Mozilla has recently reported the release of Firefox 37. The new version of the popular browser promises to make online surfing safer. The improvement involves a change in the way encryption is handled within the browser. Numerous bugs have been identified by the recent Pwn2Own browser security competition, so the last version may be considered a response to it.
Held in Vancouver, the Annual Pwn2Own browser security competition may actually be described as a hacking contest since its participants ‘hack’ browsers in order to expose vulnerabilities. As a result, three bugs were discovered in Mozilla Firefox, one in Google Chrome, and four – in Internet Explorer.
One of the improvements concerns the so-called opportunistic encryption (OE). OE is any system that tries to encrypt the communication channel when connecting to another system. The process does not depend upon an initial agreement between the systems. OE is now added to Firefox 37, thus guarding users against passive surveillance.
It is important to note though that people may still be exposed to man-in-the-middle attacks. Such an attack covertly alters the communication between two parties.
Other Firefox renovations include:
- The support of encrypted Bing search.
- The OneCRL list of revoked verts.
- An updated TLS encryption.
Firefox recently switched to OneCRL to improve revocation checking. As CFOC has already written, Mozilla embraced the revocation novelty because of bad history with the Heartbleed bug and DigiNotar.
Other vulnerabilities discovered during the Pwn2Own competition include five bugs in Windows, three bugs in Adobe Reader and Adobe Flash, and two bugs in Apple Safari.