they need.

The Firefox patch is important because hackers have been focusing on finding holes in sandboxes, Wolfgang Kandek, chief technology officer of Qualys, said. "People are testing their boundaries and how they can escape those boundaries," he said.

Another critical patch fixes a flaw that would allow a hacker to bypass the browsers same-compartment security wrappers, or SCSW. The feature prevents a web page from executing code outside of the page's context.

http://www.itworld.com/security/286617/firefox-14-gets-kudos-security