So I was surfing the internet today and got a pleasant notice about an installed update. That’s right, Firefox 18.104.22.168 was just released.
According to Mozilla.org, Firefox 22.214.171.124 fixes the following vulnerabilities:
- XPCNativeWrapper pollution
- Unauthorized access to wyciwyg:// documents
- Remote code execution by launching Firefox from Internet Explorer
- File type confusion due to %00 in name
- Privilege escallation using an event handler attached to an element not in the document
- Frame spoofing while window is loading
- XSS using addEventListener and setTimeout
- Crashes with evidence of memory corruption
And by the way, I love the way how Firefox is being updated.
It’s not a big secret, every web developer wants to have fastest and most secure web browser, which not only should have all the security issues fixed, but also it should help novice user to understand the risks and help him/her to avoid that.
Firefox 3 Alpha 7 (Pre) got one more feature which should help users to avoid fake domain names. See this picture.
It highlights domain name (well… actually makes other text light grey) so users could take a look at it and make sure it’s a correct domain name. Not really usefull, isn’t it?
That’s not all, according to Arstechnica,
FF3 Alpha 7 also incorporates a domain translator that changes an address that’s encoded in non-standard ASCII (such as a percentile-encoded address) into standard text. Again, this is a change aimed at making domain addresses easier to read by stripping out the non-standard characters a phisher might use to confuse a potential target.
There’s also an add-on for Firefox 2. Not perfect, but if you don’t want to use Firefox 3 Alpha 7 to test this one, feel free to use Locationbar2 add-on.
After yesterdays post about new Firefox security bug I’ve decided to check out, which of the worlds most popular web browsers are most secure. Thanks to Secunia for stats.
Opera 9.x – Affected By 6 Secunia advisories
Unpatched 0% (0 of 6 Secunia advisories)
Internet Explorer 7.x – Affected By 13 Secunia advisories
Unpatched 54% (7 of 13 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 7.x, with all vendor patches applied, is rated Moderately critical.
Safari 2.x – Affected By 6 Secunia advisories
Unpatched 67% (4 of 6 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Safari 2.x, with all vendor patches applied, is rated Less critical.
Firefox 2.0.x – Affected By 12 Secunia advisories
Unpatched 67% (8 of 12 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Mozilla Firefox 2.0.x, with all vendor patches applied, is rated Highly critical.
I am really confused right now, but does that makes Firefox 2.0.x most insecure web browser? And according to Secunia stats, Internet Explorer 7 is right after Opera which puts it into the 2nd place?
1. Opera 9.x – Most Secure Web Browser?
2. Internet Explorer 7.x
3. Safari 2.x
4. Firefox 2.0.x – Most Insecure Web Browser?
Recently Mozilla modified their Firefox 3 roadmap and announced Firefox 3 Alpha 7 instead of Firefox 3 Beta 1.
According to Mozilla, next Firefox 3 release isn’t ready to call itself a “beta”, they want to deliver a product, which is stable and much better, it doesn’t matter if it can take more time than planned. I guess that’s good, we want finished and polished releases, not just a big peace of bugs.
Firefox 3 Alpha 7 should contain anti-malware, finished offline api’s and secure wrappers. If there won’t be any delays for Firefox 3 Alpha 7, it will be released on July 31st.
Firefox 3 Milestone 8 will be available in the middle of September.
Like this post? Subscribe to our RSS Feed.
Secunia reported today about a new exploit for Firefox 126.96.36.199 (might affect previous builds as well).
A vulnerability has been discovered in Firefox, which can be exploited by malicious people to compromise a user’s system.
Do not browse untrusted sites.
Disable the “Firefox URL” URI handler.
Thor Larholm noted:
There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta.
Today I’ve decided to write a bit, of what should web browsers developers do in order to win or not to lose market share.
This is only my opinion which can be wrong as well. It can also be offensive for some of you.
Internet Explorer – Drop that slow and poorly written Internet Explorer core and develop something good. Internet Explorer is slow, buggy; uses lots of resources, ignores web standards, renders bad, lacks of functionality, etc. It’s just a big piece of software, which sooner or later won’t be used anymore. Develop faster, why are you sleeping? All other companies are much smaller and release/announces new versions more frequency. How that’s possible? Don’t be lazy just cause you have money.
Firefox – Finally fix memory leak bug (some says it’s already a “feature”). Support web standards (glad you will do that in Firefox 3), stop stealing features from other browsers and develop something more on your own.
Opera – Stop crying, that a big part of web developers ignores you. Buy advertising in web developer communities, and just get in touch with them. Build strong relations and explain why they should develop new product not just for IE, Firefox, Safari, and Netscape but also for Opera.
Safari – Not much to say yet. Waiting for the final Safari 3 release. Yes, we know that you’ve invented an iPhone, but who cares?
Netscape, Konqueror and others – Haven’t used them. Why? Make some whispers, get more attention.
If you enjoy using social networks this might be interesting then.
Wakoopa.com is a social network for software users (more likely fans), so if you are a big fan of Internet Explorer, Firefox, Safari, Opera, Netscape or what’s so ever, feel free to join there.
I am not sure, what’s the point to join those groups, as all I read was: “I love this browser, the best of the best”, etc… But hey, that’s only my opinion.
Internet Explorer is in the 1st place.
Firefox is in the 2nd place.
Opera is in the 3rd place.
Safari remains 6th.
Recently I’ve wrote, that Opera’s Speed Dial feature was copied by Firefox fans and released as an add-on.
Today I’ve noticed one Firefox add-on (developer: Philipp E. Imhof), which do the same like Safari’s SnapBack feature.
This extension enables you to temporarily save an URL. You may then follow links and go anywhere you want and jump back to the “waypoint” immediately. This is useful e.g. for forums.
Althought I am not a fan of Firefox add-ons or Opera’s widgets, you may find this one usefull.
More details and download link can be found here.
I basically enjoy most of the steps which are being made by Mozilla company to promote Firefox. Their tactics is pretty impressive. This time they surelly will get VERY MUCH boost from eBay and their new product: Firefox eBay Edition.
It’s not just like: dear users, please spread the word… Nah, they are already getting support from one of the big guys (Google). Time for another one, right? While all other browsers expect IE (which is big enough) waiting for few percents increase, Mozilla thinks big. I can’t wait to see how much of the market share they will grab this month.
You can download it here.
Recently I’ve heard that Opera’s Speed Dial is being copied not only by Firefox users, but also by other companies and just thought, why is this function so special? When I was surfing using Opera, I always had this function turned off, as I love clean browsing.
However, yesterday I’ve decided to try it. Guess what? Now it’s one of my favorite features. I don’t have to type, let’s say first letter in the address bar in order to see the site which I want to visit, now I am just click one click away from it. So it saves some time and I love it.
If you haven’t tried Speed Dial yet (or ignored it as I did), just give it a try, you may thank me latter.