Mozilla

Mozilla releases patches for Firefox

Paul Mah — Fri, 18 Jul 2008 10:03:23 -0400

Mozilla has released patches for both versions 2.0 and 3.0 of the Firefox web browser. The updates patch two security vulnerabilities that have been rated as "critical" by Mozilla, including a variant of a vulnerability that could be exploited to do what has been termed as a "carpet bombing" attack. The second patch fixes the way Firefox handles references to CSS objects, which can be exploited to force a crash that can lead to malicious code being executed. A third patch resolves a security hole that applies only to Firefox 3.0 running on the Mac OS X, which was discovered by a security engineer at Apple.

Mozilla took the opportunity to issue a reminder that Firefox 2.0 will only be supported with security updates until mid-December. Users are encouraged to upgrade to Firefox 3.0.

For more on the new Firefox patches:
- check out this ComputerWorld article

Mozilla: Apple's Safari "borders on malware"

Mehan Jayasuriya — Tue, 25 Mar 2008 12:32:49 -0400

Last week, Apple made a slight change in its Software Update applet: The application started pushing a download of version 3.1 Apple's Safari web browser to PC users who haven't installed the browser on their machine. While most of us power users can probably handle unchecking that check box, concerns mounted that some PC users could be duped into unwittingly installing the browser. While reactions to the move varied, Mozilla CEO John Lilly emerged as one of the more incensed voices in the crowd. "Apple has made it incredibly easy—the default, even—for users to install ride along software that they didn't ask for, and maybe didn't want. This is wrong, and borders on malware distribution practices," Lilly wrote in a blog post. "It's wrong because it undermines the trust that we're all trying to build with users. Because it means that an update isn't just an update, but is maybe something more. Because it ultimately undermines the safety of users on the Web by eroding that relationship. It's a bad practice and should stop." What do you think--is this simply a sneaky maneuver or something more sinister? Let us know what you think in the comments.

For more on the controversy:
- see this post on John Lilly's blog

SPOTLIGHT: Firefox 3 beats IE7 and Opera in memory tests?

Tue, 18 Mar 2008 07:59:52 -0400

Firefox has never exactly been known for being light in terms of its memory footprint (ever waited for the browser to start up in OS X?) but if word from Mozilla offers any indication, that could change. Mozilla engineers claim that work to reduce memory leaks and the RAM profile of Firefox 3 have resulted in a lean-mean browsing machine that uses less memory than either IE7 or Opera 9.5 beta. I'll believe it when I see it. Article

Firefox 3.0 beta 4 released

Tue, 11 Mar 2008 07:59:58 -0400

Beta 4 of Firefox 3.0 was released just yesterday. According to Mozilla, this latest iteration sports more than 900 enhancements over the previous beta, and is a direct result of community feedback. The new beta includes drastic improvements to performance, stability and memory usage--the latter especially over long browsing sessions. Other notable mentions include a new download manager to make locating downloads easier, the inclusion of a full page zoom, improvements to JavaScript and offline data storage for web applications. In addition, continuing look and feel improvements have been added in terms of platform-specific icons, buttons and other user interface elements on the various platforms such as Windows Vista, Mac OS X and Linux.

For more on Firefox 3.0 beta 4:
- check out the Mozilla blog

ALSO NOTED: First look: Vista SP1; Mozilla patches Firefox vulnerability;

Fri, 08 Feb 2008 06:59:50 -0500

> Mozilla patches Firefox vulnerability. Article
> NEC launches official Vista downgrade product. Article
> Open-source OS kernels created using .NET. Article
> Amid threats, U.S. federal government seeks 10% increase in IT spend. Article
> First look: Vista SP1. Article

And Finally... Microsoft responds to "Save XP" petition. Article

Mozilla CEO Mitchell Baker stepping down

Tue, 08 Jan 2008 06:59:53 -0500

Mitchell Baker, CEO of the Mozilla Corporation (aka "MoCo") and one of the tech industry's most prominent female CEOs, has announced plans to step down from her position. Taking her place will be current Mozilla COO John Lilly, who has worked closely with Baker during his tenure at the company. Baker plans to stay on as Mozilla's chairwoman and will continue to work toward openness on the Internet. "John Lilly is the right person to guide the product and organizational maturity of MoCo," Baker wrote in a blog post. "Once I allowed myself to think about this I realized that John will be a better CEO for the MoCo going forward than I would be. I'm sure that I was the right person for this role during the first years of MoCo; I'm equally sure that John is the best person for this role in the future."

For more on the announcement:
- see this Ars Technica article

IE more secure than Firefox?

Mon, 03 Dec 2007 06:59:59 -0500

Well, that's certainly not a headline that you see every day. According to a report authored by Jeffrey Jones, a researcher and the Security Strategy Director at--where else?--Microsoft's Trustworthy Computing group, Internet Explorer is a more secure browser than Mozilla's Firefox. As the grounds for his report, he compared the security track records of Firefox 1.5 and IE6 as well as Firefox 2.0 and IE7. For his purposes, he breaks down vulnerabilities into three distinct levels of severity: high, medium and low. The most telling statistic is as follows: "Since November 2004, Microsoft has fixed 87 total vulnerabilities in Internet Explorer 6 and 7, while Mozilla has issued 199 fixes to Firefox 1, 1.5, and 2.0."

Of course, a Microsoft study of a Microsoft product is not going to go uncontested and to that end, Mozilla responded to the report in a recent blog post. "We count every defect distinctly," Mozilla chief evangelist Mike Shaver wrote. "We count the ones that Mozilla developers find in-house. We count the things we do to mitigate defects in other pieces of software, including Windows itself and other third-party plugins. We count memory behavior that we think might be exploitable, even if no exploit has ever been demonstrated and the issue in question was found in-house. We open our bugs up after we've shipped fixes, so that people don't have to take our word for our severity ratings." What's more, he suggests that Microsoft spend more time addressing vulnerabilities instead of "hoping that defects aren't found by someone who they can't keep quiet." Oooh, burn!

At any rate, what's clear here is that you can probably prove that anything is secure, provided that you choose the right parameters by which security is measured. As Ars Technica aptly points out, this study in particular "neatly coincides with the release of IE 6 for Windows XP SP2," which, as you may already know, "was the culmination of a massive two-year refocusing on security by Microsoft that mandated security training for every developer in the company." Ultimately, it's difficult to take the results of this report too seriously though it does raise an interesting question--which browser really is more secure? Hit us up in the comments with your thoughts.

For more on the report:
- see this Ars Technica article

Firefox fixes a few bugs

Wed, 28 Nov 2007 06:59:57 -0500

While the more forward-looking among us might already be knee-deep in the Firefox 3.0 beta, those of us who live in the here-and-now are still supporting good ole Firefox 2.0. Actually, make that good ole Firefox 2.0.0.10. Mozilla released a minor update to the popular browser yesterday that fixes a few vulnerabilities, among them a window.location scripting property flaw that could lead to a cross-site scripting attack and a couple of memory corruption bugs. If you haven't already updated, head on over to Mozilla's website for the download.

For more on the update:
- see this Ars Technica article

Firefox 3.0 beta released

Tue, 20 Nov 2007 06:59:57 -0500

Firefox 3.0 keeps chugging along and while it remains unclear whether or not Mozilla will meet its release target for the browser (by the end of the year), things look to be back on track after the browser hit that performance speedbump in July. As Ars Technica notes, the beta is far more usable than the previous alpha releases (though it's still not intended for a mainstream audience), due in part to Mozilla's high standards. "Mozilla's quality standards for betas dictate that the software must have all planned features fully implemented, must be stable and usable enough for daily browsing for a large number of people, and should display the vast majority of sites without serious regressions relative to the prior version." New features include an all-new HTML rendering engine, the "Places" framework for bookmarks and browsing history, a redesigned file downloading applet and a number of architectural and scripting improvements. "Unlike Firefox 2, which was a bit light on new features, Firefox 3 is practically overflowing with shiny new goodies," Ars says.

For more on Firefox 3.0 beta 1:
- see this article from Ars Technica

Run the Nokia N810 firmware on the N800

Wed, 14 Nov 2007 06:59:53 -0500

Were you one of the loyal Nokia early-adopters who ran out and bought an N800 unit, only to be burned by the announcement of the far sleeker N810 a few months later? Well, fear not, my Internet tablet-loving friend. While there's little that can be done to add a QWERTY keypad onto your N800, you can install the far more exciting N810 firmware on your N800 with just a little bit of hacking. Before you scoff, however, let us entice you with a few details on the N810 firmware: it will boost your N800's processor to 400Mhz, revises your browser to use a faster Mozilla-based core, and includes support for Skype video chat. If that was enough to whet your appetite, be sure to click through for the full deets on how to install the still officially unreleased firmware.

For more on the upgrade:
- check out this Cnet blog entry