Firefox 21 Fixes Three Critical Flaws, Introduces New Health Report

Mozilla fixed eight vulnerabilities, three critical, in the 21st build of its flagship Firefox browser yesterday.

Mozilla fixed eight vulnerabilities, three critical, in the 21st build of its flagship Firefox browser yesterday.

One of the fixes remedies an Address Sanitizer memory corruption flaw (MFSA 2013-48) that could’ve allowed remote code execution. The other two critical flaws could’ve also led to arbitrary code execution and deal with fixing memory safety bugs (MFSA 2013-41), and a video resizing bug (MFSA 2013-46) in Firefox and Thunderbird.

For a complete list of the bugs fixed by Firefox 21, all 681 of them, head to Bugzilla.

The latest version of the browser also introduces something Mozilla is calling the Firefox Health Report, a tool that aims to give users a comprehensive look into the browser’s health and usage. The report will breakdown any insecure and unstable plugins it blocks throughout the day and will also document crash history and malware attack history, according to a post on Mozilla’s Future Releases blog by Jonathan Nightingale, the company’s Vice President of Engineering.

Users can choose whether they want the tool to share data Mozilla gathers about their browser with the company. If shared, the information will be aggregated and anonymized and used to help Firefox’s security team improve the browser. Users can change their preferences in the Data Choices section of the browser’s Options menu.

The update also brings expanded social API and Do Not Track options to help users better customize their privacy settings.

The social API opens the browser up to sidebar and toolbar providers like Cliqz, msnNOW and Mixi, while the Do Not Track update tweaks an already existing setting in the browser. The new default privacy setting doesn’t tell websites anything about the users’ tracking preferences. Users can change that and choose whether they want to tell sites if they want to be tracked (Do Track, Do Not Track, No Preference) in the settings.

The updates are being pushed to Firefox users via the browser’s automatic update system, per usual. Those who don’t have that set up can download them through both the Firefox and Thunderbird download pages.

Suggested articles