Version 19 Update for Firefox – Patched HTTPS Phishing Issues, PDF Viewer Added
Firefox 19 now has a PDF viewer (Yay, bells and whistles)! Time to kick Adobe Reader, you know, because of all the exploits.
Technically, the tool has been in Firefox for many versions, but you had to manually enable it. The whole point of the built-in PDF viewer is to avoid having to use plugins with proprietary closed source code “that could potentially expose users to security vulnerabilities.””
The new PDF viewer doesn’t even require a secondary plugin or anything! It has its own ability to draw images and text.
A little more explained:
“Firefox for Windows, Mac and Linux introduces a built-in browser PDF viewer that allows you to read PDFs directly within the browser, making reading PDFs easier because you don’t have to download the content or read it in a plugin like Reader. For example, you can use the PDF viewer to check out a menu from your favorite restaurant, view and print concert tickets or read reports without having to interrupt your browsing experience with extra clicks or downloads,” Mozilla said.
In addition to that exciting news, Firefox 19 also fixes an HTTPS phishing flaw, which was reported by Michal Zalewski, Google security researcher. It details an issue with a proxy’s 407 response, where if a user canceled the proxy’s authentication prompt, the browser continues to display the address bar. This can be spoofed by attackers, by telling them to enter credentials. Read more in the Mozilla advisory about this.
In Firefox, if you’re not automatically prompted to update, then do so as soon as possible by clicking the Firefox tab at the top left corner of the browser, hovering over Help >, click on About Firefox. You may also have to click Check for updates in the window that pops up. You should be patched.