Is there anything wrong this week? Waiting for some new releases and just interesting news, but nothing happens. Anyways…
Sean P. Aune wrote a nice article and listed over 50 add-ons for Firefox, which should help you to increase your security and privacy level.
ActionMonkey is the code-name for the project to integrate Tamarin and SpiderMonkey as part of Mozilla 2.
Stage 0 of this project is underway. What they are going to do now is to replace SpiderMonkey’s GC (jsgc) with Tamarin’s GC (MMgc).
Their new efforts will boost performance for sure and I am waiting for more news from ActionMonkey blog.
So I was surfing the internet today and got a pleasant notice about an installed update. That’s right, Firefox 184.108.40.206 was just released.
According to Mozilla.org, Firefox 220.127.116.11 fixes the following vulnerabilities:
- XPCNativeWrapper pollution
- Unauthorized access to wyciwyg:// documents
- Remote code execution by launching Firefox from Internet Explorer
- File type confusion due to %00 in name
- Privilege escallation using an event handler attached to an element not in the document
- Frame spoofing while window is loading
- XSS using addEventListener and setTimeout
- Crashes with evidence of memory corruption
And by the way, I love the way how Firefox is being updated.
It’s not a big secret, every web developer wants to have fastest and most secure web browser, which not only should have all the security issues fixed, but also it should help novice user to understand the risks and help him/her to avoid that.
Firefox 3 Alpha 7 (Pre) got one more feature which should help users to avoid fake domain names. See this picture.
It highlights domain name (well… actually makes other text light grey) so users could take a look at it and make sure it’s a correct domain name. Not really usefull, isn’t it?
That’s not all, according to Arstechnica,
FF3 Alpha 7 also incorporates a domain translator that changes an address that’s encoded in non-standard ASCII (such as a percentile-encoded address) into standard text. Again, this is a change aimed at making domain addresses easier to read by stripping out the non-standard characters a phisher might use to confuse a potential target.
There’s also an add-on for Firefox 2. Not perfect, but if you don’t want to use Firefox 3 Alpha 7 to test this one, feel free to use Locationbar2 add-on.
After yesterdays post about new Firefox security bug I’ve decided to check out, which of the worlds most popular web browsers are most secure. Thanks to Secunia for stats.
Opera 9.x – Affected By 6 Secunia advisories
Unpatched 0% (0 of 6 Secunia advisories)
Internet Explorer 7.x – Affected By 13 Secunia advisories
Unpatched 54% (7 of 13 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical.
Safari 2.x – Affected By 6 Secunia advisories
Unpatched 67% (4 of 6 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Safari 2.x, with all vendor patches applied, is rated Less critical.
Firefox 2.0.x – Affected By 12 Secunia advisories
Unpatched 67% (8 of 12 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Mozilla Firefox 2.0.x, with all vendor patches applied, is rated Highly critical.
I am really confused right now, but does that makes Firefox 2.0.x most insecure web browser? And according to Secunia stats, Internet Explorer 7 is right after Opera which puts it into the 2nd place?
1. Opera 9.x – Most Secure Web Browser?
2. Internet Explorer 7.x
3. Safari 2.x
4. Firefox 2.0.x – Most Insecure Web Browser?
Recently Mozilla modified their Firefox 3 roadmap and announced Firefox 3 Alpha 7 instead of Firefox 3 Beta 1.
According to Mozilla, next Firefox 3 release isn’t ready to call itself a “beta”, they want to deliver a product, which is stable and much better, it doesn’t matter if it can take more time than planned. I guess that’s good, we want finished and polished releases, not just a big peace of bugs.
Firefox 3 Alpha 7 should contain anti-malware, finished offline api’s and secure wrappers. If there won’t be any delays for Firefox 3 Alpha 7, it will be released on July 31st.
Firefox 3 Milestone 8 will be available in the middle of September.
Like this post? Subscribe to our RSS Feed.
Secunia reported today about a new exploit for Firefox 18.104.22.168 (might affect previous builds as well).
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.
Do not browse untrusted sites.
Disable the “Firefox URL” URI handler.
Thor Larholm noted:
There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta.
Today I’ve decided to write a bit, of what should web browsers developers do in order to win or not to lose market share.
This is only my opinion which can be wrong as well. It can also be offensive for some of you.
Internet Explorer – Drop that slow and poorly written Internet Explorer core and develop something good. Internet Explorer is slow, buggy; uses lots of resources, ignores web standards, renders bad, lacks of functionality, etc. It’s just a big piece of software, which sooner or later won’t be used anymore. Develop faster, why are you sleeping? All other companies are much smaller and release/announces new versions more frequency. How that’s possible? Don’t be lazy just cause you have money.
Firefox – Finally fix memory leak bug (some says it’s already a “feature”). Support web standards (glad you will do that in Firefox 3), stop stealing features from other browsers and develop something more on your own.
Opera – Stop crying, that a big part of web developers ignores you. Buy advertising in web developer communities, and just get in touch with them. Build strong relations and explain why they should develop new product not just for IE, Firefox, Safari, and Netscape but also for Opera.
Safari – Not much to say yet. Waiting for the final Safari 3 release. Yes, we know that you’ve invented an iPhone, but who cares?
Netscape, Konqueror and others – Haven’t used them. Why? Make some whispers, get more attention.