Showing posts sorted by relevance for query Mozilla Firefox. Sort by date Show all posts
Showing posts sorted by relevance for query Mozilla Firefox. Sort by date Show all posts

Web Browser Grand Prix 5

Posted by Avik Sarkar On 7/07/2011 06:20:00 pm

 
Three major released have landed since our last impromptu Web Browser Grand Prix (WBGP4): Chrome 12, Firefox 5, and Opera 11.50. Can Chrome or Opera regain the WBGP championship? Will Mozilla Firefox ever overtake Microsoft's IE9 in the rankings?
If it seems like it was only weeks ago when we were compelled to test the then-new Mozilla Firefox 4 against the reigning Web Browser Grand Prix champion Microsoft Internet Explorer 9 in Web Browser Grand Prix 4: Firefox 4 Goes Final, that's because it was only a few weeks ago.
In an attempt to curb the siphoning of its user base to Google, Mozilla decided to keep pace with the frenetic development cycle of Chrome. Firefox 5 is now a reality. But will Mozilla also keep up with innovation like Google? Furthermore, will a higher integer finally allow Mozilla to overtake arch-rival Microsoft in our performance metrics? Can former speed-kings Chrome and Opera reclaim the dual domination of our WBGP crown, as they did in 2010?
We've tightened up our suite of benchmarks for this article, cutting the fat that was Google's V8 JavaScript Benchmark and the redundant two-pixel variant of the GUIMark2 HTML5 Vector Charting test. We also fleshed it out by adding Facebook's JSGameBench, as well as battery life and reliability testing. But before we get to the benchmarks, let's get caught up on the latest developments in the continuing browser wars.
Opinions:-

The release of Firefox 5 was met with harsh criticism for its apparent lack of anything new. It has been said that Firefox 5 should have been called Firefox 4.1 or 4.2. Or even 4.02.
There is also a growing concern over whether the new rapid release schedule jives with IT departments. Firefox became a viable choice for many companies during the version 2 and 3 days. Mozilla also offers the preferred development platform for most Web designers. Basically, Firefox gained the reputation of being the most stable choice. By mimicking Chrome's development cycle, Mozilla may have shot itself in the foot.
Smack Talk:-

Microsoft took a shot right across the bow of Google and Mozilla by announcing that WebGL is “harmful,” and that IE10 would not be utilizing the specification. Several experts came out in support of Microsoft's assertion, though it should be noted that Redmond may have a dog in this fight with DirectX.

Attacking Mozilla even further, the Internet Explorer development team sent the Firefox development team a cupcake to celebrate the release of Firefox 5. Mozilla also received cakes from Microsoft for the release of Firefox 3 and 4. Full cakes. Obviously, this is in response to the criticism that Firefox 5 is nothing more than a minor update to Firefox 4. The included note read: "Congratulations on shipping! Love, The IE Team". "Congratulations on shipping" might have been in reference to the frequent delays that plagued Firefox 4, which was eventually made available more than six months late. Now that's a classy way to rag on somebody. Not missing a single opportunity to slam its competition, Microsoft also capitalized on the other major criticism of Firefox 5 when an IE developer boasted Microsoft's commitment to IT.
Mozilla shot back with a blog post addressing the IT issue, although in a very non-concrete way:

"We are exploring solutions that balance these needs..."

Not to be outdone, an Opera employee also had this to say in regard to rapid release schedule:

“Despite the version number (11.50), we've packed a lot of new features into it. While other browsers rush to release whole new version numbers with small tweaks, I think we've kept traditional versioning, while simply releasing a little faster.”Obviously, this comes at an unfortunate time for Mozilla, but one cannot help but wonder if this comment was meant for Google. Opera and Google have gotten into it pretty heavily in the past, and, for a time (before IE9), Chrome and Opera swapped places on a semi-monthly basis in the performance charts.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metro Version Of Firefox Will Available on Windows 8

Posted by Avik Sarkar On 2/18/2012 12:16:00 am

Metro Version Of Firefox Will Available on Windows 8
There are lots of addition and subtraction is going with the upcoming Microsoft Windows 8 & Windows on ARM.Microsoft's browser rivals to publicly commit to a Metro edition. Microsoft has said it will ship both Metro and traditional desktop versions of Internet Explorer 10. Metro is Microsoft's label for the touch-enabled interface at the center of both Windows 8 and WOA. Windows 8 will run Metro and traditional 32- and 64-bit Windows applications, but WOA will run only those third-party apps designed for Metro. Not only IE but also Firefox will follow the same trend. Mozilla confirms that it will build a "proof-of-concept" version of Firefox for Windows 8's Metro touch-first interface next quarter, then follow that with more functional editions later in the year. Mozilla Said:- "This proposal depends on Microsoft providing the same capabilities for Firefox as it does for IE -- running at the Medium level integrity process that allows us the full use of the Win32 API and what we need from Metro, or a set of APIs that allow Mozilla to port Gecko to the WinRT. For the purposes of this feature proposal, I'm assuming we'll get the first and we won't have to port the bulk of Gecko and instead will use the win32 dlls from within Metro."

Feature Overview:- 
  • Windows 8 contains two application environments, "Classic" and "Metro". Classic is very similar to the Windows 7 environment at this time, it requires a simple evolution of the current Firefox Windows product. Metro is an entirely new environment and requires a new Firefox front end and system integration points.
  • The feature goal here is a new Gecko based browser built for and integrated with the Metro environment.
  • Firefox on Metro, like all other Metro apps will be full screen, focused on touch interactions, and connected to the rest of the Metro environment through Windows 8 contracts.
  • Firefox on Metro will bring all of the Gecko capabilities to this new environment and the assumption is that we'll be able to run as a Medium integrity app so we can access all of the win32 Firefox Gecko libraries avoiding a port to the new WinRT API for the bulk of our code. (Though we will need to have a pan and zoom capability for content.)
  • We will need to determine if the Firefox front end on Metro will be built in XUL, C/C++, or HTML/CSS/JS (I'm assuming for now that .Net and XAML are off the table.)
  • Firefox on Metro is a full-screen App with an Appbar that contains common navigation controls (back, reload, etc.,) the Awesomebar, and some form of tabs.
  • Firefox will have to support three "snap" states -- full screen, ~1/6th screen and ~5/6th screen depending on how the user "docks" two full screen apps. Our UI will need to adjust to show the most relevant content for each size.
  • In order to provide users with access to other content, other apps, and to Firefox from other content and apps, we'll need integration with the share contract, the search contract, the settings contract, the app to app picking contract, the print contract, the play to contract, and possibly a couple more. We'll be a source for some, a target for some, and both for some.
  • We'll need to handle being suspended by the OS when out of view.
  • We may want to offer a live tile with user-centric data like friends presence or other Firefox Home information updates
  • Ideally we'd be able to create secondary tiles for Web-based apps hosted in Firefox's runtime.
For More Information Click Here


-Source (Mozilla & Computer World)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Posted by Avik Sarkar On 11/02/2012 03:28:00 am

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox with Bing By Microsoft & Mozilla

Posted by Avik Sarkar On 10/27/2011 11:04:00 pm



Mozilla has teamed with Microsoft to bring more Bing to Firefox. Mozilla and Bing are pleased to make available Firefox with Bing, a customized version of Firefox that sets Bing as the default search engine in the search box and AwesomeBar and makes Bing.com the default home page.  (Existing Firefox users can also make these changes by installing the Bing Search for Firefox Add-on)
Of course, any user of Firefox can go into the browser's settings and make those changes themselves if they want, and there is even a "Bing Search for Firefox" add-on that will do the same. But many users don't mess with their settings too much, which is why Google (the usual default for Firefox) is the most widely used search engine among Firefox users. Google competes with Bing on the search side and Google's Chrome browser competes with Firefox. Microsoft, of course, makes a Firefox rival in Internet Explorer. Mozilla, in a blog post, said that "nearly 20 customized versions of Firefox" are available from its partners, including Bing, Yahoo (which now uses Bing to power its search as well), Twitter and Yandex.

To Download firefox with Bing here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla fixes three security issues in its Firefox browser

Posted by Avik Sarkar On 5/03/2011 10:45:00 am


Mozilla has updated its Firefox web browser, fixing three security issues, two of them critical.

One of critical issues involved flaws in WebGLES that could be exploited to run malicious code or to bypass a security feature on recent Windows versions, Mozilla explained.
Also, Mozilla fixed a problem with Firefox described as “XSLT generate-id() function heap address leak.” Chris Evans of the Chrome Security Team reported that “the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system”, Mozilla said.
Finally, Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code”, Mozilla explained.
In addition, Mozilla updated its Thunderbird email client, fixing vulnerabilities in version 3.1.9. Although Mozilla did not identify the security fixes, the Mac Security blog said the “update most likely contains the same fixes as Firefox 3.6, since it uses the same HTML rendering engine.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 7 For Windows, Mac, Linux and Android

Posted by Avik Sarkar On 8/20/2011 04:25:00 pm


The latest Mozilla Firefox Beta is now available for testing on Windows, Mac, Linux and Android. This beta includes performance enhancements that improve the browsing experience for users and enable developers to create faster Web apps and websites.
New in Firefox Beta for Windows, Mac and Linux:
  • Optimized Memory Use: Reduces memory use and improves performance areas including responsiveness, startup and page load time, even in complex websites and Web apps
  • Improved memory management: The JavaScript garbage collector works more frequently to free up memory and improve performance when you have many tabs open or keep Firefox running for a long time
  • Enhanced Firefox Sync: Your data syncs faster when a bookmark or password is added or changed
  • Azure Direct2D for Canvas: Helps Firefox speed up HTML5 Canvas-based animation rendering
  • Web timing spec: Enables developers to measure page load time and site navigation so they can identify how to make website performance improvements
  • CSS 3 Text-Overflow: ellipsis: Additional way for developers to display CSS 3 text that overflows the layout area
  • Telemetry: Install this add-on and opt-in to report browser performance data and help improve future versions of Firefox
New in Firefox Beta for Android:
  • Optimized Memory Use: Reduces memory use and improves performance areas including responsiveness, startup and page load time, even in complex websites and Web apps
  • Enhanced Firefox Sync: Your data syncs faster when a bookmark or password is added or changed
  • Copy and paste: Copy and paste selected text from mobile websites
  • Restored session history and tabs: Firefox restores browsing history and tabs so users can easily return to their previous browsing session
  • Language selection: Firefox can detect the language setting on your Android device or allow you to select from more than 10 languages during initial set up
If you already have Firefox Beta installed, you will receive an automated update notification. You can also go to the “About Firefox” menu to apply the update manually.

For Downloading Firefox 7 Beta Click Here

-News Source (Mozila) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

Posted by Avik Sarkar On 4/05/2012 08:43:00 pm

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

In the official blog post Mozilla confirmed that they have blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. "The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer. This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms. Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied."- Said Mozilla
Unlike Google's Chrome browser, which has a feature specifically aimed at disabling outdated plug-ins, Firefox relies on Mozilla developers deciding which plug-ins pose a risk to users. However, users retain the choice of preventing those plug-ins from being disabled. The Firefox blocklist has rarely been used to disable plug-ins from big software vendors like Oracle, but precedents do exist. In October 2009, Mozilla decided to add Microsoft's Windows Presentation Foundation (WPF) plug-in to the Firefox blocklist after Microsoft revealed that it had a vulnerability.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Firefox 8 Released With More Add-on Control Features

Posted by Avik Sarkar On 11/09/2011 10:28:00 pm


Mozilla announced today the official release of Firefox 8, a new version of the popular open source Web browser. The modest update introduces a few new features and brings a number of minor improvements to the browser’s underlying HTML renderer. From version 8, when Firefox launches and detects that a new third-party add-on has been installed, the add-on will be disabled by default until approved by the user. When users upgrade to Firefox 8, they will be presented with a one-time dialog for approving previously installed add-ons. Another noteworthy user-facing feature in Firefox 8 is stricter control over side-loaded add-ons. Mozilla is cracking down on third-party applications that install add-ons in Firefox without the user’s knowledge or permission. Such add-ons have caused serious problems for users in the past—like the notoriously buggy Skype toolbar which Mozilla had to remotely disable earlier this year when it caused 33,000 Firefox crashes in one week.


To Download Firefox 8 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY

Posted by Avik Sarkar On 4/28/2012 02:55:00 pm

Firefox 12 & 13 Beta Introduces Simpler Update Process, 85 Improvements to Developer Tools & SPDY
Developers at Mozilla declared the availability of Firefox 12 as well as Firefox 13 beta. With these release Firefox also includes more than 85 improvements to built-in developer tools. For example, developers no longer need to reload the page to see messages in the Web Console, and Scratchpad adds Find and Jump to Line commands to the editor. Developers claimed that your experience while updateing Firefox will be easier and better. nstead of asking users for the required privileges via UAC, it now uses the Mozilla Maintenance Service to update program files. Firefox executes the service with system privileges when it is needed and closes it after the update. An Access Control Entry (ACE) in the update service allows Firefox to launch it with system privileges even though the browser itself does not have them.
In Firefox 13 beta we are getting SPDY, the faster alternative to HTTP, has been incorporated in Firefox, but disabled by default, since the introduction of Firefox 11. Firefox 13 will be the first release with it enabled by default. What is new in Firefox 13 Beta:- 
  • SPDY Support: Firefox Beta now supports SPDY by default. SPDY is a protocol designed as a successor to HTTP that reduces the amount of time it takes for websites to load. SPDY encrypts all communication with SSL, which makes browsing more secure. Users will notice quicker page load speeds on sites that support SPDY networking.
  • Developer Tool Updates: Firefox Beta includes a number of improvements to Web Developer Tools. Page Inspector now allows you to lock in CSS pseudo-classes on inspected page elements and Style Editor now saves CSS files loaded via file:// URLs without prompting to make the workflow for experimenting with CSS much quicker.

To Download Firefox 12 for Windows, Linux & Mac Click Here & For Firefox 13 Beta Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DigiNotar Certificate Venerability Patched on Firefox 6.0.2

Posted by Avik Sarkar On 9/08/2011 05:13:00 pm



Firefox 6.0.2 has just come out, adding more protection to that provided by Firefox 6.0.1, which was necessitated by the mess caused by disgraced Dutch web security company DigiNotar.
Firefox 6.0.1 fixed Mozilla Foundation Security Advisory 2011-34, which simply pulled everything to do with DigiNotar from its list of trusted certificates. Loosely speaking, any certificate signed by DigitNotar, or any certificate signed by someone with a certificate signed by DigiNotar, and soad infinitum, was blown out of the water.
Any website with a certificate bought through DigiNotar therefore become untrusted at once. As Mozilla quite bluntly explained in the 6.0.1 update, "sites using certificates issued by DigiNotar will need to seek another certificate vendor." And that's how it should be. A Certificate Authority isn't supposed to make mistakes of this sort - not at all, let alone to this extent.
However, Firefox 6.0.1 exempted from its blockade any certificates signed by the Dutch State itself using its STAAT DER NEDERLANDEN ROOT CA signing certificate. Although tainted by association with DigiNotar, the Dutch public service was apparently convinced that none of the certificates it had issued were affected by any signing irregularities at DigiNotar.
It turned out that the Dutch authorities had not one, but two, Certificate Authorities of its own, and its second root certificate - imaginatively named STAAT DER NEDELANDEN ROOT CA - G2 was not exempted in Firefox 6.0.1. This was reported as a bug, and Mozilla set about adding an additional exemption for certificates signed by this CA. This would have reduced the impact of the Firefox certificate blockade on the web services provided by the Dutch authorities.
In the interim, however, the Dutch government abandoned trust in any of its own certificates, so the Firefox bugfix changed from "exempt the government CA we left out last time" to "remove the exemption for the government CA we exempted last time."
Let's see whether this fiasco causes the Dutch authorities to reconsider modern public service buzzwords such as "cloud" and "outsourcing"!
This sort of step - vigorously disowning everything tainted by DigiNotar - is aggressive but, in my opinion, necessary. Getting into a certification relationship with company X is like buying shares in company X. If the price goes down, all shareholders lose out simultaneously. If the company goes down, you go down with it.  
Brief About DigiNotar :- 
DigiNotar is the former Certificate Authority - or so-called "authority" - which managed to issue more than 500 bogus digital certificates in the name of major web properties such as Facebook, Twitter, Microsoft and Google; in the name of intelligence agencies such as the Mossad and the CIA; and even, it seems, in the name of other certifying authorities.

To Download Firefox 6.0.2 Click Here

-News Source (Naked Security & Mozilla) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox Ver 6.0 is Now Available (With Lots of New Features)

Posted by Avik Sarkar On 8/17/2011 10:41:00 pm

Mozilla released Firefox v6.0 on the 16th of August. To know what is new on this version and more information cheek the following statements.  

What’s New in Firefox 6.0:-

The latest version of Firefox has the following changes:
  • The address bar now highlights the domain of the website you're visiting
  • Streamlined the look of the site identity block
  • Added support for the latest draft version of WebSockets with a prefixed API
  • Added support for EventSource / server-sent events
  • Added support for window.matchMedia
  • Added Scratchpad, an interactive JavaScript prototyping environment
  • Added a new Web Developer menu item and moved development-related items into it
  • Improved usability of the Web Console
  • Improved the discoverability of Firefox Sync
  • Reduced browser startup time when using Panorama
  • Fixed several stability issues
  • Fixed several security issues
To see the fixed Bug in this version of Firefox click Here


To download Firefox v6.0 Click Here  

To see the official press release of Mozilla cheek the following Link:-
http://www.mozilla.com/en-US/firefox/6.0/releasenotes/

-News Source (Mozilla) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Patches Security Hole In Firefox 10

Posted by Avik Sarkar On 2/03/2012 09:34:00 pm

Mozilla Patches Security Hole In Firefox 10

Mozilla released security patch which closes eight security holes in Firefox 10, among those 8 vulnerabilities, 6 are very critical which is company's highest threat rank and two are considered as "high". One of the vulnerability, which has been cured via Firefox 10, exposed users to cross-site scripting (XSS) attack as the browser fails to run security scan on untrusted scripting objects, as stated by the company. The update also works on other bugs which forces the browser to crash.
According to Mozilla's official website, "The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts." The company also claimed that Firefox 10 has a number of features important for developers. However, for the users there is one noticeable change which is the ability of the browser to mark automatically almost all the add-ons that are compatible with every upgrade.
To Download Firefox 10 Click Here


-Source (Mozilla)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Up-gradation of Firefox 5.0.1 for MAC OS X Has Been Fixed

Posted by Avik Sarkar On 7/14/2011 01:32:00 pm


Mozilla has released version 5.0.1 of Firefox. As previously reported, the maintenance update to Firefox 5 addresses problems with Apple's upcoming Mac OS X Lion operating system that could cause the browser to crash. Firefox 5.0.1 also resolves an issue caused by one of Apple's latest Java updates (Java for Mac OS X 10.5 Update 10) that prevented the Java plug-in from being loaded. Although the release notes mention only changes affecting the Mac OS X version of Firefox, updates to the Windows and Linux versions have also been released.
Further information about the update can be found in the release notes. Firefox 5.0.1 is available to download for Windows, Mac OS X and Linux from the project's web site. Alternatively, users can upgrade to the new versions either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu.
Update: To avoid a crashing problem on the upcoming version of Mac OS X, Mozilla has released an update to the 3.6.x branch of Firefox, version 3.6.19, that disables downloadable fonts when running on Mac OS X Lion. The developers say that they hope to enable them again in a future release. In a post on the Mozilla Developer Center blog, the developers also note that Windows and Linux users "do not need and will not see the update offer" for Firefox 3.6.19 or 5.0.1.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSS Said : IE9 Blocks Virtually all Socially Engineered Malware, Rather Than Other Browsers

Posted by Avik Sarkar On 8/18/2011 04:28:00 pm


A study prepared by NSS Labs concludes that Microsoft's Internet Explorer 9 blocks virtually all socially engineered malware, far more than rival browsers.
The study was designed to examine one aspect of security: how a browser handled a malicious URL, such as one received in a posting on a social network or an email. The NSS goal was to find the browser which identified, warned, and/or blocked malicious URLs from being viewed by the user.
As it did in 2010, Microsoft's IE9 with Smart Screen URL detection and Application Reputation topped the field, blocking 99.2 percent of all malicious emails. Google's Chrome 12 finished far behind, blocking 13.2 percent of all malicious URLs. Apple's Safari 5 and Mozilla Firefox 4 tied at 7.4 percent, with Opera 11 finishing dead last at 6.1 percent.

 

The NSS Labs study showed that, globally, all of the browsers tested showed improvement over an NSS study performed last year, with two exceptions: Safari and Mozilla's Firefox. A year ago, Microsoft IE9 blocked 99 percent of the malicious URLs, followed by Chrome 6 (3%), Safari 5 (11%), Firefox 3.6.15 (19%), and Opera 10 (0%).
NSS attributed Microsoft's success to its Application Reputation technology, which has attempted to categorize applications across the Internet.
"The significance of Microsoft's new application reputation technology cannot be overstated," the NSS report found. "Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software. The list is dynamically created and maintained, much the same way Google, (or Bing) is continuously building and maintaining a library of content for search purposes."
The NSS tests sliced the potential for malware along one specific axis, socially engineered malware, a distinction Google objected to during the 2010 tests. ""Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities," a spokeswoman said then.
NSS also found that the combination of SmartScreen and Application Reputation means that IE9 blocked new malware in just over half and hour, while Safari 5 and Firefox 4 required 4.91 and 6.07 hours, on average, to detect a new malicious URL. Chrome 12 and Opera 11, by contrast, required 17.7 and 18.4 hours, respectively. Over time, as the malicious URLs changed in response to detection, the browsers maintained their level of protection fairly consistently, NSS found.
"Not only has the effectiveness of the technology improved, but so has the speed at which it is able to identify socially engineered malware," Roger Capriotta, director of Internet Explorer product marketing, wrote in a blog post Monday. "For our Windows customers, this means fewer infections and headaches for you."
In its report, NSS said its findings were independent, and that it had not received funding from any vendor. 

-News Source (PC Mag)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 7 Released With Better Memory Management, Patches Critical Security Holes

Posted by Avik Sarkar On 9/28/2011 07:33:00 pm


Mozilla released their new version Firefox 7 with lost of new features enabled. The release of Firefox 7 is important because the new version features better memory management and is the first step in Mozilla's long term plan to make the browser more resource friendly. 



Nevertheless, users who upgrade to it will also benefit from improved security as this release fixes six critical and two moderate severity security vulnerabilities.
Four of the critical patches are shared with Thunderbird 7 and address a use-after-free condition with OGG headers, an exploitable crash in the YARR regular expression library, a code installation quirk involving the Enter key and multiple memory hazards.
A moderate severity patch that provides defence against multiple Location headers caused by CRLF injection attacks is also common to both products.
In addition to these patches Firefox 7 also contains fixes for two critical and one moderate severity vulnerabilities, with one of them resulting in a potentially exploitable WebGL crash. It's worth pointing out that Microsoft previously motivated its decision to not include support for WebGL in Internet Explorer by saying that the 3D graphics library opens a large attack surface. So far several serious vulnerabilities have been identified and patched in WebGL, which partially supports Microsoft's assessment, but the library's supporters claim this is no different than with other technologies.
Firefox 7 also updates Websocket, a protocol disabled in the past because of security issues, to version 8, which is no longer vulnerable to known attacks. Unfortunately, Mozilla has not yet developed a fix for a recently disclosed attack against SSL/TLS, despite having worked on the problem since June. Developers are still trying to find a resolution that will break as few websites as possible, but at this point it's not even certain that a fix will be included in Firefox 8.

To download Firefox Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox 4 Supports Content Security Policy

Posted by Avik Sarkar On 5/09/2011 01:58:00 pm


Content Security Policy is a standard developed by Mozilla designed to protect against cross sitescripting (XSS) attacks. Cross site scripting attacks use vulnerabilities in websites to inject JavaScript code into pages or urls of that site. The injected JavaScript code is then executed when visitors open a specifically prepared link or page on the website. Attacks can have serious consequences, it may for instance be possible to steal cookies from users to impersonate them on the site.
Content Security Policy has been in development for quite some time.. The basic idea behind the standard is to give webmasters a tool at hand to whitelist JavaScript, and other objects and files, that may be executed on the site. This implementation blocks all JavaScript code that is executed on the site and not in the list of allowed sites, which means that attackers cannot exploit possible XSS vulnerabilities on the website or server.
A browser supporting CSP ignores code that is not in the whitelist. Browsers who do not support CSP ignore the policy.

Content Security Protection for Users

CSP is currently only supported by Firefox 4, Thunderbird 3.3 and SeaMonkey 2.1. You can test the functionality by visiting this test page.
Twitter recently announced that they have added CSP to their mobile version, accessible under mobile.twitter.com. Users who use one of the aforementioned browsers are protected from XSS attacks on that website.
The engineers on Twitter removed all JavaSCript from code and implemented the CSP header. They then restricted the header to Firefox 4 users and created a rule set to allow JavaScript from their assets. This included the content deliver network used to deliver stylesheets and user profiles.
Unexpected issues were encountered by the developers. They noticed for instance that some Firefox add-ons were inserting JavaScript on page load, which triggered a threat report. The Twitter engineers noticed furthermore that some ISPs inserted JavaScript code or altered image tags for caching reasons.
They managed to resolve those problems by mandating SSL for all Firefox 4 users who access the mobile Twitter web site.
x-content security policy
A test with Firebug shows that the mobile version of Twitter is indeed using the policy on site. Please note that Twitter makes a user agent check and is very restrictive about it. Firefox 5 or Firefox 6 users won’t get the policy currently.

Content Security Protection for Webmasters

Webmasters may have some work at hand to add support for CSP to their website. JavaScript code that is directly embedded in documents will not be executed anymore, which has several implications. Webmasters need to move the code to external JavaScript files.
Policies are specified with the X-Content-Security-Policy header. The header X-Content-Security-Policy: allow ‘self’ *.ghacks.net for instance allows JavaScript to be loaded from ghacks.net and all subdomains of ghacks.net.
The using CSP guide on Mozilla offers additional examples on how to set the right headers.
Browsers that do not support CSP ignore the header.
CSP offers two additional forms of protection. It mitigates clickjacking attacks. Clickjacking refers to directing a user’s mouse click to a target on another site. This is often done by using transparent frames on the original website.
Content Security Policy can also be used to mitigate packet sniffing attacks, as it allows the webmaster to specific protocols that are allowed to be used. It is for instance possible to force HTTPS only connections.
The CSP Policy directives are accessible here on Mozilla.
Next to the already mentioned options are parameters to specific hosts where images, media files, objects or fonts may be loaded from.
Plugins are available for WordPress and Drupal that add the policy to supported websites automatically when activated.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search