With this latest Firefox release (v14.0.1), Mozilla has fixed a slew of security vulnerabilities, including five deemed critical that may have allowed hackers to run attacker code and install software without requiring any user interaction.
The new release also includes some welcome new and changed security features such as default Google encrypted search, an improved site identity manager to prevent spoofing of an SSL connection with favicons, and the ability to configure the browser not to load plugins without user interaction.
“Enabling HTTPS for these searches shields our users from network infrastructure that may be gathering data about the users or modifying/censoring their search results. Additionally, using HTTPS helps providers like Google remove information from the referrer string,” Mozilla’s Lead Privacy Engineer Sid Stamm explained in May.
“While Google users may expect Google to know what they are searching for, Firefox users may not be aware these search terms are often transmitted to sites they visit when they click on items in the search results; enabling HTTPS search helps sites like Google strip this information from the HTTP referrer string, putting the user better in control of when and to whom their interests are shared.”
The changing of the icons in the address bar according to the type of site the user is visiting (regular, with SSL encryption, or those possessing an Extended Validation Certificate) should also help users to identify malicious sites:
Finally, the browser can be configured in such a way as to prevent add-ons to be run without user interaction, in order to prevent users to be unknowingly saddled with malicious plugins via booby-trapped websites.