News

Quote

Mozilla delivered two things today: Firefox 5 for personal computers and Android phones, and the promise to deliver the browser just a few months after its predecessor.

The organization, once the leading challenger to Microsoft's Internet Explorer, faces new challenges--notably Google's Chrome, new versions of which arrive every 6 weeks. Adopting a similar philosophy, Firefox now revs on a three-month cycle, and today Mozilla met its first deadline.

Quote

According to the release notes, the core Gecko rendering engine--the component that interprets Web page instructions and draws text and graphics on your screen--has seen major changes in the upgrade to the new version 1.9 used in Firefox 3. "Gecko 1.9 includes some major re-architecting for performance, stability, correctness, and code simplification and sustainability," the notes said. Those changes "put foundations in place for major performance tuning which have resulted in speed increases in beta 1, and will show further gains in future beta releases."

Quote

Mozilla on Monday released security updates for Firefox 2 and Firefox 1.5. Security updates for Firefox 1.5 will be available only until April 24, 2007, when Mozilla will stop supporting the earlier version. Mozilla is encouraging current 1.5 users to upgrade to 2.0 soon. Current users of Firefox 2.0 and 1.5 will receive an automatic update notification and will need to reload the browser for the changes to take effect. Changes in this update patch a flaw in the FTP protocol used by Firefox.

Quote

According to Net Applications, Internet Explorer accounted for 79.6% of all browsers used in December 2006, a drop from the 80.6% during the previous month. Firefox's use, meanwhile, measured 14% in December, up from 13.5% in November. Also gaining ground in the last month of 2006 was Apple's Safari, which climbed to 4.2% from 4%, and Opera, which saw its share increase from 0.7% to 0.9%. Net Applications' data put IE 7's market share during December at 18.3%, up dramatically from November's 8.8%. But IE 6 lost more than IE 7 gained, dropping from 70.9% in November to 60.7% the next month. The gain in IE 7 is largely due to Microsoft pushing the new browser to end users via Windows' Automatic Updates setting, which is usually reserved for downloading and installing security fixes on PCs. Microsoft began issuing IE 7 to Windows XP users through Automatic Updates in early November as part of a controversial scheme to get the new browser in as many hands as possible as quickly as possible.

Quote

RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge. Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.

Quote

The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged Web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said. This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organization has said.

Quote

Firefox 2's theme and user interface have been updated to improve usability without altering the familiarity of the browsing experience. For instance, toolbar buttons now glow when you hover over them. We will continue to improve the look and feel throughout the release candidate process.

Quote

Firefox 2 Release Candidate 2 (RC 2), the latest preview release of the next version of the Firefox browser, is now available for download. Web application developers, our testing community, and users who want to get a sneak peek at the next version of Firefox should download and install this release candidate. Please note that at this time, users should not expect all of their extensions, plugins and themes from previous versions of Firefox to work properly.

Quote

"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

The flaw is specific to Firefox's implementation of JavaScript, a 10-year-old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."

Quote

"Firefox 2 Beta 2 is intended for Web application developers and our testing community," the team said on the Mozilla development website. "Current users of Firefox 1.x should not use Firefox 2 Beta 2 and expect all of their extensions and plugins to work properly. The final Firefox 2.0 is expected to be completed in early 2007, the team said. More beta versions are expected to be released this fall and winter.