“Ten Fuc*ing Days”. That’s what Mozilla said.
That’s right, they’ve said that they can release any critical patch within 10 days or faster. Firefox 188.8.131.52 was released even faster than 10 days (after security flaws were discovered). So they are not just using some tricks (or do they?), it’s already proven, we will see how fast they will release next one.
In my point of view, before using such statements they should also fix other security vulnerabilities. Even if they are not the most critical ones.
Unpatched 43% (6 of 14 Secunia advisories)
Most Critical Unpatched
Secunia Security Stats.
Sorry for not writing anything interested in a past few days, I was in some kind of not planned vacation. Anyways, time for the news.
Mozilla team updated us by providing more details about IronMonkey and ScreamingMonkey. Here are some quotes from their post.
ScreamingMonkey is the effort, being led by Mark Hammond, to allow the Tamarin engine to run within non-Mozilla browsers, starting with Internet Explorer.
That’s a brief, here’s a full story to read (if you want to).
Yet again, we have a new Firefox 3 version: Firefox 3 Alpha 7.
What’s new in it? There are some great stuff like zoom and that’s not all. Here’s a complete list of changes and fixes:
- Support for Mac OS X 10.3 (Panther) has been removed. Gecko 1.9 will no longer build or run on Mac OS X 10.3
- Default visited pages history size 9 to 180 days
- Full page zoom of images, layout and text
- Many fixes for context menus, clipboard, and drag services on Mac OS X
- Reworking of XUL menus and popups
- document.all now returns a NodeList of elements
- Several new clipboard events
- A class of wrappers to mediate access between web pages from different origins
- Cross site XMLHttpRequest specification implemented
- A method for opening modal dialogs from content
- Color profile support
- Text in canvas
Here’s what I got after trying to run Firefox 3 Alpha 7:
Oh well… I will wait for Firefox 3 Milestone 8 then, it will be released in the middle of September.
Finally, some new version of web browser, as I was geting bored.
Firefox 184.108.40.206 fixes the following security issues:
- Unescaped URIs passed to external programs
- Privilege escalation through chrome-loaded about:blank windows
Every web browser update is important and I strongly advice you to update your Firefox to the newest one. If you can increase your security level for free, why not to do that?
Is there anything wrong this week? Waiting for some new releases and just interesting news, but nothing happens. Anyways…
Sean P. Aune wrote a nice article and listed over 50 add-ons for Firefox, which should help you to increase your security and privacy level.
ActionMonkey is the code-name for the project to integrate Tamarin and SpiderMonkey as part of Mozilla 2.
Stage 0 of this project is underway. What they are going to do now is to replace SpiderMonkey’s GC (jsgc) with Tamarin’s GC (MMgc).
Their new efforts will boost performance for sure and I am waiting for more news from ActionMonkey blog.
So I was surfing the internet today and got a pleasant notice about an installed update. That’s right, Firefox 220.127.116.11 was just released.
According to Mozilla.org, Firefox 18.104.22.168 fixes the following vulnerabilities:
- XPCNativeWrapper pollution
- Unauthorized access to wyciwyg:// documents
- Remote code execution by launching Firefox from Internet Explorer
- File type confusion due to %00 in name
- Privilege escallation using an event handler attached to an element not in the document
- Frame spoofing while window is loading
- XSS using addEventListener and setTimeout
- Crashes with evidence of memory corruption
And by the way, I love the way how Firefox is being updated.
It’s not a big secret, every web developer wants to have fastest and most secure web browser, which not only should have all the security issues fixed, but also it should help novice user to understand the risks and help him/her to avoid that.
Firefox 3 Alpha 7 (Pre) got one more feature which should help users to avoid fake domain names. See this picture.
It highlights domain name (well… actually makes other text light grey) so users could take a look at it and make sure it’s a correct domain name. Not really usefull, isn’t it?
That’s not all, according to Arstechnica,
FF3 Alpha 7 also incorporates a domain translator that changes an address that’s encoded in non-standard ASCII (such as a percentile-encoded address) into standard text. Again, this is a change aimed at making domain addresses easier to read by stripping out the non-standard characters a phisher might use to confuse a potential target.
There’s also an add-on for Firefox 2. Not perfect, but if you don’t want to use Firefox 3 Alpha 7 to test this one, feel free to use Locationbar2 add-on.