Categories: BrowsersWorkspace

Mozilla Fixes 32 Security Flaws, Accelerates Performance In Firefox 58

Mozilla released its first web browser update for 2018 on Jan. 23 with the debut of Firefox 58. The new release includes features designed to accelerate performance as well as patches for 32 security vulnerabilities.

Firefox 58 is the second major release in the Quantum series, which became generally available in November 2017 with Firefox 57. A core element of the Firefox Quantum browser series is performance, and that has been improved even more in Firefox 58, thanks to a capability called Off-Main-Thread-Painting (OMTP).

“Off-Main-Thread-Painting is an incremental improvement to the way Firefox has long handled graphics and is an evolution of Firefox’s C++ codebase,” Mozilla spokesperson Justin O’Kelly told eWEEK.

Mozilla Firefox 58

ccording to Mozilla, OMTP can improve the graphics frame rate for Firefox by as much as 30 percent. OMTP builds on other optimizations that Mozilla has already included in Firefox as part of Quantum to accelerate web graphics rendering performance.

In addition to performance, Mozilla is using Firefox 58 as an opportunity to remind users about the Tracking Protection feature that debuted in Firefox 57. With Tracking Protection, users can block tracking, including cookies and unwanted advertisements. The feature, however, is an opt-in feature and to date not many users have opted in.

“Tracking Protection is an optional user feature because the occasional site may not work properly when enabled,” O’Kelly said. “So far, a small percentage of Firefox users have set Tracking Protection to ‘always on.’ We expect usage to increase as awareness builds.”

Security Fixes

Although Mozilla tends to group its security updates together as part of major milestone releases, it will also issue incremental updates for urgent issues. That was the case with the high-profile Spectre CPU side-channel attack that impacts Intel and other processor vendors. Mozilla patched for Spectre issues as part of the incremental Firefox 57.0.3 update that was released on Jan. 4.

In Firefox 58, Mozilla patched 32 new security vulnerabilities, three of which are rated as having critical impact. Among the critical issues are a pair of memory safety issues identified as CVE-2018-5090 and CVE-2018-5089.

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code,” Mozilla warned in its advisory.

The third critical issue patched in Firefox 58 is a use-after-free (UAF) memory vulnerability with DTMF (dual-tone multi-frequency signaling) timers that are used in WebRTC (Real Time Communications) connections.

Among the other interesting issues patched in Firefox 58 is a moderate impact bug identified as CVE-2018-5115 involving background network requests.

“If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page,” Mozilla warns in an advisory. “Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site.”

Originally published on eWeek

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago