Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Mozilla beefs up security with Firefox 3
Published: 2007-11-21

The Mozilla Foundation released on Monday a beta version of the group's latest open-source Firefox browser, rewriting parts of the code and enhancing security.

Firefox 3 Beta 1 adds anti-malware features to the browser, using a similar mechanism as the anti-phishing feature in Firefox 2, harnessing a Google-generated blacklist of sites that are hosting malicious code. The beta version of the browser also checks plugins to make sure they are compatible with the software and uses a secure download mechanism for updates.

"There is a lot of code that has changed, but I don't think there is a lot more code," Mike Schroepfer, vice president of engineering for the group, told SecurityFocus. "We have actually excised old code, and there are couple of areas were we dug out the component and rewrote the whole thing."

Web sites have become an increasingly important vector for malicious and fraudulent software. Earlier this month, attackers defaced hundreds of Web sites -- and thousands of pages -- embedding hidden iframe code to redirect visitors to malicious download sites. Yet, while such techniques can affect Firefox as well as Internet Explorer, attackers have generally left the open-source browser alone, despite it having a greater number of flaws.

Security features have become a point of competition between Mozilla and Microsoft. A year ago, when both organizations launched their latest browsers, they both claimed to have a better -- albeit, very similar -- anti-phishing solution.

Mozilla has included several user interface improvements to help users understand the risks of a particular Internet site. Clicking on the favicon, the small icon for the site at the left of the URL (uniform resource locator), will drop down a box containing identity information about the site. The group also rewrote the Password Manager in JavaScript from C++ to eliminate memory errors, Schroepfer said.

The Mozilla Foundation has not given a release date for the final version of the Firefox 3 browser.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus