Archive for the ‘Firefox’ Category

Mozilla have pushed out an urgent Firefox 3.6 update, which closes a critical security issue.

It’s the only change for Firefox 3.6.3, which closes a hole that could potentially allow remote code execution after a user visits a site with the infected code.

Full details for Firefox 3.6.3 can read in the release notes, including more detailed information about the fixed security issue.

Firefox 3.6.x users will receive a notification from the browser when it is ready to be updated, or  it can be downloaded directly from the Firefox website.

Tags: , , , , , Categories: Firefox Comments Off on Firefox 3.6.3 released

After day 1 of Pwn2Own, web browsers appear to have taken a big hit, but Google’s Chrome appears to have come out unscathed.

It didn’t take long, with Safari 4 on Mac OS X Snow Leopard the first victim thanks to the work of Charlie Miller. Millers set up a remote exploit at a web site through which a conference organisers MacBook was taken control after surfing to it.

Internet Explorer 8 on Windows 7 was next, with a similar exploit allowing Peter Vreugdenhil to take control of an organisers laptop once they browsed to a website with the infected code.

Firefox 3 was also exploited on Windows 7 using a memory corruption vulnerability, with another exploit that allows a remote attacker access to a users PC.

Both Opera and Google Chrome were not hacked, with Charlie Miller stating “there are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.”

All systems were patched and updated to their latest versions, with the exploits used to remain a secret until browser makers can update their browsers.

Tags: , , , , , Categories: Chrome, Firefox, Internet Explorer, Safari Comments Off on Safari, Firefox, and IE hacked at Pwn2Own

Mozilla has announced that they are stopping development for Firefox on Windows Mobile devices.

The announcement is no surprise, with the announcement of Windows Phone 7 series expected to limit the device to just Internet Explorer on it’s mobile devices, much like Apple has done with it’s iPhone.

“We have been building a version of Firefox for Windows Mobile for quite a while, with the expectation that Microsoft would be doubling down in the mobile market and hoping that they would put out a great new mobile operating system” wrote Mozilla Mobile Team Technical Lead, Stuart Parmenter.

“While we think Windows Phone 7 looks interesting and has the potential to do well in the market, Microsoft has unfortunately decided to close off development to native applications.  Because of this, we won’t be able to provide Firefox for Windows Phone 7 at this time” continued Parmenter.

All hope isn’t totally lost, with Parmeter adding “while I hope that we do see Microsoft provide us with a way to build Firefox for Windows Phone 7, we will continue to focus on the things that we can control: building a great consumer product on both Android and Maemo.”

Mozilla have released an update for Firefox 3.6 users, taking the browser to version 3.6.2.

The latest update fixes several security issues, one of which is rated as critical, the highest on the Firefox security severity scale.

A full list of changes can be read in the release notes.

Existing users are strongly urged to accept the update when their browser prompts them in the next 2-3 days, or alternatively, Firefox 3.6.2 can be downloaded from the Firefox website.

Tags: , , , , , Categories: Firefox Comments Off on Firefox 3.6.2 released

Mozilla is hard at work on the next version of Firefox, and the latest alpha builds include out-of-process support for plugins.

“Plugins such as Flash and Silverlight run in a separate process from the browser. If a plugin crashes it will not crash the browser, and unresponsive plugins are automatically restarted” said an announcement from Mozilla.

Currently, out-of-process support is only available on Windows and Linux versions, with Mac support still under development. This is only the first step, with each tab also expected to be moved to it’s own process in time, much like rivals Internet Explorer and Chrome have already done.

You can download the new test version of Firefox from the Mozilla Developer News Blog.

Microsoft has begun testing of its new browser ballot screen for European Union countries.

The ballot screen, which can be seen at http://www.browserchoice.eu/, lists the 5 major browsers in a random order, followed by 8 lesser known browsers also in a random order.

Early testing by DSL.sk shows the ballot screen might not be as random as once thought, with testing showing that the screen appears to favour Google’s Chrome, while IE shows the least amount of favouritism.

These results could be an anomalie however, and may differ with further testing.

A Windows Update is available for download for Windows XP, Windows Vista, and Windows 7 users in United Kingdom, Belgium and France.

Private browsing will now extend to the Flash plug-in with Flash Player 10.1 Adobe have announced.

“Integrating with your web browser, Flash Player 10.1 will automatically clear stored data in accordance with your browser’s private browsing settings” said Adobe Engineer Jimson Xu.

Flash Player 10.1 supports private browsing with Internet Explorer 8+, Mozilla Firefox 3.5+, and Google Chrome 1.0+, with Apple’s Safari 2.0+support coming soon.

Missing from this list is Opera, which has only recently included private browsing in the latest 10.50 alpha release.

Adobe Flash Player 10.1 is currently in Beta and is expected in the first half of this year. Beta 2 can be downloaded from Adobe Labs.

Tags: , , , , , Categories: Chrome, Firefox, Internet Explorer, Opera, Safari Comments Off on Flash Player 10.1 supports private browsing

Mozilla appears to have let it’s guard down, with a Firefox add-on that included a Trojan that could allow remote access to a users PC.

Two add-ons were affected; Master Filer which was infected with a password-stealing Trojan called Win32.LdPinch.gen, and Sothink Web Video Downloader which was infected with a backdoor Trojan called Win32.Bifrose.32.Bifrose.

Mozilla has issued a statement:

“If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.”

Mozilla believe only 4,600 people are infected after downloading these add-ons.

How these add-ons made it online is unknown, as Mozilla scans all add-ons for viruses before they are approved. Mozilla now plans on using two different malware detection tools to try and stop this issue from reoccurring in the future.

Tags: , , , , Categories: Firefox Comments Off on Firefox add-on included Trojan virus

Mozilla’s Stephen Horlander has been hard at work, working on tab animations for the next version of Firefox, Firefox 4.0. The aim is to improve the user experience.

“One area that animation would be very beneficial is with tab interactions. Specifically moving/arranging tabs on the tab strip, closing/opening tabs and tearing off tabs into new windows. Presently the feedback here isn’t as good or as elegant as it could be” said Horlander.

“Some of the goals for animation are to make browsing feel faster, adding visual affordances that makes tasks more understandable and to make the browser more visually appealing. There is much more detail on the Wiki articles linked above. My goal was to quickly demo how this would actually look and feel because still images and wireframes can only convey so much.”

Below is am image preview of what it might look like when opening a new tab.

Video’s of the preview tab animations can be found in Horlander’s blog post.

Time appears to slowly be running out for Microsoft’s Internet Explorer 6 (IE6), as Google has announced plans to drop support for the browser in its Google Sites and Google Docs applications.

“Many other companies have already stopped supporting older browsers like Internet Explorer 6.0 as well as browsers that are not supported by their own manufacturers” said Google Apps Senior Product Manager Rajen Sheth.

Not to feel left out, Google is also dropping support for Firefox 2, Chrome 3, and Safari 2.

“While you’ll still be able to access these Google applications, newer features may not be available and some features may even stop working” said Sheth.

Support for these older browsers is due to end on March 1st. Web users are urged to upgrade their web browsers before this time.