Firefox 7 security fixes, http vs https and data collection

Filed Under: Firefox, Vulnerability

FirefoxMozilla has released Firefox 7, the latest incarnation of their popular web browser.

Recently Firefox has been getting through new version numbers faster than a fat man chasing a ice cream van.

The reason for the rapidly increasing version number? Well, it seems to be for no reason other than to please users who may incorrectly link a higher version number with something being "cooler".

Most of the headlines about Firefox 7 are making much of the claim that it's said to require less RAM. In fact, a lot less memory. Firefox developers have claimed that version 7 can use up to 50% less memory than previous versions.

When you come to update to Firefox 7, you'll be asked if you would also give permission for Mozilla to collect anonymous data on your installation's memory usage and performance. Presumably the developers want to use this information to make their code even tighter in the future.

The good news is that this data is anonymised, sent over https, and only collected if you give permission (in other words, it's opt-in).

Performance data option

You can turn off the data collection at any time if you change your mind.

A cosmetic, but security-related, change which Mozilla has introduced with Firefox 7 is found in how the browser presents URLs in the address bar.

As you can see in the examples below, Firefox now hides the "http://" in website addresses.

http website via Firefox 7

But things look different if you visit a website configured to use https instead:

https website via Firefox 7

Firefox is actually following in Google's footsteps with this look. (You see! Firefox doesn't just copy Chrome when it comes to rampant version numbers!) The Chrome web browser already suppresses the "http://":

http website via Chrome

And here's what Google Chrome looks like when you visit an https website:

https website via Chrome

These changes are probably designed to make the web friendlier for those who are put off by geek slashes in URLs. What's probably a more important driver for updating is that Firefox 7 includes a number of security patches.

Firefox 7 security fixes

The most serious vulnerabilities fixed in Firefox 7 are rated "critical" which means that they could be used by malicious attackers to run dangerous code and install software on your computer, without user interaction.

In short, if you don't keep your web browser patched cybercriminals might exploit a vulnerability to install malware on your computer.

, , ,

You might like

8 Responses to Firefox 7 security fixes, http vs https and data collection

  1. Gary · 1028 days ago

    Why not just download the one from Google (Chrome) it's been out a lot longer, and already has the bugs worked out of it!

  2. Gayle Cochrane · 1028 days ago

    Couldn't use Firefox after most recent changes, kept kicking me off of everything. Finally got an e-mail that it was incompatible with a Comcast program. (Chrome) was new to me, but I like it so far and no crashing.

  3. Anonymous · 1028 days ago

    Mozilla needs to stop trying to rip off Google Chrome. Don't they realize that Firefox users like Firefox and would be using Chrome if they liked that browser better?

  4. Dave L. · 1028 days ago

    Chrome's "covert" update strategy maybe ok for people who don't want the "A New Version of Firefox is Available" popups like every two days as in recent time but it also has a downside as in most security conscious users like to keep on top of things as to just what does what and having to delve into the About:* settings is a hassle at the best of times. In conjunction with the silent update they've also decided to drop putting the version number in the help-> about header. Yet another snare for security conscious users. Do Mozilla care for their users at all or are they just trying to produce a product thats so hybridized it should work on any platform in any eventuality? I used to like the old firefox, the "5" track was at least stable and you knew where you were up to as far as plug-in compatibility and add-on.

  5. Richard · 1027 days ago

    Shame we seem to have lost the automatic update again - "Firefox 6.0.2 ... is up to date". I had to download v7 from http://getfirefox.com/ to get the update.

    Memory usage is currently sitting at ~173Mb, as reported by Task Manager. That still seems a bit high to me, since I've only got this window open!

  6. dent · 1027 days ago

    its "... an ice cream van"

  7. WhiZzle · 1027 days ago

    I just hope FF 7.0 doesn't crash at the frequency that FF 6.02 did. I still see no reduction in memory usage, I have 4 tabs open & I'm at over 394Mb according to Task Manager which I think is quite high. Another problem I see is that certain add-ons and user scripts are not supported beyond FF 5.0......

  8. Andrew · 1027 days ago

    Firefox 3.6 is still being maintained for security updates - see here: http://www.mozilla.org/en-US/firefox/all-older.ht...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.