Mozilla Ships Security Goodies in Firefox 3.6 Update

Mozilla
has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.

Mozilla
has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.

There are no security vulnerabilities being fixed with this Firefox 3.6 update.

Building on the browser’s ability to check for updates to Adobe Flash Player,
Mozilla has now fitted a plug-in checker that scans the machine for
insecure plug-ins that are installed.  If an outdated plug-in is found,
the browser will now prompt the user to apply the patch via a one-click
interface.

Firefox users should keep in mind that plug-ins are different from
add-ons or extensions.  Many software products add plug-ins to Firefox
without the user’s knowledge or consent and these are rarely patched by
the end-user.

Here is a link to the Firefox Plug-in Checker.

The second major security improvement in Firefox 3.6 is a behind-the-scenes tweak to lock out rogue Firefox add-ons. 
The feature is called Component Directory Lockdown, blocks browser
add-ons from loading in the browser’s application components directory,
a move that effectivly stops developers and software vendors from silently installing Firefox add-ons without explicit user permission.

It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said.

Suggested articles