Slashdot Mirror

Firefox, in its official version, still lacks support for multi-threading (running on different processors), though Chrome and Internet Explorer 8 both have this feature. A Firefox project called Electrolysis is underway to close this gap. A blog author tested a pre-release version of Firefox that loads different tabs in parallel, and he chronicles his findings, including a huge speedup in Javascript vs. Firefox version 3.5 (though the pre-release still lags Chrome in many of the tests).

A new format specification has reached consensus among web and type designers and is being backed by Mozilla. Dubbed Web Open Font Format (WOFF), it is an effort to bring advanced typography to the Web in a much better way. Support for the new spec will be included as a part of Firefox 3.6 which just recently hit beta. "WOFF combines the work Leming and Blokland had done on embedding a variety of useful font metadata with the font resource compression that Kew had developed. The end result is a format that includes optimized compression that reduces the download time needed to load font resources while incorporating information about the font's origin and licensing. The format doesn't include any encryption or DRM, so it should be universally accepted by browser vendors — this should also qualify it for adoption by the W3C."

SD-Arcadia writes to tell us that Theora 1.1 has officially been released. It features improved encoding, providing better video quality for a given file size, a faster decoder, bitrate controls to help with streaming, and two-pass encoding. "The new rate control module hits its target much more accurately and obeys strict buffer constraints, including dropping frames if necessary. The latter is needed to enable live streaming without disconnecting users or pausing to buffer during sudden motion. Obeying these constraints can yield substantially worse quality than the 1.0 encoder, whose rate control did not obey any such constraints, and often landed only in the vague neighborhood of the desired rate target. The new --soft-target option can relax a few of these constraints, but the new two-pass rate control mode gives quality approaching full 'constant quality' mode with a predictable output size. This should be the preferred encoding method when not doing live streaming. Two-pass may also be used with finite buffer constraints, for non-live streaming." A detailed writeup on the new release has been posted at Mozilla.

Barence writes "Mozilla has announced that its plans to bring Office 2007's Ribbon interface to Firefox, as it looks to tidy up its 'dated' browser. 'Starting with Vista, and continuing with Windows 7, the menu bar is going away,' notes Mozilla in its plans for revamping the Firefox user interface. '[It will] be replaced with things like the Windows Explorer contextual strip, or the Office Ribbon, [which is] now in Paint and WordPad, too.' The change will also bring Windows' Aero Glass effects to the browser." Update: 09/24 05:01 GMT by T : It's not quite so simple, says Alexander Limi, who works on the Firefox user experience. "We are not putting the Ribbon UI on Firefox. The article PCpro quotes talks about Windows applications in general, not Firefox." So while the currently proposed direction for Firefox 3.7 involves some substantial visual updates for Windows users (including a menu bar hidden by default, and integration of Aero-styled visual elements), it's not actually a ribbon interface. Limi notes, too, that Linux and Mac versions are unaffected by the change.

sv_libertarian writes "Mozilla recently updated its product roadmap through 2010. According to the first draft, the current browser will see a minor update in Q4 2009 and another in Q2 2010. Version 4.0 is headed for an October or November 2010 release and will bring a new user interface and browser sync integration. 'There is not much information on [what] this new user interface will look like, but the first mockups that have been posted on Mozilla's website suggest that the Mozilla team favors a Google Chrome-like design that integrates Windows 7 graphics features. Overall, window elements seem to be floating over the background.' The mockup page emphatically notes that the design is not final."

An anonymous reader writes with word of the release of the first alpha of Firefox 3.6, "intended for developers and testers only." "As with Firefox 3.5, there are improvements to the performance; pages render faster, and pages with JavaScript code run much faster with the new Tracemonkey engine. Although this Firefox version carries the code name 'Namoroka' Alpha 1, it is also currently referred to as Firefox.next. And like other Firefox Alphas, it does not bear the Firefox logo. This release uses the Gecko 1.9.2 engine and will likely include several interface improvements in later versions, such as new graphical tab-switching behavior, which was removed from 3.5 with Beta 2." Update: 08/09 03:54 GMT by T : Read more at InaTux.com.

An anonymous reader writes with word of the release of the first alpha of Firefox 3.6, "intended for developers and testers only." "As with Firefox 3.5, there are improvements to the performance; pages render faster, and pages with JavaScript code run much faster with the new Tracemonkey engine. Although this Firefox version carries the code name 'Namoroka' Alpha 1, it is also currently referred to as Firefox.next. And like other Firefox Alphas, it does not bear the Firefox logo. This release uses the Gecko 1.9.2 engine and will likely include several interface improvements in later versions, such as new graphical tab-switching behavior, which was removed from 3.5 with Beta 2." Update: 08/09 03:54 GMT by T : Read more at InaTux.com.

An anonymous reader writes with word of the release of the first alpha of Firefox 3.6, "intended for developers and testers only." "As with Firefox 3.5, there are improvements to the performance; pages render faster, and pages with JavaScript code run much faster with the new Tracemonkey engine. Although this Firefox version carries the code name 'Namoroka' Alpha 1, it is also currently referred to as Firefox.next. And like other Firefox Alphas, it does not bear the Firefox logo. This release uses the Gecko 1.9.2 engine and will likely include several interface improvements in later versions, such as new graphical tab-switching behavior, which was removed from 3.5 with Beta 2." Update: 08/09 03:54 GMT by T : Read more at InaTux.com.

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

CWmike writes "Mozilla has confirmed the first security vulnerability in Firefox 3.5, saying that the bug could be used to hijack a machine running the company's newest browser. A noted Firefox contributor called the situation 'self-inflicted' and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla's bug- and change-tracking database. The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

An anonymous reader writes with news that multi-process browsing will be coming to Firefox. The project is called Electrolysis, and the developers "have already assembled a prototype that renders a page in a separate process from the interface shell in which it is displayed." Mozilla's Benjamin Smedberg says they're currently "[sprinting] as fast as possible to get basic code working, running simple testcase plugins and content tabs in a separate process," after which they'll fix everything that breaks in the process. Further details of their plan are available on the Mozilla wiki, and a summary is up at TechFragments.

Al writes "The Mozilla foundation is to adopt a new standard to help web sites prevent cross site scripting attacks (XSS). The standard, called Content Security Policy, will let a website specify what Internet domains are allowed to host the scripts that run on its pages. This breaks with Web browsers' tradition of treating all scripts the same way by requiring that websites put their scripts in separate files and explicitly state which domains are allowed to run the scripts. The Mozilla Foundation selected the implementation because it allows sites to choose whether to adopt the restrictions. 'The severity of the XSS problem in the wild and the cost of implementing CSP as a mitigation are open to interpretation by individual sites,' Brandon Sterne, security program manager for Mozilla, wrote on the Mozilla Security Blog. 'If the cost versus benefit doesn't make sense for some site, they're free to keep doing business as usual.'"

pizzutz writes "Andy Lawrence has posted a Javascript speed comparison for the recently released Firefox 3.5RC2 between Linux (Ubuntu 9.04) and Windows(XP SP3) using the SunSpider benchmark test. Firefox 3.5 will include the new Tracemonkey Javascript engine. The Windows build edges out Linux by just under 15%, though the Linux build is still twice as fast as the current 3.0.11 version which ships with Jaunty."

ShineTheLight sends in news of two Firefox plug-ins: FlashGot, the original, and Sothink, the GPL-violating come-lately. "People at Sothink decided to violate the GPL by stealing a piece of core code from FlashGot and using it without even the decency of covering their tracks. It is an exact copy of a previous version of FlashGot. This deception came to light when users reported to the FlashGot support forum that their software was not working right. Some digging led to the discovery that the older module that Sothink stole and used verbatim was overriding the more recent engine on the machines of those who had both installed and it was causing the issue. It has been reported to AMO and the FlashGot developer is aware of it. The Sothink people have completely ignored and been silent on the subject. This is why most good programmers will stop contributing to the global community because there are those who will steal their work, pass it off as their own, never acknowledge or give credit, and then shamefully stick their head in the sand and ignore the consequences." The three most recent reviews of Sothink point out this plug-in's dishonest nature. A number of earlier, one-line, 5-star reviews — expressed in a similar style — sound suspiciously like astroturfing.

ShineTheLight sends in news of two Firefox plug-ins: FlashGot, the original, and Sothink, the GPL-violating come-lately. "People at Sothink decided to violate the GPL by stealing a piece of core code from FlashGot and using it without even the decency of covering their tracks. It is an exact copy of a previous version of FlashGot. This deception came to light when users reported to the FlashGot support forum that their software was not working right. Some digging led to the discovery that the older module that Sothink stole and used verbatim was overriding the more recent engine on the machines of those who had both installed and it was causing the issue. It has been reported to AMO and the FlashGot developer is aware of it. The Sothink people have completely ignored and been silent on the subject. This is why most good programmers will stop contributing to the global community because there are those who will steal their work, pass it off as their own, never acknowledge or give credit, and then shamefully stick their head in the sand and ignore the consequences." The three most recent reviews of Sothink point out this plug-in's dishonest nature. A number of earlier, one-line, 5-star reviews — expressed in a similar style — sound suspiciously like astroturfing.

ShineTheLight sends in news of two Firefox plug-ins: FlashGot, the original, and Sothink, the GPL-violating come-lately. "People at Sothink decided to violate the GPL by stealing a piece of core code from FlashGot and using it without even the decency of covering their tracks. It is an exact copy of a previous version of FlashGot. This deception came to light when users reported to the FlashGot support forum that their software was not working right. Some digging led to the discovery that the older module that Sothink stole and used verbatim was overriding the more recent engine on the machines of those who had both installed and it was causing the issue. It has been reported to AMO and the FlashGot developer is aware of it. The Sothink people have completely ignored and been silent on the subject. This is why most good programmers will stop contributing to the global community because there are those who will steal their work, pass it off as their own, never acknowledge or give credit, and then shamefully stick their head in the sand and ignore the consequences." The three most recent reviews of Sothink point out this plug-in's dishonest nature. A number of earlier, one-line, 5-star reviews — expressed in a similar style — sound suspiciously like astroturfing.

ShineTheLight sends in news of two Firefox plug-ins: FlashGot, the original, and Sothink, the GPL-violating come-lately. "People at Sothink decided to violate the GPL by stealing a piece of core code from FlashGot and using it without even the decency of covering their tracks. It is an exact copy of a previous version of FlashGot. This deception came to light when users reported to the FlashGot support forum that their software was not working right. Some digging led to the discovery that the older module that Sothink stole and used verbatim was overriding the more recent engine on the machines of those who had both installed and it was causing the issue. It has been reported to AMO and the FlashGot developer is aware of it. The Sothink people have completely ignored and been silent on the subject. This is why most good programmers will stop contributing to the global community because there are those who will steal their work, pass it off as their own, never acknowledge or give credit, and then shamefully stick their head in the sand and ignore the consequences." The three most recent reviews of Sothink point out this plug-in's dishonest nature. A number of earlier, one-line, 5-star reviews — expressed in a similar style — sound suspiciously like astroturfing.

AberBeta writes with this excerpt from OSNews: "We're on the verge of a serious evolution on the web. Right now, the common way to include video on the web is by use of Flash, a closed-source technology. The answer to this is the HTML5 video tag, which allows you to embed video into HTML pages without the use of Flash or any other non-HTML technology; combined with open video codecs, this could provide the perfect opportunity to further open up and standardize the web. Sadly, not even Mozilla itself really seems to understand what it is supposed to do with the video tag, and actually advocates the use of JavaScript to implement it. Kroc Camen, OSNews editor, is very involved in making/keeping the web open, and has written an open letter to Mozilla in which he urges them not to use JavaScript for HTML video."

BrianWCarver writes "The San Francisco Business Times covers a study by student researchers at UC Berkeley's School of Information pointing up the massive holes in privacy policies and protections of which US companies take advantage. The researchers have released a study and launched a Web site, knowprivacy.org, in which they found that Web bugs from Google and its subsidiaries were placed on 92 of the top 100 Web sites and 88 percent of the approximately 394,000 unique domains examined in the study. This larger data set was provided by the maintainer of the Firefox plugin Ghostery, which shows users which Web bugs are on the sites they visit. The study also found that while the privacy policies of many popular Web sites claim that the sites do not share information with third parties, they do allow third parties to place Web bugs on their sites (which collect this information directly, typically without users' knowledge) and share with corporate 'affiliates.' Bank of America, to take one extreme example, has more than 2,300 affiliates — and users cannot learn their identities. The full report and more findings are available from their Web site."

Barence writes "Mozilla has revealed how it plans to integrate plain text commands directly into future versions of Firefox. Dubbed Taskfox, the move sees Mozilla's Ubiquity project become part of the browser itself, allowing users to type commands directly into the address bar. You can, for example, type 'map cleveland street london' to bring up a Google Map of that location, or 'amazon-search the great gatsby' to find that book on Amazon, without visiting the website directly. 'The basic idea behind Taskfox is simple: take the time-saving ideas behind Ubiquity, and put them into Firefox,' the Taskfox wiki claims. 'That means allowing users to quickly access information and perform tasks that would normally take several steps to complete.'"

Constantine the Less writes "Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks. It includes a fix for one of the flaws exploited during this year's CanSecWest Pwn2Own hacker contest. The update also fixes a separate zero-day flaw disclosed earlier this week on a public exploit site. Both issues are rated 'critical,' Mozilla's highest severity rating."

ink writes "Mozilla has released the third beta for Firefox 3.1 (which may become Firefox 3.5). This beta includes the new location bar, Mozilla's new JavaScript engine Tracemonkey, new HTML5 features and many other enhancements. It looks the same on the surface, but there are many changes under the hood."

ink writes "Mozilla has released the third beta for Firefox 3.1 (which may become Firefox 3.5). This beta includes the new location bar, Mozilla's new JavaScript engine Tracemonkey, new HTML5 features and many other enhancements. It looks the same on the surface, but there are many changes under the hood."

nandemoari writes "Mozilla may be this year's winner in the 'browser battles' as they ready the next beta version of their tour-de-force, Firefox 3.1. Mozilla is resolving eight critical vulnerabilities found in the current version of Firefox — a move sure to garner applause from devoted Firefox users. As this year's crop of new browsers emerges, enhanced features are becoming secondary to one thing: speed. Mozilla is nearly ready to release the next beta version of Firefox 3.1 to the public for testing, and insiders predict that it will outpace even Safari 4, which has been the fastest browser in wide release since its beta began last week." It looks like they also will be upping the next major release to v3.5 to better show the significance of the release.

DeviceGuru writes "The gOS project has released version 3.1 of its Ubuntu-based Google-centric distribution. The release draws its packages from the Ubuntu 8.04 (Hardy Heron) repositories, but adds a bright green theme and a few alterations in default applications, but more importantly adorns its desktop with numerous gadgets based on the Mozilla Prism project along with an animated application-launch icon set based on the wbar project."

StartCom writes "In a previous article I reported about Man-In-The-Middle attacks and spotlighted an example showing that they really happen. MITM attacks just got easier. In the attack described previously, untrusted certificates from an unknown issuer were used. Want to make the attack perfect with no error and a fully trusted certificate? No problem, just head over to one of Comodo's resellers. Screenshots and disclosure provided at the link."

An anonymous reader writes "The Register reports that BT, the UK's dominant telecom and internet service provider, has 'banned all future discussion of Phorm and its "WebWise" targeted advertising product on its customer forums, and deleted all past threads about the controversy dating back to February.' Phorm is a controversial opt-out system for delivering targeted advertising that intercepts traffic passing through an ISP in order to profile subscribers via an assigned unique ID based on their online activities. Subscribers can opt-out at the Webwise website but are opted-in again if the Phorm cookie is cleared. Firefox users can install Melvin Sage's Firephorm add-on to manage their interaction with Phorm and Webwise."

zootropole writes "If you are using Firefox 3 (or even Chrome) you should consider taking a look at Mozilla's Minefield. This browser (alpha version yet, but stable) would give a new meaning to 'fast browsing experience.' Some Firefox extensions aren't supported, but riding the fastest javascript engine on the planet definitely worth a try. Minefield's install won't affect your Firefox, so there's no risk trying it. It's fast. Really. And I'm loving it." Reviews popping up around the web are overwhelmingly positive, calling the upcoming browser crazy fast, blisteringly fast, etc.

An anonymous reader writes "As discussed previously on Slashdot, concern has been raised over a class of 'clickjacking' vulnerabilities which affect all major Web browsers. These exploits allow an attacker to place invisible or seemingly legit objects on a Web page that perform undesired actions when a user clicks on them. In recent developments, 'Guya' posted a scary proof-of-concept that hijacks Adobe Flash Player to spy on users with a webcam and/or microphone. In response, Adobe released an advisory with a temporary workaround, and stated that a future Player update will address the exploit. This prompted the original disclosers of the vulnerabilities to post a summary of the exploits. Additionally, Giorgio Maone, creator of the popular NoScript extension for Firefox and other Gecko-based browsers, released version 1.8.2.1 of NoScript, which adds 'ClearClick,' a feature that intercepts clicks made on invisible or otherwise obscured elements on a page. Although issues remain, there seems to be progress in addressing these security problems."

daria42 writes with news that Mozilla has released the second alpha build for Firefox 3.1, codenamed "Shiretoko." The new build includes "support for the HTML 5 <video> element" and the ability to "drag and drop tabs between browser windows." ComputerWorld is running a related story about benchmarks shown by Mozilla's Brendan Eich which indicate that Firefox 3.1 will run Javascript faster than Chrome.

snydeq writes "Fatal Exception's Neil McAllister questions the wisdom of standardizing on a single language in the wake of the ECMA Committee's decision to abandon ECMAScript 4 in favor of the much less ambitious ECMAScript 3.1, stunting the future of JavaScript. Had the work continued, McAllister argues, it could have ushered in an era of large-scale application development that would ensure the browser's ability to meet our evolving needs in the years ahead. 'The more I hear about the ongoing efforts to revise the leading Web standards, the less convinced I am that we're approaching Web-based applications the right way,' McAllister writes. 'If anything, the more we talk about building large-scale Web applications, the more we should recognize that a single style of programming will never suit every job.' McAllister's simple truth: JavaScript will never be good for everything — especially as the Web continues to evolve beyond its original vision. His solution? 'Rather than shoehorning more and more functionality into the browser itself, maybe it's time we separated the UI from the underlying client-side logic. Let the browser handle the View. Let the Controller exist somewhere else, independent of the presentation layer.'"

TopSpin writes "Brendan Eich, creator of the JavaScript programming language, has announced that ECMA Technical Committee 39 has abandoned the proposed ECMAScript 4.0 language specification in favor of a more limited specification dubbed 'Harmony,' or ECMAScript 3.1. A split has existed among the members of this committee, including Adobe and Microsoft, regarding the future of what most of us know as JavaScript. Adobe had been promulgating their ActionScript 3 language as the next ECMAScript 4.0 proposal. As some point out, the split that has prevented this may be the result of Microsoft's interests. What does the future hold for Mozilla's Tamarin Project, based on Adobe's open source ActionScript virtual machine?"

TopSpin writes "Brendan Eich, creator of the JavaScript programming language, has announced that ECMA Technical Committee 39 has abandoned the proposed ECMAScript 4.0 language specification in favor of a more limited specification dubbed 'Harmony,' or ECMAScript 3.1. A split has existed among the members of this committee, including Adobe and Microsoft, regarding the future of what most of us know as JavaScript. Adobe had been promulgating their ActionScript 3 language as the next ECMAScript 4.0 proposal. As some point out, the split that has prevented this may be the result of Microsoft's interests. What does the future hold for Mozilla's Tamarin Project, based on Adobe's open source ActionScript virtual machine?"

An anonymous reader writes "The recently concluded 2008 Mozilla Summit, held in Whistler, Canada, was impacted by a rock slide that cut off the main highway between Whistler and Vancouver, where most attendees planned to depart via airplane. In true open-source fashion, summit attendees collaborated on a solution, opening a Bugzilla bug (severity: "blocker"), posting crash dumps, and proposing solutions, including chartering a flight (which would land first in TRUNK, then BRANCH). Eventually, attendees settled on a workaround which seems to have been successful. For next year's summit, organizers might want to consider a location with more redundancy."

An anonymous reader writes "The recently concluded 2008 Mozilla Summit, held in Whistler, Canada, was impacted by a rock slide that cut off the main highway between Whistler and Vancouver, where most attendees planned to depart via airplane. In true open-source fashion, summit attendees collaborated on a solution, opening a Bugzilla bug (severity: "blocker"), posting crash dumps, and proposing solutions, including chartering a flight (which would land first in TRUNK, then BRANCH). Eventually, attendees settled on a workaround which seems to have been successful. For next year's summit, organizers might want to consider a location with more redundancy."

An anonymous reader writes "The recently concluded 2008 Mozilla Summit, held in Whistler, Canada, was impacted by a rock slide that cut off the main highway between Whistler and Vancouver, where most attendees planned to depart via airplane. In true open-source fashion, summit attendees collaborated on a solution, opening a Bugzilla bug (severity: "blocker"), posting crash dumps, and proposing solutions, including chartering a flight (which would land first in TRUNK, then BRANCH). Eventually, attendees settled on a workaround which seems to have been successful. For next year's summit, organizers might want to consider a location with more redundancy."

An anonymous reader writes "The recently concluded 2008 Mozilla Summit, held in Whistler, Canada, was impacted by a rock slide that cut off the main highway between Whistler and Vancouver, where most attendees planned to depart via airplane. In true open-source fashion, summit attendees collaborated on a solution, opening a Bugzilla bug (severity: "blocker"), posting crash dumps, and proposing solutions, including chartering a flight (which would land first in TRUNK, then BRANCH). Eventually, attendees settled on a workaround which seems to have been successful. For next year's summit, organizers might want to consider a location with more redundancy."

An anonymous reader writes "Ogg Theora support for the HTML5 <video> tag is in the Firefox 3.1 nightlies. Theora is the only video format allowed on Wikimedia Commons, so Wikimedia people are pushing Wikipedia readers to download a nightly and try it out. Break it, crash it, report bugs, get it into good shape and nullify Apple and Nokia's FUD the best way possible. They may have gotten the words 'Vorbis' and 'Theora' removed from the HTML5 spec, but the market will tell them when their browsers are sucking."

Just as you were getting used to 3.0, those Mozilla guys have announced 3.1's Alpha release. FTA "Built on the pre-release version of the Gecko 1.9.1 platform, Shiretoko includes a variety of new features. Called an 'early developer milestone,' the release includes bug fixes, improved Web standards support, Text API for the Canvas Element, support for border images and JavaScript query selectors, and improvements to the tab-switching function and the Smart Location Bar." You can download it if you dare.

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

An anonymous reader writes "Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz. The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk or to execute arbitrary code. This issue was previously discussed on Slashdot. The release also fixes a remote code execution bug involving the CSS reference counter, reported by the Zero-Day Initiative (previously discussed on Slashdot here), as well as a Mac-only potential code execution bug involving GIF image rendering, reported by Drew Yao of Apple Product Security."

I Don't Believe in Imaginary Property writes "Malware writers have been obfuscating their JavaScript exploit code for a long time now and SANS is reporting that they've come up with some new tricks. While early obfuscations were easy enough to undo by changing eval() to alert(), they soon shifted to clever use of arguments.callee() in a simple cipher to block it. Worse, now they're using document.referrer, document.location, and location.href to make site-specific versions, too. But SANS managed to stop all that with an 8-line patch to SpiderMonkey that prints out any arguments to eval() before executing them. It seems that malware writers still haven't internalized the lesson of DRM — if my computer can access something in plaintext, I can too."

An anonymous reader writes "Is this a glimpse at the future of the Semantic Web? A new startup named Pluribo has developed a technology that can auto-summarize user reviews on the internet. It is a Firefox extension that can take a webpage filled with reviews and condense it down into a couple of sentences. Currently, it just works with Amazon electronics, but the potential seems incredible. Ars Technica took an in-depth look."

An anonymous reader notes that Hotmail's full version doesn't work with Firefox 3. Users get the following message when they try to log in: You are temporarily on the classic version of Windows Live Hotmail due to an error encountered during login. Before trying again, please clear your cache and cookies. (Clearing cache and cookies doesn't fix it.) At least 8 other bug reports have been duped to this one. The fault apparently lies with the Hotmail site, not Mozilla — maintainer Dave Garrett assigned the bug to Tech Evangelism, explaining: "I'll... move this over to TE, as my guess is this [is] the site's fault (just bad user agent sniffing?)."