Browser

Almost one year ago, we’ve gotten a glimpse of the next major iteration of Firefox, at least when it comes to its gorgeous new visuals. Now, however, Mozilla’s Mike Beltzner has shared a presentation that reveals quite detailed plans for Firefox 4. HTML5 and CSS support are mentioned, as well as faster operation, a greater focus on security and stability, new developer tools, and a lot of personalization options. Furthermore, from the screenshots embedded in the presentation, we can see that the visuals from one year ago haven’t changed much, although most menu items (the home button, for example) are positioned differently. ...

For the first time, Microsoft’s share of the browser marked has slipped below 60 percent, according to figures from Net Applications, a Aliso Viejo, Calif., web app and metrics firm . Browser market share: Microsoft — 59.95 percent Mozilla’s Firefox — 24.59 percent Google Chrome — 6.73 percent Apple’s Safari — 4.72 percent Opera — 2.30 percent. Story Here.

Apple has been challenging Google on many fronts this week — first with its mobile platform, then with its advertising platform. Earlier today, its developers launched the first volley in the battle’s third front, releasing the first public code for the next WebKit rendering and processing kernel that will likely drive the Safari 5 browser. With Google Chrome using a reworked form of WebKit, the Apple team did something that perhaps any other free and open source developer would be publicly stoned for doing, but which Apple might just have the savvy to get away with: It openly one-upped another developer’s open contribution. ...

An interesting and unknown feature used by sysadmins around the world in some large corporate networks is the use of proxy-auto config (pac) files. This benign feature is accepted by all modern browsers and is described in detail here. It contains a function to redirect your connection to a specific proxy server. Unfortunately this simple and smart proxy technique are being largely used by brazilian malware writers to redirect infected users to malicious hosts serving phishing pages of financial institutions. A .pac script URL is configured in the browser, in the field “Use automatic configuration script”: ...

Chrome’s share of the browser market is growing at a breakneck pace, according to data from Net Applications. Between February and March, Google’s browser rose to capture a full 6.1% share of the market, maintaining its lead over browsers such as Safari and Opera and closing the gap between Firefox, which currently holds a 24.5% share. While most browsers rose a fraction of a percent, Microsoft’s Internet Explorer continued to decline, losing almost a whole percent over the past month alone. ...

Virus Bulletin is reporting that a recent survey it conducted found that about one out of five people are still using the dangerously-out-of-date version six of Microsoft’s Internet Explorer. There are probably a number of reasons for this: — They are using IE6 at work with legacy systems that require IE6 (or IT never got around to updating the company’s browsers.) — They are using IE6 at home and don’t know that IE6 is frighteningly insecure. — They are using IE6 at home and don’t know that there is such a thing as an update to browser software. — They are using IE6 at home and don’t know there is such a thing as computer security. ...

Tom Gallagher, senior security test lead with Microsoft’s Trustworthy Computing group, was extensively quoted in news stories today as he described how his group found 1,800 software flaws in Office 2010 by running millions of “fuzzing” tests. According to ComputerWorld, “Microsoft was able to find such a large number of bugs in Office 2010 by using not only machines in the company’s labs, but also under-utilitized or idle PCs throughout the company. The concept isn’t new: The Search for Extraterrestrial Intelligence (SETI@home) project may have been the first to popularize the practice, and remains the largest, but it’s also been used to crunch numbers in medical research and to find the world’s largest prime number. ...

Mozilla.org has made public a report that says its Firefox browser has 30 percent market share worldwide. Assuming it’s true, that is a six percent increase since a news story last November. The Mozilla Metrics report 1Q2010 says the browser has 39.2 percent penetration in Europe (152.7 million users) and 29 percent in the U.S. (100 million users.) Mozilla claims 350 million users worldwide. Adoption is quickest in Russia (20 percent increase in the first quarter) the report said. ...

In the Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, Canada, security researchers and hackers quickly hacked three of the major browsers to take control of the underline operating systems. — A German hacker who goes by the handle “Nils” used a previously unknown vulnerability in Mozilla’s Firefox to gain control of a 64-bit Windows 7 machine. — Peter Vreugdenhil an independent researcher from the Netherlands, used several vulnerabilities in Internet Explorer to take control of a machine running a patched 64-bit Windows 7 implementation. ...

Mozilla Foundation has released version 3.6.2 of its Firefox browser a week early. The group had said the update would be available March 30. The update fixes a widely reported vulnerability (CVE-2010-1028) that prompted Germany’s CERT to advise Web users to switch to another browser until a fix was made. (My blog post “Germany’s CERT warns against Firefox use” ) Intevydis researcher Evgeny Legerov had found that Wide Open Font Format decoder in Firefox had an integer overflow in its font decompression mechanism. The flaw involved a memory buffer that was too small to handle a downloadable font. Legerov had found that exploiting the vulnerability could crash a victim’s browser making it possible to run arbitrary code on the system. ...