Browser

Mozilla Firefox 13 is available for download on Mozilla FTP servers. Visual changes in this version is flatten buttons in toolbar, smooth scroll enabled by default, New Home Screen and a new look for New Tab page. Download: Firefox Setup 13.0.exe [Mirror] MD5: 89bc2ab1a1fa1e2d989d1c551f2a6ddf Size: 15.8MB

Mashable: Are you ready for a Facebook browser that integrates the social networking behemoth into your online life more than ever? That’s exactly what could be on the way soon, according to one report. A Friday Pocket-lint report cites a “trusted source” that Facebook wants to buy Opera Software — manufacturers of the Opera web browser, which claims more than 200 million users worldwide. The Facebook browser would include default menu bar plugins, further permeating Facebook into users’ general web experience, according to the report. ...

H-Online: Google has announced an update to the stable version of Chrome, which brings the browser version to 19.0.1084.52 on Windows, Mac OS X and Linux. The update is a pure security update that does not include any new features – it closes nine vulnerabilities with a Common Vulnerability Scoring System (CVSS) rating of “High” and fixes two problems labelled “Critical” as well as two “Medium” level issues. Many of the vulnerabilities are due to bugs in Chrome’s memory handling, such as out-of-bounds reads and use-after-free conditions, and Google points out that several of them were detected with their AddressSanitizer tool. Other bugs were fixed in Chrome’s PDF handling code and its V8 JavaScript rendering engine. ...

The H-Online: Google has announced that Chrome 19 is the new stable version of its open source based web browser. As usual, the browser sees a number of security fixes: this time there are seven high-severity fixes specifically for Chrome including various use-after-free and out-of-bounds errors. Two fixes with a wider impact than Chrome are also mentioned – a workaround for a Linux NVIDIA driver bug and an “off-by-one out-of-bounds” write in libxml. In all, $7500 was paid out in rewards to security researchers, and Google notes it has also paid out $9000 to researchers to stamp out bugs before they reached its stable channel. ...

The H-Online: Google has released a new update to the stable 18.x branch of its Chrome web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses a total of five vulnerabilities, three of which are rated as “high severity” by the company. These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of “miaubiz”, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected. ...

H-Online: Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread. According to Keybl, Firefox 3.6.x users with updates enabled should start being upgraded in early May – the specific date has yet to be confirmed. The 3.6.x branch of Firefox, the first release of which arrived in January 2010, reached its end of life last week on 24 April; the last update to the 3.6 series was version 3.6.28 from early March. ...

The H-Online: A beta of version 12 of the Opera web browser has been released with privacy and security-focused improvements. Code-named “Wahoo”, the Opera 12.00 beta now runs plugins out-of-process and includes optimizations for better SSL handling. Running plugins in their own process not only improves the smoothness and stability of the browser but can limit the damage some plugin exploits can do. Privacy is enhanced with support for the “Do Not Track” (DNT) header, which is used to tell web sites that the browser user wishes to opt-out of online behavioral tracking. ...

The H-Online: Google has announced updates to the Stable and Beta channels of their Chrome browser, fixing several bugs and twelve security vulnerabilities. Seven of the twelve security fixes were classed as high-risk problems and Google paid a total of $6000 to the researchers who discovered the bugs. The update also includes a new version of the bundled Flash Player. Adobe have revised the Flash Player advisory from the end of March to include fixes for a Chrome/Flash only pair of memory corruption issues listed as CVE-2012-0724 and CVE-2012-0725. Given that these issues only affect Chrome and Chrome manages its own update, it is unlikely that Adobe will be reissuing or updating the advisory or patches for other browsers and platforms. ...

Google has released version 18 of Chrome, the company’s own extended version of the open source Chromium web browser. The new Stable channel release, labeled 18.0.1025.142, fixes several security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware. This is done by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. According to the developers, the GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games “run faster and feel smoother”. For older systems that can’t make use of of the GPU, Chrome can now display 3D content using the SwiftShader software rasterizer, which Google licensed from TransGaming, Inc. However, the developers note that “a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web”. ...

The H-Online: In the latest round of updates of its suite of internet applications, Mozilla has detailed the security fixes in the Firefox 11 browser, Thunderbird 11 email and news client and SeaMonkey 2.8 “all-in-one internet application suite”. There are also fixes for the “enterprise” and legacy versions of Firefox and Thunderbird. These fixes include a correction to a memory error in Array.join() which had been fixed last month, but was exploited during the Pwn2Own contest by Vincenzo Iozzo. ...