Slashdot Mirror

siliconbits writes "Mozilla has launched an iPhone app called Firefox Home that gives iPhone users instant access to their Firefox browsing history, bookmarks, and the set of tabs from their most recent browser session. What's more, it provides Firefox Awesome Bar capability that enables people to get to their favorite websites with minimal typing." With the Mozilla blog promising "There will be more to come," can the full browser be far behind?

pastababa writes "A beta of the Firefox Lorentz project is now available for download and public testing. Eming reports Firefox 'Lorentz' provides uninterrupted browsing for Windows and Linux users when there is a crash in plugins. Plugins run in a separate process from the browser. If a plugin crashes it will not crash the browser, and unresponsive plugins are automatically restarted. The process-isolation feature has been in Google's Chrome from the beginning. Chrome sandboxes individual tabs, and the crash of one tab does not affect the running of the rest of Chrome browser. Firefox currently isolates only Adobe Flash, Apple Quicktime, and Microsoft Silverlight, but will eventually isolate all plugins running on a page. Mozilla encourages users to test Firefox 'Lorentz' on their favorite websites. Users who install Firefox 'Lorentz' will eventually be automatically updated to a future version of Firefox 3.6 in which this feature is included."

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."

eldavojohn writes "Mozilla has admitted to wrongly accusing Sothink of distributing a video downloader with a trojan virus as a Firefox addon. From their official blog: 'We've worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware.' Before you go download that addon, however, keep in mind that Sothink has come under fire before for GPL violations and dishonesty."

Majix writes "Firefox Mobile, the mobile browser developed by Mozilla based on the same engine as in the recently released Firefox 3.6, has finally hit version 1.0. The first device to be officially supported is the Nokia N900. With a long list of features, Firefox Mobile looks to be the most complete mobile browser to date. Highlights include the familiar Awesome Bar, Weave Sync for sharing your browser state between your PC and mobile, and of course tabbed browsing and Firefox add-ons. With the Nokia 900 and Firefox Mobile 1.0, even Flash content including the normal YouTube site is working, showing that a mobile browser does not have to equal a compromised Internet experience."

Majix writes "Firefox Mobile, the mobile browser developed by Mozilla based on the same engine as in the recently released Firefox 3.6, has finally hit version 1.0. The first device to be officially supported is the Nokia N900. With a long list of features, Firefox Mobile looks to be the most complete mobile browser to date. Highlights include the familiar Awesome Bar, Weave Sync for sharing your browser state between your PC and mobile, and of course tabbed browsing and Firefox add-ons. With the Nokia 900 and Firefox Mobile 1.0, even Flash content including the normal YouTube site is working, showing that a mobile browser does not have to equal a compromised Internet experience."

Majix writes "Firefox Mobile, the mobile browser developed by Mozilla based on the same engine as in the recently released Firefox 3.6, has finally hit version 1.0. The first device to be officially supported is the Nokia N900. With a long list of features, Firefox Mobile looks to be the most complete mobile browser to date. Highlights include the familiar Awesome Bar, Weave Sync for sharing your browser state between your PC and mobile, and of course tabbed browsing and Firefox add-ons. With the Nokia 900 and Firefox Mobile 1.0, even Flash content including the normal YouTube site is working, showing that a mobile browser does not have to equal a compromised Internet experience."

Shining Celebi writes "Mozilla has released Firefox 3.6 today, which adds support for Personas, lightweight themes that can be installed without restarting the browser, and adds further performance improvements to the new Tracemonkey Javascript engine. One of the major goals of the release was to improve startup time and general UI responsiveness, especially the Awesomebar. You can read the full set of release notes here."

Shining Celebi writes "Mozilla has released Firefox 3.6 today, which adds support for Personas, lightweight themes that can be installed without restarting the browser, and adds further performance improvements to the new Tracemonkey Javascript engine. One of the major goals of the release was to improve startup time and general UI responsiveness, especially the Awesomebar. You can read the full set of release notes here."

mhammond writes "Mozilla Messaging has just unveiled a Mozilla Labs project, Raindrop, an experiment with Open Messaging on the Open Web. Raindrop uses couchdb as a storage engine and to serve the HTML/CSS/Javascript application itself, while the back-end is primarily written in Python. Although it is early days yet, the concept that you own your data may be what sets this apart from Google Wave."

ZosX writes "Around 11:45 PM Friday night, I was prompted by Firefox that it had disabled the addons that Microsoft has been including with .NET — specifically, the .NET Framework Assistant and the Windows Presentation Foundation. The popup announcing this said that the 'following addons have been known to cause stability or security issues with Firefox.' Thanks, Mozilla team, for hitting the kill switch and hopefully this will get Microsoft to release a patch sooner." Here's the Mozilla security blog entry announcing the block, which Mozilla implemented via its blocklisting mechanism.

ZosX writes "Around 11:45 PM Friday night, I was prompted by Firefox that it had disabled the addons that Microsoft has been including with .NET — specifically, the .NET Framework Assistant and the Windows Presentation Foundation. The popup announcing this said that the 'following addons have been known to cause stability or security issues with Firefox.' Thanks, Mozilla team, for hitting the kill switch and hopefully this will get Microsoft to release a patch sooner." Here's the Mozilla security blog entry announcing the block, which Mozilla implemented via its blocklisting mechanism.

juct writes "Beginning with versions 3.5.3 and 3.0.14 of Firefox, Mozilla is going to check the version of installed Adobe Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to 'protect users from emerging threats online.' Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).

Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

CWmike writes "Mozilla has confirmed the first security vulnerability in Firefox 3.5, saying that the bug could be used to hijack a machine running the company's newest browser. A noted Firefox contributor called the situation 'self-inflicted' and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla's bug- and change-tracking database. The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

An anonymous reader writes with news that multi-process browsing will be coming to Firefox. The project is called Electrolysis, and the developers "have already assembled a prototype that renders a page in a separate process from the interface shell in which it is displayed." Mozilla's Benjamin Smedberg says they're currently "[sprinting] as fast as possible to get basic code working, running simple testcase plugins and content tabs in a separate process," after which they'll fix everything that breaks in the process. Further details of their plan are available on the Mozilla wiki, and a summary is up at TechFragments.

johndmartiniii writes "Farhad Manjoo has a review of Firefox 3.5 at Slate.com this week. From the article: 'Lately I've been worried about Firefox. Ever since its debut in 2004, the open-source Web browser has won acclaim for its speed, stability, and customizability. It eventually captured nearly a quarter of the market, an astonishing achievement for a project run by a nonprofit foundation. But recently Firefox seemed to go soft.' The worried tone in the beginning of the review gives way to excitement over the HTML5 features being implemented, saying that thus far Firefox 3.5 'offers the best implementation of the standard — and because it's the second-most-popular Web browser in the world, the new release is sure to prompt Web designers to create pages tailored to the Web's new language.'" The final version could be here at any time; Firefox 3.5 is still shown as a release candidate at Mozilla's home page. Update: 06/30 15:31 GMT by T : No longer marked as RC; the Firefox upgrade page now says 3.5 has arrived.

Al writes "The Mozilla foundation is to adopt a new standard to help web sites prevent cross site scripting attacks (XSS). The standard, called Content Security Policy, will let a website specify what Internet domains are allowed to host the scripts that run on its pages. This breaks with Web browsers' tradition of treating all scripts the same way by requiring that websites put their scripts in separate files and explicitly state which domains are allowed to run the scripts. The Mozilla Foundation selected the implementation because it allows sites to choose whether to adopt the restrictions. 'The severity of the XSS problem in the wild and the cost of implementing CSP as a mitigation are open to interpretation by individual sites,' Brandon Sterne, security program manager for Mozilla, wrote on the Mozilla Security Blog. 'If the cost versus benefit doesn't make sense for some site, they're free to keep doing business as usual.'"

pizzutz writes "Andy Lawrence has posted a Javascript speed comparison for the recently released Firefox 3.5RC2 between Linux (Ubuntu 9.04) and Windows(XP SP3) using the SunSpider benchmark test. Firefox 3.5 will include the new Tracemonkey Javascript engine. The Windows build edges out Linux by just under 15%, though the Linux build is still twice as fast as the current 3.0.11 version which ships with Jaunty."

macupdate writes "Firefox 3.5rc1 has started trickling to users (mirrors and appropriate pages should all be updated soon). You can read the release notes. RC1 still scores a 93/100 on the Acid3 test."

macupdate writes "Firefox 3.5rc1 has started trickling to users (mirrors and appropriate pages should all be updated soon). You can read the release notes. RC1 still scores a 93/100 on the Acid3 test."

macupdate writes "Firefox 3.5rc1 has started trickling to users (mirrors and appropriate pages should all be updated soon). You can read the release notes. RC1 still scores a 93/100 on the Acid3 test."

bmullan writes "Dailymotion, one of the world's largest video sites, announced support for Open Video. They've put out a press release, a blog post on the new Open Video site, and an HTML 5 demo site where you can see some of the things that you can do with open video and Firefox 3.5. (You can get the Firefox 3.5 beta here.) Dailymotion is automatically transcoding all of the content that their users create, and expect to have around 300,000 videos in the open Ogg Theora and Vorbis formats."

revealingheart writes "Mozilla Labs have released a prototype extension called Jetpack: An API for allowing you to write Firefox add-ons using existing web technologies to enhance the browser (e.g. HTML, CSS and Javascript), with the goal of allowing anyone who can build a Web site to participate in making the Web a better place to work, communicate and play. Example add-ons are included on the Jetpack website. While currently only a prototype, this could lead to a simpler and easier to develop add-on system, which all browsers could potentially implement."

revealingheart writes "Mozilla Labs have released a prototype extension called Jetpack: An API for allowing you to write Firefox add-ons using existing web technologies to enhance the browser (e.g. HTML, CSS and Javascript), with the goal of allowing anyone who can build a Web site to participate in making the Web a better place to work, communicate and play. Example add-ons are included on the Jetpack website. While currently only a prototype, this could lead to a simpler and easier to develop add-on system, which all browsers could potentially implement."

Barence writes "Mozilla Labs has launched a design competition that aims to find an alternative to tabbed browsing. 'Tabs worked well on slow machines on a thin internet, where ten browser sessions were "many browser sessions,"' Mozilla claims on its Design Challenge website. 'Today, 20+ parallel sessions are quite common; the browser is more of an operating system than a data display application; we use it to manage the web as a shared hard drive. However, if you have more than seven or eight tabs open they become pretty much useless.' Aza Raskin, the head of user experience at Mozilla Labs, has already blogged on the possibility of moving tabs down the side of the browser, with tabs grouped by the type of activity involved (i.e. applications, work spaces)."

bigmammoth writes "Xiph hackers have been hard at work improving the Theora codec over the past year, with the latest versions gaining on and passing h.264 in objective PSNR quality measurements. From the update: 'Amusingly, it also shows test versions of Thusnelda pulling ahead of h.264 in terms of objective quality as bitrate increases. It's important to note that PSNR is an objective measure that does not exactly represent perceived quality, and PSNR measurements have always been especially kind to Theora. This is also data from a single clip. That said, it's clear that the gap in the fundamental infrastructure has closed substantially before the task of detailed subjective tuning has begun in earnest.' Momentum is building with a major Open Video Conference in June, the impending launch of Firefox 3.5 and excitement about wider adoption in a top-4 web site. It's looking like free video codecs may pose a serious threat to the h.264 bait-and-switch plan to start charging millions for internet streaming of h.264 in 2010."

CodeShark writes "Mozilla released their latest Firefox 3.X beta today (3.5b4), and increased their score on the Acid 3 test to 93 [on my XP laptop], with tests 70, 71, and tests 75-79 being the final challenges. Curiously though, the current release of the top Acid3 performer — Safari — still not only rates higher (I got scores of 99 once and 100 most of the time) but is usually faster by a little (1.1 sec avg. vs. 1.4 over ten runs apiece) but only because the new Firefox beta was all over the map — frequently better by 25% (.85sec) or tanking badly with rendering times in the 2.5 — 3 second range, and both suffer performance hits on one test (#69)."

Constantine the Less writes "Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks. It includes a fix for one of the flaws exploited during this year's CanSecWest Pwn2Own hacker contest. The update also fixes a separate zero-day flaw disclosed earlier this week on a public exploit site. Both issues are rated 'critical,' Mozilla's highest severity rating."

snitch writes "Last week Mozilla released Bespin, their web-based framework for code editing, and only a few days later Boris Bokowski and Simon Kaegi implemented an Eclipse-based Bespin server using headless Eclipse plug-ins. With the presentation of the web-based Eclipse workbench at EclipseCon and the release of products like Heroku, a web-based IDE and hosting environment for RoR apps, it seems that web-based IDEs might soon become mainstream."

Shrike82 writes "Mozilla have described plans for the next version of their popular web browser, Firefox. Mozilla's "Ubiquity project" is set to become a standard feature, allowing "users to type natural language phrases into the browser to perform certain tasks, such as typing 'map 10 Downing Street' to instantly see a Google map of that address, or 'share-on-delicious' to bookmark the site you're currently visiting on the social news site." Also of interest is so-called "lightweight theming" allowing users to customise the browsers design more easily. The launch date is still somewhat unclear, and Mozilla are apparently unsure if version 3.2 will be released at all, apparently considering going straight to Firefox 4."

An anonymous reader writes "While doing a weekly scrub of my Windows systems, which includes checking for driver updates and running virus scans, I found Firefox notifying me of a new add-on. It's labelled 'Microsoft .NET Framework Assistant,' and it 'Adds ClickOnce support and the ability to report installed .NET versions to the web server.' The add-on could not be uninstalled in the usual way. A little Net searching turned up a number of sites offering advice on getting rid of the unrequested add-on." The unasked-for extension has been hitchhiking along with updates to Visual Studio, and perhaps other products that depend on .NET, since August. It appears to have gone wider recently, coming in with updates to XP SP3.

vm writes "According to Mozilla and other sources, Firefox 2 and Gecko 1.8 will soon be left behind some time in mid-December. The end result: no future security or stability updates. This will affect Thunderbird 2, SeaMonkey 1.1, Camino 1.5, and any other projects based on Gecko 1.8. So, if you haven't already upgraded, there's no time like the present."

Barence writes "Mozilla Labs has unveiled a new Add-on that allows Firefox to pinpoint your location based on Wi-Fi signals. The feature, called Geode, is a prototype for the location-tracking technology that will be built into the forthcoming Firefox 3.1. Geode is designed to work with websites that rely on knowing your location, such as mapping and geotagging services. The prospect of Firefox having the ability to track your location raises obvious privacy fears. Mozilla insists users will remain in complete control. 'With Geode, when a website requests your location a notification bar will ask how much information you want to give that site: your exact location, your neighbourhood, your city, or nothing at all,' the Mozilla Labs blog claims."

Martin writes "Mozilla Labs have released a prototype version of the Firefox add-on Ubiquity. It is basically Launchy (the application launcher) for Firefox with the difference that Ubiquity makes use of web APIs and the Firefox browser. The official website contains examples, a command list, information about creating your own commands and of course the Ubiquity extension that is compatible with Firefox 3.x. Ubiquity can pull and send data to various services like Twitter, display, find and embed Google Maps, perform searches, write emails, add entries to the calendar, digg stories and more."

monkeymonkey writes "Mozilla has integrated tracing optimization into SpiderMonkey, the JavaScript interpreter in Firefox. This improvement has boosted JavaScript performance by a factor of 20 to 40 in certain contexts. Ars Technica interviewed Mozilla CTO Brendan Eich (the original creator of JavaScript) and Mozilla's vice president of engineering, Mike Shaver. They say that tracing optimization will 'take JavaScript performance into the next tier' and 'get people thinking about JavaScript as a more general-purpose language.' The eventual goal is to make JavaScript run as fast as C code. Ars reports: 'Mozilla is leveraging an impressive new optimization technique to bring a big performance boost to the Firefox JavaScript engine. ...They aim to improve execution speed so that it is comparable to that of native code. This will redefine the boundaries of client-side performance and enable the development of a whole new generation of more computationally-intensive web applications.' Mozilla has also published a video that demonstrates the performance difference." An anonymous reader contributes links the blogs of Eich and Shaver, where they have some further benchmarks.

Barence writes "Mozilla has unveiled a spectacular new concept browser, dubbed Aurora. The bleeding-edge browser is part of a new Mozilla Labs initiative, in which the open-source foundation is encouraging people to contribute ideas and designs for the browser of the future. The Aurora browser demonstration shows a highly advanced way of collaborating data gathered on the web, and represents a spectacular introduction to the new Mozilla Labs, which much like Google Labs looks to become a home for offbeat projects which would otherwise probably never see the light of day. More details, and a video demonstration, are on the Mozilla Labs site."

Earthweb passes along a ZDNet article which notes, "In partnership with indie security consultant Rich Mogull, Mozilla has launched a valuable Security Metrics Project that — we can only hope — could help to put an end to the silly notion that patch-counting helps to determine a product's security posture. The idea is to develop a metrics model that goes beyond simple bug counts to reflect accurately the effectiveness of secure development efforts and the relative risk to users over time. Mogull has released a spreadsheet (.xls) with a preliminary version of the model and Mozilla's Window Snyder is actively seeking feedback to make the project open and meaningful."

An anonymous reader points to a mention at MozillaZine of "a screencast by Mozilla developer Mike Beltzner, demonstrating some of the new features in Mozilla Firefox 3, which is due out very soon. Weighing in at under four minutes, the screencast gives a concise overview of why you should be excited about Firefox 3. Due to its visual nature, the screencast shows Firefox's features far more clearly than the many written previews that have been published. A picture really is worth a thousand words."

An anonymous reader writes "Mozilla has opened comments for an new experimental browser security policy, dubbed Site Security Policy (SSP), designed to protect against XSS, CSRF, and malware-laced IFRAME attacks which infected over 1.5 million pages Web earlier this year. Security experts and developers are excited because SSP extends control over Web 2.0 applications that allow users to upload/include potentially harmful HTML/JavaScript such as on iGoogle, eBay Auction Listings, Roxer Pages, Windows Live, MySpace / Facebook Widgets, and so on. Banner ads from CDNs have had similar problems with JavaScript malware on social networks. The prototype Firefox SSP add-on aims to provide website owners with granular control over what the third-party content they include is allowed to do and where its supposed to originate. No word if Internet Explorer or Opera will support the initiative."

An anonymous reader writes "Mozilla has opened comments for an new experimental browser security policy, dubbed Site Security Policy (SSP), designed to protect against XSS, CSRF, and malware-laced IFRAME attacks which infected over 1.5 million pages Web earlier this year. Security experts and developers are excited because SSP extends control over Web 2.0 applications that allow users to upload/include potentially harmful HTML/JavaScript such as on iGoogle, eBay Auction Listings, Roxer Pages, Windows Live, MySpace / Facebook Widgets, and so on. Banner ads from CDNs have had similar problems with JavaScript malware on social networks. The prototype Firefox SSP add-on aims to provide website owners with granular control over what the third-party content they include is allowed to do and where its supposed to originate. No word if Internet Explorer or Opera will support the initiative."

Barence noted that Firefox has announced release candidate 2 of their highly popular web browser. You can read the release notes while you download. And since my copy just finished downloading, I guess I'll go install it. I hope I don't have any

Barence noted that Firefox has announced release candidate 2 of their highly popular web browser. You can read the release notes while you download. And since my copy just finished downloading, I guess I'll go install it. I hope I don't have any

Jay writes "Firefox 3 Release Candidate 1 is out now. If yours didn't auto-update, then get it while it's hot! The release came a bit early, with Computer World noting: 'As recently as last Saturday, Mozilla's chief engineer said that although the company had locked down RC1's code, it was planning to publicly launch the build in "late May."'" My copy just downloaded — restarting after I save this story. God I hope it's better than the last beta.

bunratty writes "Firefox 3 Beta 5 was released today. This last beta release sports performance-boosting improved connection parallelism. Not only has 'the memory leak' been fixed: Firefox now uses less memory than other browsers. This is not only according to Mozilla developers, but CyberNet and The Browser World as well. As for the Acid3 test, Firefox 3 Beta 5 scores only 71/100 compared to 75/100 for Safari 3.1 and 79/100 for the latest Opera 9.5 snapshot. The final release of Firefox 3 is expected in June."

Somecallmechief writes "Firefox 3 Beta 4 is now available for download. This is the twelfth developer milestone focused on testing the core functionality provided by many new features and changes to the platform scheduled for Firefox 3. Ongoing planning for Firefox 3 can be followed at the Firefox 3 Planning Center, as well as in mozilla.dev.planning and on irc.mozilla.org in #granparadiso."

Somecallmechief writes "Firefox 3 Beta 4 is now available for download. This is the twelfth developer milestone focused on testing the core functionality provided by many new features and changes to the platform scheduled for Firefox 3. Ongoing planning for Firefox 3 can be followed at the Firefox 3 Planning Center, as well as in mozilla.dev.planning and on irc.mozilla.org in #granparadiso."

Kelson writes "After years of trying to figure out what to do with it, AOL is officially discontinuing the Netscape browser. In the four and a half years after they dismantled the development team and spun off the Mozilla Foundation as a lost cause, only to see Firefox take off, AOL has tried twice to reinvent Netscape. There was the chimera-like Netscape 8, which used both Mozilla's and IE's rendering engines, and just months ago they released Netscape 9, trying to ride the social networking wave. AOL will release security fixes through February 1, 2008, after which the browser will officially be dead. For the "nostalgic," they suggest using Firefox and installing a Netscape theme."

theranjan writes "When a Security Strategy Director at Microsoft decided to compare Internet Explorer security vulnerabilities with those of Mozilla Firefox, he may have forgotten that the Head Security Strategist of Mozilla was a former MS employee. In a rebuttal of the study, which finds IE more secure than Firefox, Mozilla said that the number of vulnerabilities publicly acknowledged was just a 'small subset' of all vulnerabilities fixed internally. The vulnerabilities found internally are fixed in service packs and major updates without public knowledge. 'For Microsoft this makes sense because these fixes get the benefit of a full test pass which is much more robust for a service pack or major release than it is for a security update. Unfortunately for Microsoft's users this means they have to wait sometimes a year or more to get the benefit of this work. That's a lot of time for an attacker to identify the same issue and exploit it to hurt users.'"