Firefox 28, released on Tuesday, provided numerous important security fixes including 5 for flaws identified in the recent Pwn2Own competition.
Pwn2Own is a hacking competition where each successful exploit earned the researcher(s) $50,000. FireFox was hacked successfully this year more than any other browser. This includes a zero-day execution bug that when combined with another bug allows an attacker to load a JavaScript URL that is executed with the full privileges of the browser.
According to Mozilla release notes, Firefox 28 also fixes a bug where their Content Security Policy (CSP) was not being enforced in sandboxed iframes. This leaves the user vulnerable to hacks such as cross site scripting.
Mozilla also announced that Firefox 29 was now in beta release. It introduces an improved sync feature powered by Firefox Accounts, a new customization mode, a new Firefox menu and streamlined user interface.
A week ago, Mozilla canceled the release of its touch-enabled Firefox browser for Windows 8 and 8.1, stating that there was simply not enough demand for the Windows 8 version to justify continued development. The news was particularly surprising because the company had previously announced plans for its release this week.
See Also: