Firefox 34 disables SSL 3.0 and tackles eight security fixes

Mac

Firefox 34, the latest version of the Mozilla’s popular web browser has disabled support for SSL 3.0 in reaction to the POODLE exploit, reported by We Live Security back in October.

The fix means that Firefox users will no longer be vulnerable to POODLE, an exploit found by Google researchers in October that would allow hackers to intercept plaintext data from secure connections, reports Tech Week Europe.

Speaking to SC Magazine, Chad Weiner, director of product management for Firefox said “We have dropped support for SSLv3 entirely, which will protect more users from its inherent vulnerabilities. We’re putting users’ safety online first, and trying to aggressively push the Web towards more secure alternatives (i.e. TLS 1.1 and later.)”

In all, Firefox 34 fixes eight security issues, three of which are described as critical. The first was a bug discovered by Abhishek Arya of the Google Chrome Security Team, who found a buffer overflow vulnerability when media is parsed. The second is a ‘use-after-free vulnerability’ which is “created by triggering the creation of a second root element while parsing HTML written to a document created with document.open( ),”. The final critical fix deals with a number of memory safety bugs, which “showed evidence of memory corruption under certain circumstances”, which could be potentially exploited.

Other less significant security fixes in Firefox 34 include an OSX bug where private data could be saved to a local log file, and another flaw that could allow malicious websites to obtain sensitive data.

Firefox 34  is also notable for dropping Google as its default search engine. Engadget reports that Yahoo is now the default search provider in the United States, Yandex in Russia, and Baidu in China.

Lucian Milasan / Shutterstock.com

Author , ESET

  • rugk

    LOL
    Firefox 34 has been released and you use a screenshot from the download page of Firefox 3.6 here…

  • Toldyouso

    If there is one thing that really bugs me – it’s applications that don’t work on or are not even available for all my devices. By that I mean my iMac, Mac book, iPad and iPhone. I hate having to use different applications and means of doing things from one device to another. Once Firefox really puts out an app for my mobile devices, I will certainly give it another try. Until then………

    • Slotty Badfast

      Apple doesn’t like you using other developers’ products, and from your description you obviously are an Apple fan. Stick with what they provide for you. Looking at online reviews of nearly everything that uses a computer, phone, tablet, etc., one has to plow through and sort out the gripes of Mac-iWhatever users to find reviews that apply to the rest of the world. And the low ratings they give (because it doesn’t work well on their Apple device) skew the ratings of the product itself, which may work wonderfully. Things don’t always work with Apple products because that’s the way Apple wants it, and it’s not the job of others to comply with their whims. Firefox works great on my Android phone, as well as my Windows 7 and 8 computers, and is in fact my preferred browser in many cases. Apple puts out plenty of apps for your mobile devices, so if you choose to use their hardware, use their stuff and that’s all (think different, remember?); don’t expect everyone else to come running to accommodate Apple fans.

    • rugk

      There is an (official) version of Firefox for Mac OS X (so on your iMac and MacBook you can use it).
      And for iOS (iPhone) it (maybe) will come soon too…
      http://techcrunch.com/2014/12/02/firefox-could-soon-come-to-ios/

      BTW: Also ESET has anti-malware (even a solution with a firewall) for MacOS X:
      http://www.eset.com/int/home/for-mac/
      http://www.eset.com/int/about/press/articles/article/av-comparatives-declares-eset-cyber-security-pro-for-mac-provides-outstanding-protection/

      So of course not all companies have there software for Mac too (and that’s understandable because it’s a completely different OS and not so much used), but under this article this complaint is completely out of place.

  • nemam razloga ja najmanje provodima u mene je kućšno racunalo i free 30day tražim i a orginal now home bejzik i nerazumjem jewr ja nisam tu žena i curica

Follow us

Copyright © 2016 ESET, All Rights Reserved.