Mozilla is also aiming to make Web browsing safer by way of the Mixed Content blocker that is now in the Firefox 23 release. Mixed Content refers to the common, but ill-advised practice among some Web developers of including both HTTP and secured HTTPS traffic on the same Web page. The risk is that the secured traffic isn’t really secured when mixed with regular HTTP traffic.
“Firefox’s Site Identity panel has historically warned about the risks of mixed content,” Sharp said. “Active Mixed Content blocking goes one step further and proactively blocks some forms of mixed content that have the potential to cause security problems.”
Users don’t need to worry that Firefox 23’s Mixed Content blocker will now mean they can no longer access sites that provide Mixed Content that they need or want to access. There is an option to “disable protection on this page” if necessary, Sharp explained.
Additionally, Mozilla has released 13 security advisories for vulnerabilities that have now been fixed in Firefox 23. Of those, Mozilla has marked four as critical. Three of the critical issues are memory-related vulnerabilities, while the fourth is identified as being a potential Cross Site Scripting (XSS) flaw. XSS flaws potentially enable an attacker to inject arbitrary code into one site from another, which could lead to a malware infection or unauthorized information disclosure.
Read the full story at eWeek:
Firefox 23 Adds Features, Security to Open-Source Browser
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.