Firefox 2.0.0.10 Is Here

Firefox 2.0.0.10 is now released and fixes a total of 3 security vulnerabilities.

MFSA 2007-39 – Referer-spoofing via window.location race condition

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks… Read more

MFSA 2007-38 – Memory corruption vulnerabilities (rv:1.8.1.10)

MFSA 2007-37 – jar: URI scheme XSS hazard

The jar: URI scheme was introduced as a mechanism to support digitally signed web pages, enabling web sites to load pages packaged in zip archives containing signatures in java-archive format.
Jesse Ruderman and Petko D. Petkov point out this means that sites that allow users to upload binary content in zip format are effectively allowing users to install web pages on their site, and these can be used to perform Cross-Site Scripting (XSS) attacks… Read more

Download Firefox 2.0.0.10.

Don’t miss the news. Subscribe to our RSS Feed.

SpreadFirefox.com (Spread Firefox) Gets a Face Lift

More news about web pages design. Seems both, Mozilla and Opera are preparing for their new web browsers launch.

If you haven’t seen yet; check the brand new SpreadFirefox.com web page design. Looks cool, doesn’t it?

Don’t miss the news. Subscribe to our RSS Feed.

Firefox 3 Beta 1 Released

It’s finally here, the long awaited Firefox 3 Beta release from Mozilla’s Firefox team. Firefox 3 Beta 1 introduces some new features such as malware protection, auto add-ons or plugins versions checks for easy update as well as lots of improvements like new download manager or plugins management. What you should also expect from this, Firefox 3 Beta 1 release is performance. As it says in release notes, more than 300 individual memory leaks have been plugged. One of the facts in their release notes page really makes a god impression. Here it is:

Firefox 3 Beta 1 is based on the new Gecko 1.9 Web rendering platform, which has been under development for the past 27 months and includes nearly 2 million lines of code changes, fixing more than 11,000 issues.

That just sounds nice.

Enough of chit chat, let’s see the changelog in full.

More Security

One click site info: Click the site favicon in the location bar to see who owns the site. Identity verification is prominently displayed and easier to understand. In later versions, Extended Validation SSL certificate information will be displayed.

Malware Protection: malware protection warns users when they arrive at sites which are known to install viruses, spyware, trojans or other malware. You can test it here (note: our blacklist of malware sites is not yet activated).

New Web Forgery Protection page: the content of pages suspected as web forgeries is no longer shown. You can test it here.

New SSL error pages: clearer and stricter error pages are used when Firefox encounters an invalid SSL certificate.

Add-ons and Plugin version check: Firefox now automatically checks add-on and plugin versions and will disable older, insecure versions.

Secure add-on updates: to improve add-on update security, add-ons that provide updates in an insecure manner will be disabled.

Anti-virus integration: Firefox will inform anti-virus software when downloading executables.

Vista Parental Controls: Firefox now respects the Vista system-wide parental control setting for disabling file downloads.

Easier to Use

Easier password management: an information bar replaces the old password dialog so you can now save passwords after a successful login.

Simplified add-on installation: the add-ons whitelist has been removed making it possible to install extensions from third-party sites in fewer clicks.

New Download Manager: the revised download manager makes it much easier to locate downloaded files.

Resumable downloading: users can now resume downloads after restarting the browser or resetting your network connection.

Full page zoom: from the View menu and via keyboard shortcuts, the new zooming feature lets you zoom in and out of entire pages, scaling the layout, text and images.

Tab scrolling and quickmenu: tabs are easier to locate with the new tab scrolling and tab quickmenu.

Save what you were doing: Firefox will prompt users to save tabs on exit.

Optimized Open in Tabs behavior: opening a folder of bookmarks in tabs now appends the new tabs rather than overwriting.

Location and Search bar size can now be customized with a simple resizer item.

Text selection improvements: Multiple text selections can be made with Ctrl/Cmd; Double-click drag selects in “word-by-word” mode; Triple-clicking selects a paragraph.

Find toolbar: the Find toolbar now opens with the current selection.

Plugin management: users can disable individual plugins in the Add-on Manager.

Integration with Vista: Firefox’s menus now display using Vista’s native theme.

Integration with the Mac: Firefox now uses the OS X spellchecker and supports Growl for notifications of completed downloads and available updates.

More Personal

Star button: quickly add bookmarks from the location bar with a single click; a second click lets you file and tag them.

Tags: associate keywords with your bookmarks to sort them by topic.

Location bar & auto-complete: type the title or tag of a page in the location bar to quickly find the site you were looking for in your history; favicons, bookmark, and tag indicators help you see where results are coming from.

Smart Places Folder: quickly access your recently bookmarked and tagged pages, as well as you more frequently visited pages with the new smart places folder on your bookmark toolbar.

Bookmarks and History Organizer: advanced search of your history and bookmarks with multiple views and smart folders to store your frequent searches.

Web-based protocol handlers: web applications, such as your favorite webmail provider, can now be used instead of desktop applications for handling mailto: links from other sites. Similar support is available for other protocols (Web applications will have to first enable this by registering as handlers with Firefox).

Easy to use Download Actions: a new Applications preferences pane provides a better UI for configuring handlers for various file types and protocol schemes.

Improved Platform for Developers

New graphics and font handling: new graphics and text rendering architectures in Gecko 1.9 provides rendering improvements in CSS, SVG as well as improved display of fonts with ligatures and complex scripts.

Native Web page forms: HTML forms on Web pages now have a native look and feel on Mac OS X and Linux (Gnome) desktops.

Color management: (set gfx.color_management.enabled on in about:config and restart the browser to enable.) Firefox can now adjust images with embedded color profiles.

Offline support: enables web applications to provide offline functionality (website authors must add support for offline browsing to their site for this feature to be available to users).

A more complete overview of Firefox 3 for developers is available for website and add-on developers.

Improved Performance

Reliability: A user’s bookmarks, history, cookies, and preferences are now stored in a transactionally secure database format which will prevent data loss even if their system crashes.

Speed: Major architectural changes (such as the move to Cairo and a rewrite to how reflowing a page layout works) put foundations in place for major performance tuning which have resulted in speed increases in Beta 1, and will show further gains in future Beta releases.

Memory usage: Over 300 individual memory leaks have been plugged, and a new XPCOM cycle collector completely eliminates many more. Developers are continuing to work on optimizing memory use (by releasing cached objects more quickly) and reducing fragmentation.

Download Firefox 3 Beta 1.

Don’t miss the news. Subscribe to our RSS Feed.