First discovered vulnerability in Firefox 3.5

Mozilla has a leak in its latest Firefox browser confirmed. Version 3.5 contains a bug that allow third parties to take over the computer.

The hacker who discovered the exploit did so through the tracking system of the server program Bugzilla. The error is in the Trace Monkey JavaScript component that was introduced in Firefox 3.5, Mozilla reported. According to the company code can be activated once the browser to an infected page is surfing, a so-called "drive-by download". Mozilla says that the hacker who leak to the outside brought not the first time. According to the company were the developers of Firefox bug last Thursday when they discovered themselves faced with incorrect code.

The Danish security company Secunia called the leak "critical". Exploitable in its ranking system on-a-second-highest label given. The company adds to the description of Mozilla now that it is a leak in the handling of fonts in HTML by Trace Monkey in 'font tags.


"The Mozilla developers are working on a solution. Once a fix is, there will be as soon as possible a Firefox update is released, notify Mozilla. Until then, users of Firefox 3.5 operating around the "just-in-time (JIT) component of Trace Monkey off. This is done by "about: config", type in the address bar of the browser, then "javascript options, JIT content" double-clicks and the value of the key to "false" to continue. Even the popular NoScript add-on for Firefox prevents operating the computer can be turned.

The patch for the vulnerability is now on the nomination to be included in Firefox 3.5.1. This update was planned for the last weeks of July, but by the publication of Bugzilla forward. Even Internet Explorer has leak

Earlier this week, the biggest competitor to Firefox, Microsoft Internet Explorer, again affected by a leak in the Active X component system. Even Microsoft has not released a patch for its security problem exists, which some security experts forces for an alternative browser to select reports The Register. If researchers choose the Security Institute SANS Internet Storm now for Opera, Safari or Google Chrome.

Why is Mozilla Firefox a good web browser?

Mozilla Firefox is a free web browser, which provides a safer, faster, better way to surf the Internet and display web pages the way they intend to, because there is no follow-up to the official website of the Firefox standard. Firefox also gives you more room for web browser, so you can view more pages do not scroll. Show more clearly the text in Firefox.


Firefox can import your existing settings from Internet Explorer. Import Wizard will be one when you install Firefox (and renewable), it can import (copy it to Firefox) on your collection, preferences, history, cookies, stored passwords and other data.


How do I install Mozilla Firefox?

Mozilla Firefox browser software can be installed to run Edskes silent install Mozilla Firefox browser first.

From the silent Edskes software installed Mozilla Firefox browser is very easy:

1. Click Edskes software silent install for Mozilla Firefox.
2. Click to run (usually twice).
3. Choose your preferred language and click OK.
4. Close your web browser (such as always).
5. From now on, everything will automatically (this may take a few minutes).
6. You will be asked to import (copy it to Firefox) settings.
7. Firefox will start, you'll see the way the site should be.

Mozilla wants to XSS vulnerabilities-block

Cross-Site Scripting (XSS) attacks have been a scourge on the Web, including well-known and popular websites. Mozilla has the last year on a technology for these attacks to stop: Content Security Policy


Cross-site scripting attacks are possible because all browsers JavaScript code and other content on a webpage in the same security context execution. The Content Security Policy (CSP) Mozilla provides a mechanism for sites to tell the browser what content is legitimate. Any script that is not accepted by the website, is blocked by the browser.

Mozilla's proposal requires that all JavaScript on a web page to external files to be moved, CSP can not be distinguished from legitimate scripts injected or modified JavaScript code in the page. Inline scripts, Javascript urls and HTML attributes that will handle events CSP therefore ignored. Only JavaScript code via a tag referring to a url on a host that has been approved by the site will be carried out. A protected website can also display a warning if a CSP XSS attack is blocked. A detailed description of the possibilities can be found in the CSP specification.

While websites should therefore be adapted to support CSP, it may happen in stages. The Mozilla Security Team has many sites and proved to be no site met that could not be adjusted. There will be documentation of best practices for a site to migrate to CSP. A reassurance that the policy is also fully backwards compatible: it has no effect on websites or web browsers that do not support the specification.

Firefox 3.5 is available

This is the day for the Mozilla Foundation. After a few weeks late and online three Release Candidate, Firefox 3.5 final version is already available for all people or all languages.

Evolution of the major red panda, this new version is expected to meet the offensive of Microsoft with its Internet Explorer 8 or 4 Safari and Opera 10.


HTML5

The innovations announced are many (even if they concern primarily the engine of the browser and not necessarily the user functions):

Firefox 3.5 is expected to be faster with TraceMonkey JavaScript engine to boost including navigation and viewing of web 2.0 applications. The application will also propose a new HTML rendering engine (Gecko 1.9.1), again allowing more speed.

JSON and Web Workers will be supported natively. Furthermore, this new version will include audio and video tags from the HTML5.

From the user side, no significant changes noted on aesthetics but the integration of a navigation mode that will allow private surfing without leaving a trace (a function already present in IE8). Firefox 3.5 also offers "floating tabs" that allow you to switch easily from one window to another and managing favorite rewritten.

Thunderbird fix seven security flaws

The Mozilla developers have a new release of the Thunderbird e-mail delivered. It is a security update that resolves seven holes, most of them in the recent update of Firefox 3.0.11 are solved.

Thunderbird 2.0.0.22 solves first an error on which the developers a large impact. When a user multipart / alternative e-mail sites with a text / enhanced component may Thunderbird crash, possibly operating as a result.

Furthermore, there are four errors resolved with an average impact. There were two errors that JavaScript code on a page with higher privileges running. By default, Thunderbird is not vulnerable unless the user is an add-on installed and JavaScript enabled in e-mails has. Two other errors also abuse of JavaScript and the e-mail program to crash, potentially exploitable to.

The last two errors have a low impact, according to Mozilla. Users who have configured a proxy and JavaScript enabled, so the victim of malicious code when an SSL connection. Finally, an Adobe Flash file via the view-source schema is loaded circumvent restrictions. But that only works if the user has plugins enabled in e-mails.

The Mozilla developers advise users of Thunderbird strongly to upgrade to version 2.0.0.22. The release notes show a list of changes. In Thunderbird 1.5.0 is no longer supported and contains known security flaws version. A general council that the developers give is never JavaScript in Thunderbird on.

Firefox 3.5: the RC1 is available

Firefox 3.5: the RC1 is available RC 1 of the new version of Firefox is available for download.
To correct the last 10 bugs its release was postponed Mozilla said last week.

Firefox 3.5 Beta 4 is the sixth development milestone and fourth beta release of Firefox 3.5, the next version of the Firefox web browser. Users of the latest released version of Firefox should not expect all of their add-ons to work properly with this beta.


Two strengths

It also incorporates a address bar "intelligent", to find a link just by typing a few letters, the new download manager or the anti-phishing tool improved.

However, the general did not look too promising when we evolved an adaptation to the design of the operating system (Vista, XP, Mac, Linux).

But the two real strengths of Firefox 3 is undoubtedly the speed of page display, and especially its low memory consumption.

New feature in Firefox 3.5

Firefox 3.5 Beta 4 is based on the Gecko 1.9.1 rendering platform, which has been under development for the past 10 months. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use, and adding new features:-

It is available in 70 languages.

Improved tools for controlling your private date, including a Private browsing mode.

Besides the native support for JSON (format data), tags

Windows Internet explorer 7 with: Mozilla is waiting for clarification.

Technology - The CEO of the Mozilla foundation, John Lilly, it is too early to tell whether Microsoft's decision will have effects on the browser market. The publisher has so far provided any details about the removal of Windows Internet Explorer 7.

Within the Mozilla Foundation, is preferred, for now, reserve his opinion on the decision by Microsoft to remove Internet Explorer 7 Windows 8. In an internal mail, CEO, John Lilly, is clearly nonplussed by the effect of announcement of the firm of Redmond.

"It is impossible to assess what this announcement means that both Microsoft does not -completely and in detail- all the advantages and brakes fro OEM windows. Otherwise, it is not possible to know if Microsoft does not give a hand to take the other. And more, it is impossible to say whether this has an impact beyond the change in the technical process of installing the manufacturers, and if it makes it more difficult for users to migrate to windows 7 "he says..

Or by removing Internet Explorer 8, Microsoft announced an edition E Windows 7 (Vista, always shipped with IE is not affected). An E, which reminds the N version of windows xp. Moreover, given the close commercial ties between Microsoft and PC manufacturers, it will certainly difficult for publishers competing browsers to be treated fairly.

The software pre-installed on a computer generally by a commercial agreement with manufacturers. Difficult for the publishers, except perhaps Google and Apple, to negotiate contracts for multi-million dollar deal with Microsoft.

An acceptable solution for all browsers would therefore by a European Commission decision applies directly to builders. It is considered one of the tracks, which would result in the obligation for manufacturers to propose, at the first connection to the Internet, choose your browser from a list of software.