Tuesday brought the release of the next major Firefox web browser update, Mozilla Firefox 29. The update, which comes as they struggle against Google’s Chrome and Apple’s Safari browsers for a more significant market share, likely couldn’t come at a better time. Just a day before, IE’s zero-day bug hit and users received the word not to use IE anymore.
Firefox’s update features a new menu design and tab structure similar to that featured in Chrome. Icons for new windows, saving pages, and grouped add-ons and developer tools exist in a ‘three-bar menu button’ nearly identical to Chrome’s in the top right corner. Users can also customize this menu via the “Customize” button, where menu items such as “Subscribe [to RSS]” can be added.
The orange Firefox menu button is gone, in favor of a cleaner tab structure similar again to Chrome’s. Add-ons are easier to manage, and mobile users can now sync Firefox bookmarks, passwords and more across multiple devices (both Android and iOS) with a much simpler interface.
Mozilla appears to understand that change is hard, and this attitude of customization to suit each user’s needs will likely make a big difference in adoption rates for the new Firefox. And if you really want the improvements and customization in the browser without sacrificing the old, more squared-off design, Firefox features an add-on that restores the classic theme.
After weeks reporting on Heartbleed, we now have another in-the-wild bug to report on! On April 26th, Microsoft released a security advisory for a newly found “zero-day vulnerability” in Internet Explorer versions 6-11. Yes, that’s all of them for every Windows machine made in the last 13 years through the present. Dubbed “Vulnerability CVE-2014-1776” by Microsoft, it allowed for external parties to target exposed computers and execute malicious code, ranging from corrupting memory, to stealing information, to taking full control of a user’s account or machine. The bug is caused by the way IE accesses objects in memory that may have been deleted, and can be exploited by visiting compromised websites. Because IE is used by over 50% of internet users, this is a very widespread problem.
Users were urged by governments to stop using IE immediately until a patch is created, and to apply updates from Microsoft as soon as they become available. As well, they should be alert and vigilant about which websites they visit, though this code can be transmitted through certain ad networks as well, so IE-abstinence was really the best bet. More information on CVE-2014-1776 can be found at Symantec’s security blog. An out-of-band security update was released to address the problem.
This patch was especially crucial to Windows XP users to be aware of, and despite there being no more official security updates being released for the defunct OS, Microsoft still pushed it out to users.
Whether they will do so again or not in the future remains a mystery, so users are still urged to upgrade their OS.
In possibly unrelated news, Adobe announced that there is a zero-day bug in the Flash Player that can lead to an attacker taking control of an affected system. Thankfully a patch is available, so users should update their version of Flash Player immediately to take advantage of that.
In a post on their official enterprise blog, Google for Education director Bram Bout discussed the company’s new approach to their student users’ privacy. While ads were by default disabled in Google Apps for Education services, administrators had the option to turn them on. That toggle switch has now been removed, meaning that using these services will not affect a student’s Google advertising profile. Google had already removed ads for K-12 Apps account users from Google Search, and AdSense ads can no longer be added to new Apps for Education-created pages or services.
In addition to this removal of ads from Apps for Education, Google no longer will scan student email accounts for possible topics of interest to use in profiling them for advertising purposes. This practice has proven to be a concern for Google users in the past, but at least now students can feel more secure in knowing their school emails aren’t being read.