Firefox

The H-Online: Adobe has released a public beta of a sandboxed version of its Flash plugin for Firefox in an effort to improve its security. The new “Protected Mode” for Flash, which has been in development for at least a year according to Adobe engineer Peleus Uhley, runs with restricted privileges and, to further limit its access to the system, can only access system resources through a broker. This should help intercept attackers trying to gain access to a system through malicious Flash files. ...

The H-Security: Following the release of new versions of its open source Firefox web browser, Thunderbird email client and SeaMonkey suite, Mozilla has detailed the security fixes included in each of the updates. According to the project’s Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as “Critical” by Mozilla. The critical issues include an exploitable crash when processing a malformed embedded XSLT stylesheet, potential memory corruption when decoding Ogg Vorbis files, XPConnect security checks being bypassed by frame scripts, a use after free error in child nodes from nsDOMAttribute and various memory safety hazards. These vulnerabilities could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. ...

mozillalinks.org: Do you need the forward button? Most likely yes, but it is rarely used compared to the back button, which is the single most used widget in any browser user interface. So it doesn’t make sense to keep it present at all times, stealing focus from its helpful neighbor. To address this, current Firefox nightlies feature the forward button as optional. If there is nowhere to go further, the button is hidden instead of just disabled as shown in the screenshot below. ...

Mashable: Internet Explorer can no longer claim more than half of the web’s traffic, as of October, ending more than a decade of the default Microsoft browser’s reign. Safari’s hold on 62.17% of mobile traffic has reduced IE’s overall share of web browsing, despite still claiming 52.63% of desktop traffic, according to Netmarketshare.com. The Microsoft browser’s diminishing share (49.6%) reflects its near absence from the realms of mobile and tablet, which now make up 6% of web traffic. However, chances are, you gave up on IE long enough ago that this milestone makes you more curious as to who actually still uses the browser. ...

Mozilla Security Blog: Mozilla just released an update to Firefox for Desktop, Thunderbird and SeaMonkey. Updates are now available for: Firefox for Windows, Mac and Linux (final release) Firefox for Windows, Mac and Linux (3.6.21 final release) Firefox Aurora for Windows, Mac and Linux Firefox Nightly for Windows, Mac and Linux SeaMonkey (2.3.2) Thunderbird (6.0.1) We strongly recommend that all users upgrade to these releases. If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. Users can also manually check for updates if they do not want to wait for the automatic update. ...

gHacks: One “by-product” of the rapid release cycle of the Firefox web browser is the version number increase that goes along with every new release of the web browser. Firefox this year jumped from Firefox 3 all the way to the latest version Firefox 8, and we are not even at the end of the year. Mozilla interestingly enough plans to hide the version number in the Firefox web browser. Asa Dotzler added an entry to Bugzilla to remove the version of the browser from the about Window dialog in the browser. ...

Mashable: Firefox 6 isn’t scheduled to be released until Tuesday, but Mozilla has uploaded installation files to a FTP server for those who want to get their hands on the upgraded browser early. Although the new version doesn’t sport any major UI changes, the browser is reportedly 20% faster than Firefox 5. Startup time has been improved, especially for those with lots of tabs and groups. Users can now determine whether they want to load their tab groups when launching the browser, or load them within the Panorama grouping tool. ...

H-Online: Security specialist Sophos reports that it has discovered new spam email messages that claim to be an advisory related to an update to the open source Firefox web browser. The fake advisory asks users to update their Firefox installations, “for security reasons”, and includes a download link to the supposed update. According to Graham Cluley of Sophos, the download leads to an executable file that bundles an installer for the Windows version of Firefox 5.0.1 and a password-stealing trojan (Troj/PWS-BSF). As noted by Cluley, users should always exercise caution when clicking on links in emails. ...

Mozilla Links: Mozilla has announced that it will release the first update for Firefox 4 on April 26, about a month after the original release, back in March 22. New with this release is that Mozilla will start using code names (somehow related to the main branch codename, in this case Tumucumaque) for udpates as well, as a way to help developers that follow Firefox development closely, more clearly understand what is coming when. ...

Symantec Connect: Not only Facebook is adding new and interesting features to its toolbox; spammers and scammers in Facebook are, too. Currently there is a scam making rounds using a classic “who is viewing your profile” themed bait. So far – nothing new. After the user grants the application the requested privileges, which of course will send out the above mentioned spam posts to all his or her friends, the user gets redirected to a download instruction site. There he or she is asked to download the Firefox browser and then install a popular Firefox extension which allegedly gets downloaded over 27,000 times per week. This simple tweak should generate a new menu entry in Facebook which would then show user statistics. ...