(LiveHacking.Com) – Mozilla has fixed half a dozen critical security flaws in its popular web browser with the release of Firefox 7. The patches fix buffer overruns, potentially exploitable crashes and arbitrary extension installations.
The critical level security related bugs fixed in Firefox 7 include:
- MFSA 2011-44 Use after free reading OGG headers
- MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope parameter
- MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
- MFSA 2011-41 Potentially exploitable WebGL crashes
- MFSA 2011-40 Code installation through holding down Enter
- MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:18.104.22.168)
Firefox 7 also brings some new features, the most notable of which is that Firefox now uses 20% to 30% less memory which increases overall performance and also means that Firefox is less likely to crash or abort due to running out of memory.
The new memory efficiency is due to an effort called MemShrink where Mozilla’s engineers strarted to reduce Firefox’s memory consumption by slimming down memory usage with more space-efficient data structures and by avoiding memory leaks (including lifetime issues, where memory is not reclaimed until you close the page/tab/window/process).
As well as stability bug fixes, Firefox 7 includes:
- Added a new rendering backend to speed up Canvas operations on Windows systems
- Bookmark and password changes now sync almost instantly when using Firefox Sync
- The ‘http://’ URL prefix is now hidden by default
- Added support for text-overflow: ellipsis
- Added support for the Web Timing specification
- Enhanced support for MathML
- The WebSocket protocol has been updated from version 7 to version 8
- Added an opt-in system for users to send performance data back to Mozilla to improve future versions of Firefox