<\/p>\n
Firefox 7 isn't just about speed, there's also a long list of security patches. Surprisingly, a fix for the SSL BEAST<\/a> attack is not one of them.<\/strong><\/p>\n Mozilla is patching it's Firefox Web browser for at least 10 vulnerabilities, seven of which are rated as being "critical." Firefox 7 was released on Tuesday offering users the promised of improved performance and better memory usage.<\/p>\n On the security front, the Firefox 7 release provides a critical fix for what Mozilla describes as, "Miscellaneous memory safety hazards."<\/p>\n "Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products," There is also a critical fix for an interesting flaw that could have been triggered by having a user hold down the 'Enter' key. By holding "Mariusz Mlynski reported that if you could convince a user to hold down the Enter key — as part of a game or test, perhaps — a malicious Other critical flaws that are fixed in Firefox 7 include potentially exploitable crashes in WebGL graphics and the YARR regular expression There is also a fix in Firefox 7 for a flaw rated as "moderate" that is triggered by the motion of a device. Mozilla's advisory<\/a> noted that a recent research paper detailed how it would be possible to inferring keystrokes from device motion data on mobile devices.<\/p>\n "Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk," Mozilla warned. "We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher SSL BEAST <\/a><\/strong><\/u><\/p>\n While Firefox 7 addresses multiple security issues, it is not taking specific aim at the recent disclosure of potential SSL vulnerabilities<\/a>. Overall, Mozilla has publicly noted<\/a> that they do not believe Firefox to currently be at risk from the SSL BEAST attack<\/p>\n","protected":false},"excerpt":{"rendered":" Firefox 7 isn't just about speed, there's also a long list of security patches. Surprisingly, a fix for the SSL BEAST attack is not one of them. Mozilla is patching it's Firefox Web browser for at least 10 vulnerabilities, seven of which are rated as being "critical." Firefox 7 was released on Tuesday offering […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"yes","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[48,17,95],"tags":[161,163,62,480,143,162],"class_list":["post-343","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-system-administration","tag-beast","tag-chrome","tag-firefox","tag-security","tag-ssl","tag-tls"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p12j6H-5x","_links":{"self":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=343"}],"version-history":[{"count":7,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/343\/revisions"}],"predecessor-version":[{"id":350,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/343\/revisions\/350"}],"wp:attachment":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\tMozilla stated in its advisory<\/a>. "Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code."<\/p>\n
\n\tdown the key, code could potentially be installed without a user's knowledge.<\/p>\n
\n\tpage could pop up a download dialog where the held key would then activate the default Open action," Mozilla warned<\/a>.<\/p>\n
\n\tlibrary. Firefox 7 also provides a fix for a high impact flaw where cross-site scripting (XSS) could have been enabled via plugins.<\/p>\n
\n\tkeystrokes the user is entering into the foreground tab."<\/p>\n