A brief reminder for Firefox users: version 25 is out.
As usual, there are some new and tweaked features, plus a fair number of security fixes.
And, as usual, Mozilla recommends your immediate attention to the update, if you’re one of those who prefers to be alerted to updates first rather than having them automatically applied:
It is strongly recommended that you apply this update for Firefox as soon as possible.
If you aren’t already using Firefox you can get a copy of the latest version from the downloads page.
There are actually four updated software versions in the Mozilla stable that have received the security patches from the latest upgrade:
- Firefox 24.0 goes to 25.0.
- Firefox 24.0ESR (Extended Support Release) goes to 24.1ESR
- Firefox 17.0.9ESR goes to 17.0.10ESR.
- Thunderbird goes to 24.1.
The Seamonkey application suite is also listed as getting the fixes, moving to 2.22, but it looks as though Seamonkey users may have to wait, as the official download page [at 2013-10-30T05:45Z] still offers 2.21.
Tor Browser users will also need to keep their eye on the progress of updates, as the Firefox ESR version that ships in the Tor Browser Bundle is still at 17.0.9.
Five of the security advisories are marked in red, meaning they’re critical, and can therefore possibly, or even probably, be used for implanting malware via Remote Code Execution (RCE).
All of the critical fixes involve memory mismanagement errors such as use-after-free bugs: if you’re interested in the potential implications of this sort of programming flaw, you might want to check out our Anatomy of an IE Exploit series.
There are two official changes listed for Firefox 25, and both caught my eye, as they have to do with the Firefox Reset feature:
Resetting Firefox is a not-very-well-known option you can try when websites stop working properly, perhaps because of accumulated state information about your browsing so far. (So much for HTTP being a so-called stateless protocol where each request stands entirely on its own.)
If you browse to the URL about:support, you’ll see the reset option:
As the change list reminds us quite clearly, a Firefox reset doesn’t set you back to a state of total browsing innocence, and in Firefox 25, it seems that slightly less than before is deleted from the browser’s store of information.
In particular, the reset function no longer forces an end to any current browser sessions, meaning that it leaves behind a fair amount of data about your current browser state.
Do bear this in mind, especially if you also use Safari, where the Reset option can be used to remove all browser data, effectively logging you out, removing all tracking cookies, and more.
The equivalent option in Firefox isn’t Reset, but rather Clear All History, which you reach from the History|Clear Recent History menu option.
Now grab the update, and shield yourself from any potential attacks that might be found against those use-after-free bugs!
6 comments on “Firefox moves up to Version 25, fixes a bunch of memory mismanagement problems”
Where is the update link? I do not see it in this article.
Click on the link to the release notes above, which will let you see what's new and changed. From that official release notes page there's one more obvious and official link to the download page 🙂
Or run Firefox, pop up the "About Firefox" window, and click the [Check for Updates] button.
After updating to Firefox 25 last night Firefox will not connect to any servers! In other words no Internet on Firefox. I am on Internet now via Internet Explorer.
Firefox 24 was working properly.
Maybe time to look elsewhere for an Internet browser?
I just updated and the memory management seems worse than ever. Firefox 26 is using over 1.2GB of memory with just a few tabs open. I’m getting ready to move on from firefox and not look back.