Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY

Developers at Mozilla declared the availability of Firefox 12 as well as Firefox 13 beta. With these release Firefox also includes more than 85 improvements to built-in developer tools. For example, developers no longer need to reload the page to see messages in the Web Console, and Scratchpad adds Find and Jump to Line commands to the editor. Developers claimed that your experience while updateing Firefox will be easier and better. nstead of asking users for the required privileges via UAC, it now uses the Mozilla Maintenance Service to update program files. Firefox executes the service with system privileges when it is needed and closes it after the update. An Access Control Entry (ACE) in the update service allows Firefox to launch it with system privileges even though the browser itself does not have them.

In Firefox 13 beta we are getting SPDY, the faster alternative to HTTP, has been incorporated in Firefox, but disabled by default, since the introduction of Firefox 11. Firefox 13 will be the first release with it enabled by default. What is new in Firefox 13 Beta:- 

• SPDY Support: Firefox Beta now supports SPDY by default. SPDY is a protocol designed as a successor to HTTP that reduces the amount of time it takes for websites to load. SPDY encrypts all communication with SSL, which makes browsing more secure. Users will notice quicker page load speeds on sites that support SPDY networking.
• Developer Tool Updates: Firefox Beta includes a number of improvements to Web Developer Tools. Page Inspector now allows you to lock in CSS pseudo-classes on inspected page elements and Style Editor now saves CSS files loaded via file:// URLs without prompting to make the workflow for experimenting with CSS much quicker.

To Download Firefox 12 for Windows, Linux & Mac Click Here & For Firefox 13 Beta Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY"https://www.voiceofgreyhat.com/2012/04/firefox-12-13-beta-introduces-simpler.html</a>

Web Browser Grand Prix 5

 

Three major released have landed since our last impromptu Web Browser Grand Prix (WBGP4): Chrome 12, Firefox 5, and Opera 11.50. Can Chrome or Opera regain the WBGP championship? Will Mozilla Firefox ever overtake Microsoft's IE9 in the rankings?
If it seems like it was only weeks ago when we were compelled to test the then-new Mozilla Firefox 4 against the reigning Web Browser Grand Prix champion Microsoft Internet Explorer 9 in Web Browser Grand Prix 4: Firefox 4 Goes Final, that's because it was only a few weeks ago.
In an attempt to curb the siphoning of its user base to Google, Mozilla decided to keep pace with the frenetic development cycle of Chrome. Firefox 5 is now a reality. But will Mozilla also keep up with innovation like Google? Furthermore, will a higher integer finally allow Mozilla to overtake arch-rival Microsoft in our performance metrics? Can former speed-kings Chrome and Opera reclaim the dual domination of our WBGP crown, as they did in 2010?

We've tightened up our suite of benchmarks for this article, cutting the fat that was Google's V8 JavaScript Benchmark and the redundant two-pixel variant of the GUIMark2 HTML5 Vector Charting test. We also fleshed it out by adding Facebook's JSGameBench, as well as battery life and reliability testing. But before we get to the benchmarks, let's get caught up on the latest developments in the continuing browser wars.
Opinions:-

The release of Firefox 5 was met with harsh criticism for its apparent lack of anything new. It has been said that Firefox 5 should have been called Firefox 4.1 or 4.2. Or even 4.02.
There is also a growing concern over whether the new rapid release schedule jives with IT departments. Firefox became a viable choice for many companies during the version 2 and 3 days. Mozilla also offers the preferred development platform for most Web designers. Basically, Firefox gained the reputation of being the most stable choice. By mimicking Chrome's development cycle, Mozilla may have shot itself in the foot.
Smack Talk:-

Microsoft took a shot right across the bow of Google and Mozilla by announcing that WebGL is “harmful,” and that IE10 would not be utilizing the specification. Several experts came out in support of Microsoft's assertion, though it should be noted that Redmond may have a dog in this fight with DirectX.

Attacking Mozilla even further, the Internet Explorer development team sent the Firefox development team a cupcake to celebrate the release of Firefox 5. Mozilla also received cakes from Microsoft for the release of Firefox 3 and 4. Full cakes. Obviously, this is in response to the criticism that Firefox 5 is nothing more than a minor update to Firefox 4. The included note read: "Congratulations on shipping! Love, The IE Team". "Congratulations on shipping" might have been in reference to the frequent delays that plagued Firefox 4, which was eventually made available more than six months late. Now that's a classy way to rag on somebody. Not missing a single opportunity to slam its competition, Microsoft also capitalized on the other major criticism of Firefox 5 when an IE developer boasted Microsoft's commitment to IT.
Mozilla shot back with a blog post addressing the IT issue, although in a very non-concrete way:

"We are exploring solutions that balance these needs..."

Not to be outdone, an Opera employee also had this to say in regard to rapid release schedule:

“Despite the version number (11.50), we've packed a lot of new features into it. While other browsers rush to release whole new version numbers with small tweaks, I think we've kept traditional versioning, while simply releasing a little faster.”Obviously, this comes at an unfortunate time for Mozilla, but one cannot help but wonder if this comment was meant for Google. Opera and Google have gotten into it pretty heavily in the past, and, for a time (before IE9), Chrome and Opera swapped places on a semi-monthly basis in the performance charts.

-News Source (Tom's Hardware)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Web Browser Grand Prix 5"https://www.voiceofgreyhat.com/2011/07/web-browser-grand-prix-5.html</a>

Metro Version Of Firefox Will Available on Windows 8

Metro Version Of Firefox Will Available on Windows 8

There are lots of addition and subtraction is going with the upcoming Microsoft Windows 8 & Windows on ARM.Microsoft's browser rivals to publicly commit to a Metro edition. Microsoft has said it will ship both Metro and traditional desktop versions of Internet Explorer 10. Metro is Microsoft's label for the touch-enabled interface at the center of both Windows 8 and WOA. Windows 8 will run Metro and traditional 32- and 64-bit Windows applications, but WOA will run only those third-party apps designed for Metro. Not only IE but also Firefox will follow the same trend. Mozilla confirms that it will build a "proof-of-concept" version of Firefox for Windows 8's Metro touch-first interface next quarter, then follow that with more functional editions later in the year. Mozilla Said:- "This proposal depends on Microsoft providing the same capabilities for Firefox as it does for IE -- running at the Medium level integrity process that allows us the full use of the Win32 API and what we need from Metro, or a set of APIs that allow Mozilla to port Gecko to the WinRT. For the purposes of this feature proposal, I'm assuming we'll get the first and we won't have to port the bulk of Gecko and instead will use the win32 dlls from within Metro."

Feature Overview:- 

• Windows 8 contains two application environments, "Classic" and "Metro". Classic is very similar to the Windows 7 environment at this time, it requires a simple evolution of the current Firefox Windows product. Metro is an entirely new environment and requires a new Firefox front end and system integration points.

• The feature goal here is a new Gecko based browser built for and integrated with the Metro environment.

• Firefox on Metro, like all other Metro apps will be full screen, focused on touch interactions, and connected to the rest of the Metro environment through Windows 8 contracts.

• Firefox on Metro will bring all of the Gecko capabilities to this new environment and the assumption is that we'll be able to run as a Medium integrity app so we can access all of the win32 Firefox Gecko libraries avoiding a port to the new WinRT API for the bulk of our code. (Though we will need to have a pan and zoom capability for content.)

• We will need to determine if the Firefox front end on Metro will be built in XUL, C/C++, or HTML/CSS/JS (I'm assuming for now that .Net and XAML are off the table.)

• Firefox on Metro is a full-screen App with an Appbar that contains common navigation controls (back, reload, etc.,) the Awesomebar, and some form of tabs.

• Firefox will have to support three "snap" states -- full screen, ~1/6th screen and ~5/6th screen depending on how the user "docks" two full screen apps. Our UI will need to adjust to show the most relevant content for each size.

• In order to provide users with access to other content, other apps, and to Firefox from other content and apps, we'll need integration with the share contract, the search contract, the settings contract, the app to app picking contract, the print contract, the play to contract, and possibly a couple more. We'll be a source for some, a target for some, and both for some.

• We'll need to handle being suspended by the OS when out of view.

• We may want to offer a live tile with user-centric data like friends presence or other Firefox Home information updates

• Ideally we'd be able to create secondary tiles for Web-based apps hosted in Firefox's runtime.

For More Information Click Here

-Source (Mozilla & Computer World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metro Version Of Firefox Will Available on Windows 8"https://www.voiceofgreyhat.com/2012/02/metro-version-of-firefox-will-available.html</a>

Firefox with Bing By Microsoft & Mozilla

Mozilla has teamed with Microsoft to bring more Bing to Firefox. Mozilla and Bing are pleased to make available Firefox with Bing, a customized version of Firefox that sets Bing as the default search engine in the search box and AwesomeBar and makes Bing.com the default home page.  (Existing Firefox users can also make these changes by installing the Bing Search for Firefox Add-on)

Of course, any user of Firefox can go into the browser's settings and make those changes themselves if they want, and there is even a "Bing Search for Firefox" add-on that will do the same. But many users don't mess with their settings too much, which is why Google (the usual default for Firefox) is the most widely used search engine among Firefox users. Google competes with Bing on the search side and Google's Chrome browser competes with Firefox. Microsoft, of course, makes a Firefox rival in Internet Explorer. Mozilla, in a blog post, said that "nearly 20 customized versions of Firefox" are available from its partners, including Bing, Yahoo (which now uses Bing to power its search as well), Twitter and Yandex.

To Download firefox with Bing here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox with Bing By Microsoft & Mozilla"https://www.voiceofgreyhat.com/2011/10/firefox-with-bing-by-microsoft-mozilla.html</a>

Firefox 7 For Windows, Mac, Linux and Android

The latest Mozilla Firefox Beta is now available for testing on Windows, Mac, Linux and Android. This beta includes performance enhancements that improve the browsing experience for users and enable developers to create faster Web apps and websites.

New in Firefox Beta for Windows, Mac and Linux:

• Optimized Memory Use: Reduces memory use and improves performance areas including responsiveness, startup and page load time, even in complex websites and Web apps
• Improved memory management: The JavaScript garbage collector works more frequently to free up memory and improve performance when you have many tabs open or keep Firefox running for a long time
• Enhanced Firefox Sync: Your data syncs faster when a bookmark or password is added or changed
• Azure Direct2D for Canvas: Helps Firefox speed up HTML5 Canvas-based animation rendering
• Web timing spec: Enables developers to measure page load time and site navigation so they can identify how to make website performance improvements
• CSS 3 Text-Overflow: ellipsis: Additional way for developers to display CSS 3 text that overflows the layout area
• Telemetry: Install this add-on and opt-in to report browser performance data and help improve future versions of Firefox

New in Firefox Beta for Android:

• Optimized Memory Use: Reduces memory use and improves performance areas including responsiveness, startup and page load time, even in complex websites and Web apps
• Enhanced Firefox Sync: Your data syncs faster when a bookmark or password is added or changed
• Copy and paste: Copy and paste selected text from mobile websites
• Restored session history and tabs: Firefox restores browsing history and tabs so users can easily return to their previous browsing session
• Language selection: Firefox can detect the language setting on your Android device or allow you to select from more than 10 languages during initial set up

If you already have Firefox Beta installed, you will receive an automated update notification. You can also go to the “About Firefox” menu to apply the update manually.

For Downloading Firefox 7 Beta Click Here

-News Source (Mozila) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox 7 For Windows, Mac, Linux and Android"https://www.voiceofgreyhat.com/2011/08/firefox-7-for-windows-mac-linux-and.html</a>

Firefox 4 vs. Internet Explorer 9: Which is Safer???

The app frenzy is firing the browser wars and accelerating the need for browser development and updates. Chrome seems to update daily, Firefox is getting faster in response and Microsoft is talking IE 10 just IE9 gets fully out of the gate.
Because of the constant changes, it's hard to truly evaluate any given browser on any given day. Even so, there are certain key elements that distinguish one browser from another in terms of security. Here's how two of them, Firefox 4 and Internet Explorer 9, measure up:


Firefox 4
Firefox 4 is packed with security features aimed at resolving common, but difficult-to-avoid attacks such as cross site scripting (XSS), redirects from secure HTTPS webpages to plain old HTTP, and click-jacking.


Firefox 4 uses Content Security Policy (CSP) to quickly identify and block XSS attempts by simply using the server headers to tell it what kind of content to expect and, therefore, which content to block based on its lack of adherence to the server's own CSP.
This beats the heck out of comparing strings from browser and server in the remote hope of preventing XSS. Not only is the string approach akin to matching needles in thousands of remote haystacks, when it did deliver a finding, that finding was usually wrong. Developers often turned off such attempts, as found in IE 8's X-XSS-protection, out of sheer frustration.


However, CSP, though far more efficient, can also give a false positive reading if the website developer fails to sufficiently cover all the features with its policy. Still, CSP beats the string approach hands-down.


Other improvements are equally attractive from a harder to track user-agent header to a do-not-track feature that requires a simple opt-in to enable. However, the do not track feature works on an honor system: the site is notified of your desire for privacy but they don't have to comply with your request.


The strict transport security (STS) feature allows the user to force an HTTPS connection to user chosen sites. For example, the user can force an HTTPS connection-only to Facebook or other social sites thereby avoiding SSL strip attacks on those pages.
Firefox 4 also hides visited links from a hacker. The user still sees a visited link change color but the hacker doesn't. The CSS tweak hides your link viewing in the browser history from prying eyes.



Internet Explorer 9 (IE9)
IE9, says Microsoft, blocked 99 percent of socially engineered malware attacks. If the claim is true, then that's five times more than Firefox. However, both Mozilla and Google contest the interpretation as a definitive competitive edge for IE9 since the type of malware the finding applies to is not a common threat.


It is important to remember too that IE is targeted more often than Firefox simply because of economies of scale. The bad guys know that even people who use Firefox or Chrome often also have IE on their computer and use it at least occasionally. Therefore it makes tons of economic sense for hackers to target it over the competition.


In any case, IE9 is a significant upgrade from previous versions. It appears to run faster too, which is helpful.


Active X can be easily filtered and the user can choose to block or proceed accordingly.
Tracking protection is a new feature that enables users to control what they share. The Tracking Protection List, published by partners PrivacyChoice, TRUSTe, Abine and Adblock Plus, notifies companies if users don't want to be followed. However, just like with FireFox 4, the do not track feature works on an honor system; the site is notified of your desire for privacy but they don't have to comply with your request.
The download manager has an integrated SmartScreen malware protection feature. The Smartscreen Application Reputation cuts down on the aggravation factor as much as it does on security threats. It greatly reduces the number of warning prompts by dropping them entirely from frequently visited sites and warns only when the likelihood of malware is high. The "pinning" feature also helps as it allows users to "pin" frequently-visited and trusted sites to the browser toolbar, which then runs them in their own session. The pinning feature helps prevent HTTPS to HTTP redirects.
IE9 also has improved memory protection to prevent hackers from exploiting memory related vulnerabilities in the browser or any of its add-ons.
And the winner is ...
The consumer!


As of this point, security is no longer a major deciding factor in which browser you should use since both have seriously beefed-up protection. Not that you're totally safe from hackers, but at least these two browsers have finally bolted the doors and locked the windows.


A prolific and versatile writer, Pam Baker's published credits include numerous articles in leading publications including, but not limited to: Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy newspapers. She has also authored several analytical studies on technology and eight books. Baker also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox 4 vs. Internet Explorer 9: Which is Safer???"https://www.voiceofgreyhat.com/2011/05/firefox-4-vs-internet-explorer-9-which.html</a>

DigiNotar Certificate Venerability Patched on Firefox 6.0.2

Firefox 6.0.2 has just come out, adding more protection to that provided by Firefox 6.0.1, which was necessitated by the mess caused by disgraced Dutch web security company DigiNotar.

Firefox 6.0.1 fixed Mozilla Foundation Security Advisory 2011-34, which simply pulled everything to do with DigiNotar from its list of trusted certificates. Loosely speaking, any certificate signed by DigitNotar, or any certificate signed by someone with a certificate signed by DigiNotar, and soad infinitum, was blown out of the water.

Any website with a certificate bought through DigiNotar therefore become untrusted at once. As Mozilla quite bluntly explained in the 6.0.1 update, "sites using certificates issued by DigiNotar will need to seek another certificate vendor." And that's how it should be. A Certificate Authority isn't supposed to make mistakes of this sort - not at all, let alone to this extent.

However, Firefox 6.0.1 exempted from its blockade any certificates signed by the Dutch State itself using its STAAT DER NEDERLANDEN ROOT CA signing certificate. Although tainted by association with DigiNotar, the Dutch public service was apparently convinced that none of the certificates it had issued were affected by any signing irregularities at DigiNotar.

It turned out that the Dutch authorities had not one, but two, Certificate Authorities of its own, and its second root certificate - imaginatively named STAAT DER NEDELANDEN ROOT CA - G2 was not exempted in Firefox 6.0.1. This was reported as a bug, and Mozilla set about adding an additional exemption for certificates signed by this CA. This would have reduced the impact of the Firefox certificate blockade on the web services provided by the Dutch authorities.

In the interim, however, the Dutch government abandoned trust in any of its own certificates, so the Firefox bugfix changed from "exempt the government CA we left out last time" to "remove the exemption for the government CA we exempted last time."

Let's see whether this fiasco causes the Dutch authorities to reconsider modern public service buzzwords such as "cloud" and "outsourcing"!

This sort of step - vigorously disowning everything tainted by DigiNotar - is aggressive but, in my opinion, necessary. Getting into a certification relationship with company X is like buying shares in company X. If the price goes down, all shareholders lose out simultaneously. If the company goes down, you go down with it.  

Brief About DigiNotar :- 

DigiNotar is the former Certificate Authority - or so-called "authority" - which managed to issue more than 500 bogus digital certificates in the name of major web properties such as Facebook, Twitter, Microsoft and Google; in the name of intelligence agencies such as the Mossad and the CIA; and even, it seems, in the name of other certifying authorities.

To Download Firefox 6.0.2 Click Here

-News Source (Naked Security & Mozilla) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DigiNotar Certificate Venerability Patched on Firefox 6.0.2"https://www.voiceofgreyhat.com/2011/09/diginotar-certificate-venerability.html</a>

Firefox Ver 6.0 is Now Available (With Lots of New Features)

Mozilla released Firefox v6.0 on the 16th of August. To know what is new on this version and more information cheek the following statements.  

What’s New in Firefox 6.0:-

The latest version of Firefox has the following changes:

• The address bar now highlights the domain of the website you're visiting
• Streamlined the look of the site identity block
• Added support for the latest draft version of WebSockets with a prefixed API
• Added support for EventSource / server-sent events
• Added support for window.matchMedia
• Added Scratchpad, an interactive JavaScript prototyping environment
• Added a new Web Developer menu item and moved development-related items into it
• Improved usability of the Web Console
• Improved the discoverability of Firefox Sync
• Reduced browser startup time when using Panorama
• Fixed several stability issues
• Fixed several security issues

To see the fixed Bug in this version of Firefox click Here


To download Firefox v6.0 Click Here  

To see the official press release of Mozilla cheek the following Link:-

http://www.mozilla.com/en-US/firefox/6.0/releasenotes/

-News Source (Mozilla) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox Ver 6.0 is Now Available (With Lots of New Features)"https://www.voiceofgreyhat.com/2011/08/firefox-ver-60-is-now-available-with.html</a>

Mozilla Firefox 8 Released With More Add-on Control Features

Mozilla announced today the official release of Firefox 8, a new version of the popular open source Web browser. The modest update introduces a few new features and brings a number of minor improvements to the browser’s underlying HTML renderer. From version 8, when Firefox launches and detects that a new third-party add-on has been installed, the add-on will be disabled by default until approved by the user. When users upgrade to Firefox 8, they will be presented with a one-time dialog for approving previously installed add-ons. Another noteworthy user-facing feature in Firefox 8 is stricter control over side-loaded add-ons. Mozilla is cracking down on third-party applications that install add-ons in Firefox without the user’s knowledge or permission. Such add-ons have caused serious problems for users in the past—like the notoriously buggy Skype toolbar which Mozilla had to remotely disable earlier this year when it caused 33,000 Firefox crashes in one week.

To Download Firefox 8 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mozilla Firefox 8 Released With More Add-on Control Features"https://www.voiceofgreyhat.com/2011/11/mozilla-firefox-8-released-with-more.html</a>

Up-gradation of Firefox 5.0.1 for MAC OS X Has Been Fixed

Mozilla has released version 5.0.1 of Firefox. As previously reported, the maintenance update to Firefox 5 addresses problems with Apple's upcoming Mac OS X Lion operating system that could cause the browser to crash. Firefox 5.0.1 also resolves an issue caused by one of Apple's latest Java updates (Java for Mac OS X 10.5 Update 10) that prevented the Java plug-in from being loaded. Although the release notes mention only changes affecting the Mac OS X version of Firefox, updates to the Windows and Linux versions have also been released.

Further information about the update can be found in the release notes. Firefox 5.0.1 is available to download for Windows, Mac OS X and Linux from the project's web site. Alternatively, users can upgrade to the new versions either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu.

Update: To avoid a crashing problem on the upcoming version of Mac OS X, Mozilla has released an update to the 3.6.x branch of Firefox, version 3.6.19, that disables downloadable fonts when running on Mac OS X Lion. The developers say that they hope to enable them again in a future release. In a post on the Mozilla Developer Center blog, the developers also note that Windows and Linux users "do not need and will not see the update offer" for Firefox 3.6.19 or 5.0.1.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Up-gradation of Firefox 5.0.1 for MAC OS X Has Been Fixed"https://www.voiceofgreyhat.com/2011/07/up-gradation-of-firefox-501-for-mac-os.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

Firefox 7 Released With Better Memory Management, Patches Critical Security Holes

Mozilla released their new version Firefox 7 with lost of new features enabled. The release of Firefox 7 is important because the new version features better memory management and is the first step in Mozilla's long term plan to make the browser more resource friendly. 

Nevertheless, users who upgrade to it will also benefit from improved security as this release fixes six critical and two moderate severity security vulnerabilities.
Four of the critical patches are shared with Thunderbird 7 and address a use-after-free condition with OGG headers, an exploitable crash in the YARR regular expression library, a code installation quirk involving the Enter key and multiple memory hazards.
A moderate severity patch that provides defence against multiple Location headers caused by CRLF injection attacks is also common to both products.
In addition to these patches Firefox 7 also contains fixes for two critical and one moderate severity vulnerabilities, with one of them resulting in a potentially exploitable WebGL crash. It's worth pointing out that Microsoft previously motivated its decision to not include support for WebGL in Internet Explorer by saying that the 3D graphics library opens a large attack surface. So far several serious vulnerabilities have been identified and patched in WebGL, which partially supports Microsoft's assessment, but the library's supporters claim this is no different than with other technologies.
Firefox 7 also updates Websocket, a protocol disabled in the past because of security issues, to version 8, which is no longer vulnerable to known attacks. Unfortunately, Mozilla has not yet developed a fix for a recently disclosed attack against SSL/TLS, despite having worked on the problem since June. Developers are still trying to find a resolution that will break as few websites as possible, but at this point it's not even certain that a fix will be included in Firefox 8.

To download Firefox Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox 7 Released With Better Memory Management, Patches Critical Security Holes"https://www.voiceofgreyhat.com/2011/09/firefox-7-released-with-better-memory.html</a>

The World's Safest Browser: BitBox

There is no such thing as an entirely secure browser. Let's be realistic: You will always need a good portion of common sense and Internet smarts to avoid nasty attacks hijacks.

However, if you are paranoid about security, there is one browser that will reliably protect you from virtually all threats. It's a browser you already know: Firefox 4.0.1. Well, a boxed version of Firefox 4.0.1.
I am not exactly an adventurous Internet user as far as the dark corners of the web are concerned. Just I am not the kind of person to enjoy the silence in a dark alley in Chicago's south suburbs after dawn, I typically avoid websites I don't generally trust. I have had my fair share of spyware, trojans and other malware that caused me quite a bit of headache in the past and I am just more cautious than I was 10 years ago. Yet, that might change. I have just discovered a bulletproof wrapper for Firefox and, at least for now, I don't care that much anymore what is happening below the content the browser shows. There might be lots of malware and I really don't care anymore.
The reason is that I have started using BitBox as my browser for my general work-related tasks. BitBox is essentially a heavily armored version of Firefox 4.0.1 that is encased in Oracle's VirtualBox virtual machine (VM) environment that houses a secured Debian 6 Linux OS. That sounds relatively complicated, but once it is installed, this secure version of Firefox works just like a regular version of the browser. The difference is that it runs in a virtualized environment that is separate from your Windows XP/Vista/7.

The upside clearly is that you are dealing with a self-contained package. If you click on malicious malware, the usual EXE files cannot be executed in your Linux VM. You can download files, but they will not explicitly affect your Windows system and need to be manually moved out of the VM, if you have connected the drives. malware that infects Firefox during your session is automatically deleted the next time you start BitBox, as it always starts with its default configuration in the way it was installed. However, phishing attacks that target your personal data and may trick you in providing critical information will still require some common sense not to do so and will not protect you from the effects of such actions.
There are a few downsides. First, it is a hefty 990 MB download and the installed software will require almost 2 GB of space, as there is a need for Oracle's VirtualBox that is included in the package as well as a Debian 6 installation. Since the software is set back to a default level at every time it starts, it is not the most convenient browser to be used on an every day basis for the consumer. The deal breaker is its language. The software was developed for the German government and while it is available as a free download, it is only available in German. Unless you have basic knowledge of German, the installation will be a hurdle too high to overcome and even then it may be rather uncomfortable to be generally used.
The installation of the entire package is documented via PDF file and is somewhat straight forward, but some knowledge about virtual machines and virtualization in general does help when the individual components of the software are installed. In the end, you really want to know what is happening on your PC and you would want to know what effects a configured virtual drive on your PC has. Other than that, I was able to install BitBox within 15 minutes, once it was downloaded. The only criticism I would have is that developer Sirrix is not using the most recent version of Oracle's Virtual Box software (4.04 vs. 4.06). Custom configuration options include a specific download folder as well as a separate malware scanner as well as random root passwords for the virtual machine and proxy settings. During the installation, the software installs a Linux guest (Firefox) inside Virtual Box. Typically you would run the software form within VirtualBox, but Sirrix has managed to trim down the entire process to a single icon on the desktop.
I briefly mentioned it - this is not a browser to get deeply emotional about and discuss its performance features, but the concept is very compelling as far as browser safety is concerned. Plain browsing tasks make a lot of sense in such a package. In fact, I wonder, why such versions aren't offered by Mozilla and Google as well as Opera and Microsoft by default. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">The World's Safest Browser: BitBox"https://www.voiceofgreyhat.com/2011/05/worlds-safest-browser-bitbox.html</a>

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

In the official blog post Mozilla confirmed that they have blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. "The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer. This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms. Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied."- Said Mozilla
Unlike Google's Chrome browser, which has a feature specifically aimed at disabling outdated plug-ins, Firefox relies on Mozilla developers deciding which plug-ins pose a risk to users. However, users retain the choice of preventing those plug-ins from being disabled. The Firefox blocklist has rarely been used to disable plug-ins from big software vendors like Oracle, but precedents do exist. In October 2009, Mozilla decided to add Microsoft's Windows Presentation Foundation (WPF) plug-in to the Firefox blocklist after Microsoft revealed that it had a vulnerability.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist"https://www.voiceofgreyhat.com/2012/04/mozilla-put-older-vulnerable-versions.html</a>

Mozilla Released Firefox 9, JavaScript Performance Improved

Earlier we have talked about Firefox 8, 8.0.1 & Firefox 9 Beta. Now one of the world's most common and popular web-browser Firefox has its version 9.0.  Based on the Gecko 9.0 rendering engine, Firefox 9.0 brings under the hood changes that improve JavaScript performance by up to 30%. Type inference, a new feature in this release, provides the browser's just-in-time compiler (JIT) with reliable information on variable types. This enables it to generate more efficient code which does away with many of the runtime checks which were previously required because variables in JavaScript are dynamically typed. The algorithm developed by Mozilla's programmers is described in detail in Fast and Precise Hybrid Type Inference for JavaScript. It uses conventional static code analysis as its starting point, but adds in dynamic aspects using "type barriers", at which the JIT compiler checks a variable's current type and modifies the generated code where appropriate.

More details about this update, including a list of bug fixes, can be found in the release notes and on the Firefox 9 for developers page. 

To Download Firefox 9 Click Here

  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mozilla Released Firefox 9, JavaScript Performance Improved"https://www.voiceofgreyhat.com/2011/12/mozilla-released-firefox-9-javascript.html</a>

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2"https://www.voiceofgreyhat.com/2012/11/MozillaFixedXSSReleasedFirefox16.0.2.html</a>

Firefox 4 Supports Content Security Policy

Content Security Policy is a standard developed by Mozilla designed to protect against cross sitescripting (XSS) attacks. Cross site scripting attacks use vulnerabilities in websites to inject JavaScript code into pages or urls of that site. The injected JavaScript code is then executed when visitors open a specifically prepared link or page on the website. Attacks can have serious consequences, it may for instance be possible to steal cookies from users to impersonate them on the site.

Content Security Policy has been in development for quite some time.. The basic idea behind the standard is to give webmasters a tool at hand to whitelist JavaScript, and other objects and files, that may be executed on the site. This implementation blocks all JavaScript code that is executed on the site and not in the list of allowed sites, which means that attackers cannot exploit possible XSS vulnerabilities on the website or server.

A browser supporting CSP ignores code that is not in the whitelist. Browsers who do not support CSP ignore the policy.

Content Security Protection for Users

CSP is currently only supported by Firefox 4, Thunderbird 3.3 and SeaMonkey 2.1. You can test the functionality by visiting this test page.

Twitter recently announced that they have added CSP to their mobile version, accessible under mobile.twitter.com. Users who use one of the aforementioned browsers are protected from XSS attacks on that website.

The engineers on Twitter removed all JavaSCript from code and implemented the CSP header. They then restricted the header to Firefox 4 users and created a rule set to allow JavaScript from their assets. This included the content deliver network used to deliver stylesheets and user profiles.

Unexpected issues were encountered by the developers. They noticed for instance that some Firefox add-ons were inserting JavaScript on page load, which triggered a threat report. The Twitter engineers noticed furthermore that some ISPs inserted JavaScript code or altered image tags for caching reasons.

They managed to resolve those problems by mandating SSL for all Firefox 4 users who access the mobile Twitter web site.

A test with Firebug shows that the mobile version of Twitter is indeed using the policy on site. Please note that Twitter makes a user agent check and is very restrictive about it. Firefox 5 or Firefox 6 users won’t get the policy currently.

Content Security Protection for Webmasters

Webmasters may have some work at hand to add support for CSP to their website. JavaScript code that is directly embedded in documents will not be executed anymore, which has several implications. Webmasters need to move the code to external JavaScript files.

Policies are specified with the X-Content-Security-Policy header. The header X-Content-Security-Policy: allow ‘self’ *.ghacks.net for instance allows JavaScript to be loaded from ghacks.net and all subdomains of ghacks.net.

The using CSP guide on Mozilla offers additional examples on how to set the right headers.

Browsers that do not support CSP ignore the header.

CSP offers two additional forms of protection. It mitigates clickjacking attacks. Clickjacking refers to directing a user’s mouse click to a target on another site. This is often done by using transparent frames on the original website.

Content Security Policy can also be used to mitigate packet sniffing attacks, as it allows the webmaster to specific protocols that are allowed to be used. It is for instance possible to force HTTPS only connections.

The CSP Policy directives are accessible here on Mozilla.

Next to the already mentioned options are parameters to specific hosts where images, media files, objects or fonts may be loaded from.

Plugins are available for WordPress and Drupal that add the policy to supported websites automatically when activated.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Firefox 4 Supports Content Security Policy"https://www.voiceofgreyhat.com/2011/05/firefox-4-supports-content-security.html</a>