Delivering multiple updates and security fixes, a new version of the popular browser from Mozilla has arrived this week. Firefox version 26 has at least 14 security fixes integrated into it and introduces default click to play for plug-ins, initially for Java applications. This feature blocks Java applications by default, requiring user approval to play.
In recent years hackers have found vulnerabilities in Java that they have been able to exploit to spread malware and control users computers. Mozilla has found a solution by introducing click to play option for all Java based plugins that allows secured access while making sure applications run as expected. It prevents these plugins from automatically running in the background on web pages without user intervention, an approach used by hacker attacks.
All Java plugins in FireFox 26 will run on click to play mode, where the user will be prompted to choose to either allow or disallow running it. The Chrome browser has had this feature for some time, but it is turned off by default.
Mozilla is still testing the click and play functionality for other plug-ins and expects to include it in a future release.
In their new release, Mozilla has patched five different critical errors, including revoking security certificates wrongly issued by a company for Google products. This will stop any cyber criminals who might plan to organize an attack using forged SSL certificates. Other updates include trust settings for EV SSL, strict overflow control with Javasearch binary algorithms, and Linux clip board information disclosure.