Browser

H-Online: Version 2.0 of the HTTPS Everywhere browser extension has been released. Where possible, the add-on automatically redirects users to more secure HTTPS connections when they access certain web pages. HTTPS Everywhere 2.0 includes an optional “Decentralised SSL Observatory” feature that detects weaknesses in encryption. When the extension detects an encryption issue, such as weak keys, it notifies users that the site they are visiting may contain security vulnerabilities that could be used to for man-in-the-middle (MITM) attacks. “This is an extra level of protection that we encourage Firefox users to download, install, and use” said Electronic Frontier Foundation (EFF) Technology Projects Director Peter Eckersley. ...

The H-Online: Google’s solution for the problem of getting better passwords on the net – a combination of browser sign-in andOpenID – will take some time to implement as it involves persuading sites to switch to using OpenID. The developers on the Chrome project think that they can at least improve the security of passwords on sites, by generating passwords for the user. A new Password Generation proposal for the Chromium and Chrome browsers attempts to address that by assuming that once the user is signed into the browser, it can take over the handling of password creation. ...

The H-Online: The Mozilla Project has released updates to Firefox and Thunderbird. According to the release notes, the version 10.0.2 updates to the open source web browser and the news and email client address a security vulnerability; however, at the time of writing, the project’s security pages provide no details of what has been fixed; these releases came soon after a Chrome update which closed 13 security holes and took the version number to 17.0.963.56. ...

LifeHacker: Chrome 17 is out with a new pre-rendering feature designed to make your pages load faster, and both Firefox and Opera have also released speedy new versions since our last round of speed tests. So, we’ve once again pitted the four most popular web browsers against each other in a battle of startup times, tab loading times, and more, with more surprising results. ...

The H-Online: Mozilla has released Firefox 10.0.1, Firefox ESR 10.0.1, Thunderbird 10.0.1, Thunderbird ESR 10.0.1 and SeaMonkey 2.7.1 to fix a single critical security hole in the browsers and mail clients which appeared in version 10. The security advisory says that versions previous to Firefox 10, Thunderbird 10 and SeaMonkey 2.7 are unaffected by the use after free problem. The problem was discovered by Mozilla developers and causes a “potentially exploitable” crash in nsXBLDocumentInfo::ReadPrototypeBindings. Updates are available through Firefox, Thunderbird and SeaMonkey’s automatic update system and can be made to install by bringing up the “About” dialogue for the relevant application and selecting the “Apply Upgrade” button when it appears. Firefox and Thunderbird 10 were released at the end of January. ...

gHacks: Mozilla, developers of the popular Firefox web browser, have just released an update for the browser’s stable branch that moves the version to 10.0.1. The release may come as a surprise to users of Firefox 10, who were updated to that version only ten days ago. This is not the first occurrence that a critical update is released shortly after a major version upgrade of the web browser. Similar updates had to be delivered after the release of Firefox 9 and Firefox 8. ...

LifeHacker: Google is releasing a major update to Chrome today that will make browsing the web seem faster and also add security protections. Chrome 17 (17.0.963.46) pre-renders pages in the background when you type in the URL in the omnibox address bar so the site will appear to come up almost instantaneously. Chrome also now scans download executable-s (e.g., “.exe” and “.msi” files) and warns you if it thinks the file is malicious. ...

Google Chrome Wrote: In 2008, we launched Google Chrome to help make the web better. We’re excited that millions of people around the world use Chrome as their primary browser and we want to keep improving that experience. Today, we’re introducing Chrome for Android Beta, which brings many of the things you’ve come to love about Chrome to your Android 4.0 Ice Cream Sandwich phone or tablet. Like the desktop version, Chrome for Android Beta is focused on speed and simplicity, but it also features seamless sign-in and sync so you can take your personalized web browsing experience with you wherever you go, across devices. ...

The H-Online: Adobe has released a public beta of a sandboxed version of its Flash plugin for Firefox in an effort to improve its security. The new “Protected Mode” for Flash, which has been in development for at least a year according to Adobe engineer Peleus Uhley, runs with restricted privileges and, to further limit its access to the system, can only access system resources through a broker. This should help intercept attackers trying to gain access to a system through malicious Flash files. ...

The H-Online: Google plans to turn off online checks for SSL certificate validity in its Chrome browser soon, according to a blog post by Adam Langley, the developer in charge of that element of the browser. Instead, the browser will use the update mechanism to receive lists of revoked certificates. When browsers make a connection, they check whether the certificate presented by the server has already been blocked by the certificate authority, using either the certificate authority’s certificate revocation lists (CRLs) or, directly and interactively, the Online Certificate Status Protocol (OCSP). But that whole process has never been completely reliable, since, if the browser isn’t certain of the validity – if, say, an OCSP request doesn’t work – it simply “looks the other way”. Otherwise, there would be too many false alarms. ...