Shortly after Firefox regained its No. 2 position in the browser arena, Mozilla on Tuesday unleashed the next version of its popular open source browser complete with fixes for numerous critical vulnerabilities.
Holes associated with a full 14 security advisories were closed in the new Firefox 16, in fact, 11 of them rated “critical.”
Also notable about Firefox 16 are features including a new developer toolbar, early Web app support, preliminary VoiceOver support in the Mac OS X version, and a new Reader Mode in the Android version.
'A growing set of novel features'
Among the vulnerabilities fixed by Firefox 16 are memory corruption and memory safety hazards, a buffer overflow bug, and a spoofing and script-injection flaw.
Most were also corrected in Thunderbird 16 and SeaMonkey 2.13, both of which were released on Tuesday as well, in addition to being backported to the business-oriented Extended Support Release (ESR) versions of Firefox and Thunderbird.
With initial support for Web apps in the desktop Windows, Mac, and Linux versions of Firefox 16, meanwhile, developers can now begin building self-contained versions of their websites that are installed by the user, can run offline, and "don't always require the chrome of a browser window,” Mozilla explains. Web apps also “have access to a growing set of novel features, such as synchronizing across all of a user's devices,” it adds.
Eventually, Web apps will be distributed through the forthcoming Mozilla Marketplace.
'Removes all the clutter'
Mac users will find that preliminary support for the VoiceOver screen reader is now turned on by default in Firefox 16, while new features in the Android version include a Safari-like Reader Mode that “removes all the clutter from Web pages and shows you only what you want to read in a minimalist UI,” as Firefox Mobile developer Lucas Rocha explained in a blog post this summer.
Also new on the Android side are the ability to use a "Share" menu item to send tabs to other devices through the "Firefox Sync" option and a feature designed to ensure that malicious "tel: URLs" crafted to wipe the phone can no longer be opened.