You may or may not have heard about this yet (it is the holiday season), but we wanted to make note of the Firefox 34 Update disabling support for SSL 3.0. Looking at the release notes for this version will give you a quick summary of the other changes.
In their write-up last week, SC Magazine had this to say:
Abhishek Arya of the Google Chrome Security Team is credited with identifying a critical buffer overflow vulnerability during the parsing of media content, according to an advisory, which adds that the bug can lead to a potentially exploitable crash.
Security researcher Berend-Jan Wever is credited with reporting a critical use-after-free vulnerability“created by triggering the creation of a second root element while parsing HTML written to a document created with document.open( ),” according to another release, which also adds that the bug can lead to a potentially exploitable crash.
Disabling SSL 3.0 support in this version of Firefox is due to the POODLE vulnerability that was found by a Google engineer in October of this year. As you may remember, news of the vulnerability quickly spread online and caused people to scramble to make sure they were prepared in time for Q4 business. Here’s a POODLE update we did later in October.
This seems like a good time to bring up the fact that SSL.com offers a wide range of SSL certificates so that you can ensure you’re using the latest SSL / TLS technologies and are protecting your server. Whether you just need something simple for a content site or you have multiple subdomains that you need to lock down, SSL.com has all of your certificate needs covered – all the way up to the Enterprise EV level of coverage.
Back to Firefox 34 Update
Totally unrelated to security, but still interesting to note is the fact that Firefox 34 switched from Google to Yahoo for the default search engine. According to Engadget, they announced the deal about two weeks before they rolled it out. Yahoo is going to remain the default search engine for a period of five years at least. You’ll get a different default search engine if you’re outside of North America.
If you dig a little, it’s easy to see that Yahoo is trying to increase their market share with the deal. According to reports online, Yahoo’s market share improved slightly to 10.3% in October 2014. Of course, that’s nothing compared to behemoth Google’s 67.3% market share. Will the Yahoo / Firefox deal work for the underdog search engine? It all depends on Yahoo and if they’re able to impress the users who stumble on them because of Firefox.
The other big new feature – which wasn’t rolled out to all users at once – is Firefox Hello, an in-browser chat application that has the potential to be a game-changer, especially for companies like Skype. Here’s some info on the new feature / service from the official Mozilla website:
Firefox Hello provides more value to Firefox users by making it easier to communicate with your friends and family who might not have the same video chat service, software or hardware as you. It’s free to make voice and video calls and there’s no need to download software, plugins or even create an account. It’s ready to go as soon as you open Firefox Beta by clicking on the ‘chat bubble’ icon under the customize menu.
Here at SSL.com, the big news for us was that SSL 3.0 was disabled, but we thought we’d share some of the other highlights of the latest Firefox update. If you have any complaints, praises or comments about Firefox 34, leave a comment below and let us know. We love to hear from our readers, especially when it comes to technology and security related issues.