Version 14 of the Mozilla Firefox web internet browser , released Tuesday , offer up several Modern security - related features as well as patch for numerous vulnerabilities .
Therelease of Firefox 14.0.1was accompanied by14 security advisories , five of which were rated as vital by Mozilla .
One of the critical advisory cover a vulnerability in the “ javascript : universal resource locator ” social function that could allow attackers to bypass the JavaScript sandpit and action malicious script with lofty privileges .
Another critical flaw patched in Firefox 14 could be exploited to bypass the web web browser ’s same - compartment security department wrappers ( SCSW)—a security measures feature that prevent a webpage from executing code outside of its setting .
A critical retentivity corruption issue stem from the elbow room the “ JSDependentString::undepend ” mapping converts qualified strings into fixed strings was also addressed . If left unpatched it could be exploited to break up the internet browser and perhaps perform malicious code on the organisation .
The other two security advisories mark as critical screen six other memory corruption vulnerability locate in various components that could also result to the execution of arbitrary computer code .
The remaining nine advisories , four rat as high and four as temperate , computer address vulnerabilities that could ease fussy - site scripting ( XSS ) , clickjacking and phishing attacks , or could grant attacker to steal OAuth 2.0 access tokens and OpenID credentials , trick user into accepting a rogue SSL certificate and hold in a malicious universal resource locator .
In addition to deal legion vulnerabilities , Firefox 14 also stop up Google Web searches by enabling HTTP for lookup enquiry broach through the positioning barroom , lookup box seat or the right - click card .
“ We mechanically make your Google searches secure in Firefox to protect your data from potentially prying eyes , like meshing administrators when you apply public or shared Wi - Fi internet , ” the Mozilla developers say in ablog poston Tuesday . “ Google is presently the only search engine that allow Firefox to make your searches private , but we look forward to abide additional search locomotive with this feature in the future tense . ”
Firefox 14 also comes with simplified uniform resource locator bar favicons that make it easier for users to determine the level of connection security system support by unlike websites .
Non - HTTPS websites will have a grey orb icon displayed in front of their URL , HTTPS websites will have a grey curl icon displayed , while HTTPS websites that use an EV ( Extended Validation ) certificate will have a gullible lock chamber icon together the name of the certificate ’s owner displayed in the URL bar .
Another security department - related feature in Firefox 14 is theopt - in activation for plug - ins . Also known as “ click to act , ” this feature requires substance abuser blessing for the playback of fire hydrant - in based content like Flash or Java when it is enabled .
The feature film is still a work in progress , so for now it can only be enable by manually setting a flag in “ about : config”—it ca n’t be turned on from the web browser ’s “ selection ” dialog .
The non - security related features in Firefox 14 let in full screen support for Mac OS X Lion , Awesome Bar auto - complete for typed URLs and support for Pointer Lock API , an app programming port that will give Web apps and games good control over the computer mouse .