Finally, some new version of web browser, as I was geting bored.
Firefox 18.104.22.168 fixes the following security issues:
- Unescaped URIs passed to external programs
- Privilege escalation through chrome-loaded about:blank windows
Every web browser update is important and I strongly advice you to update your Firefox to the newest one. If you can increase your security level for free, why not to do that?
Is there anything wrong this week? Waiting for some new releases and just interesting news, but nothing happens. Anyways…
Sean P. Aune wrote a nice article and listed over 50 add-ons for Firefox, which should help you to increase your security and privacy level.
ActionMonkey is the code-name for the project to integrate Tamarin and SpiderMonkey as part of Mozilla 2.
Stage 0 of this project is underway. What they are going to do now is to replace SpiderMonkey’s GC (jsgc) with Tamarin’s GC (MMgc).
Their new efforts will boost performance for sure and I am waiting for more news from ActionMonkey blog.
So I was surfing the internet today and got a pleasant notice about an installed update. That’s right, Firefox 22.214.171.124 was just released.
According to Mozilla.org, Firefox 126.96.36.199 fixes the following vulnerabilities:
- XPCNativeWrapper pollution
- Unauthorized access to wyciwyg:// documents
- Remote code execution by launching Firefox from Internet Explorer
- File type confusion due to %00 in name
- Privilege escallation using an event handler attached to an element not in the document
- Frame spoofing while window is loading
- XSS using addEventListener and setTimeout
- Crashes with evidence of memory corruption
And by the way, I love the way how Firefox is being updated.
It’s not a big secret, every web developer wants to have fastest and most secure web browser, which not only should have all the security issues fixed, but also it should help novice user to understand the risks and help him/her to avoid that.
Firefox 3 Alpha 7 (Pre) got one more feature which should help users to avoid fake domain names. See this picture.
It highlights domain name (well… actually makes other text light grey) so users could take a look at it and make sure it’s a correct domain name. Not really usefull, isn’t it?
That’s not all, according to Arstechnica,
FF3 Alpha 7 also incorporates a domain translator that changes an address that’s encoded in non-standard ASCII (such as a percentile-encoded address) into standard text. Again, this is a change aimed at making domain addresses easier to read by stripping out the non-standard characters a phisher might use to confuse a potential target.
There’s also an add-on for Firefox 2. Not perfect, but if you don’t want to use Firefox 3 Alpha 7 to test this one, feel free to use Locationbar2 add-on.
After yesterdays post about new Firefox security bug I’ve decided to check out, which of the worlds most popular web browsers are most secure. Thanks to Secunia for stats.
Opera 9.x – Affected By 6 Secunia advisories
Unpatched 0% (0 of 6 Secunia advisories)
Internet Explorer 7.x – Affected By 13 Secunia advisories
Unpatched 54% (7 of 13 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical.
Safari 2.x – Affected By 6 Secunia advisories
Unpatched 67% (4 of 6 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Safari 2.x, with all vendor patches applied, is rated Less critical.
Firefox 2.0.x – Affected By 12 Secunia advisories
Unpatched 67% (8 of 12 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Mozilla Firefox 2.0.x, with all vendor patches applied, is rated Highly critical.
I am really confused right now, but does that makes Firefox 2.0.x most insecure web browser? And according to Secunia stats, Internet Explorer 7 is right after Opera which puts it into the 2nd place?
1. Opera 9.x – Most Secure Web Browser?
2. Internet Explorer 7.x
3. Safari 2.x
4. Firefox 2.0.x – Most Insecure Web Browser?
Recently Mozilla modified their Firefox 3 roadmap and announced Firefox 3 Alpha 7 instead of Firefox 3 Beta 1.
According to Mozilla, next Firefox 3 release isn’t ready to call itself a “beta”, they want to deliver a product, which is stable and much better, it doesn’t matter if it can take more time than planned. I guess that’s good, we want finished and polished releases, not just a big peace of bugs.
Firefox 3 Alpha 7 should contain anti-malware, finished offline api’s and secure wrappers. If there won’t be any delays for Firefox 3 Alpha 7, it will be released on July 31st.
Firefox 3 Milestone 8 will be available in the middle of September.
Like this post? Subscribe to our RSS Feed.
Secunia reported today about a new exploit for Firefox 188.8.131.52 (might affect previous builds as well).
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.
Do not browse untrusted sites.
Disable the “Firefox URL” URI handler.
Thor Larholm noted:
There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta.