(LiveHacking.Com) – The Mozilla Foundation has released a new version of its popular web browser. Firefox 12 brings some new features including silent updates and fixes several critical security vulnerabilities. The biggest change for Windows Vista and Windows 7 users is the addition of silent updates which means that the UAC (User Account Control) pop-up won’t appear when Firefox upgrades from one release to another. To by-pass the UAC, which is first appeared in Windows Vista, Mozilla have added a standalone update service to apply the updates in the background. During the installation of Firefox 12 the user will be asked to give their explicit permission to install the update service, but they will not be prompted again for any subsequent releases.
Google’s Chrome also offers silent updates but rather than use a special Windows service, Chrome is installed in the user’s folder within Windows which doesn’t require UAC permission. However the downside to Google’s approach is that Chrome needs to be installed independently for every user on a PC which can be an administrative headache for those who have multiple user accounts for example on a shared family PC.
The functionality to relaunch and complete the update entirely in the background is scheduled for Firefox 13 or Firefox 14 this summer.
Mozilla 12 also fixes 7 Critical level security vulnerabilities, one of which only applies to Firefox Mobile.
- MFSA 2012-31 Off-by-one error in OpenType Sanitizer
- MFSA 2012-30 Crash with WebGL content using textImage2D
- MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
- MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
- MFSA 2012-22 use-after-free in IDBKeyRange
- MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 (Firefox Mobile only)
- MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
