Ubiquity, A Browser Command Line

During the last day the web has been abuzz about Mozilla Labs’ Ubiquity. It’s an addon for Firefox that can help you streamline how you get things done on the web. In the example above, they show constructing an email with a map and reviews using mostly keyboard driven input. The addon is quick to install and we think you’ll find it saving you a lot of time on tasks you’d normally hit the search box for. In the popup, you can do quick Wikipedia lookups, define words, translate, perform calculations, and many other operations. You can email a page to someone by just typing three words. The best part is: anyone can write a command that will expand Ubiquity’s function. Greasemonkey helped fix broken websites and we think Ubiquity will help make interactions between sites much easier. We can’t wait to see what clever uses people come up with.

IBM Sees Influx In Zero-day Exploits


IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Best Firefox 3 Extensions


We generally try to limit the number of extensions we install for security, performance, and because we use a lot of different systems. That’s not to say there aren’t a lot of interesting addons out there and Mozilla has recently announced the winners of their Extend Firefox 3 Contest. Lifehacker has a full rundown of each of the winners. Nothing really stands out in our eyes (although we might try Last.fm’s toolbar).

The three extensions we always end up installing are Firebug, Greasemonkey, and Flashblock. What are yours?

Black Hat 2008: What’s Next For Firefox Security

Mozilla security chief [Window Snyder] made some surprising announcements about Firefox Next, Mozilla’s next major browser overhaul. In her chat at the Black Hat security conference, she introduced three new initiatives that focused on threat modeling, training, and vulnerability metrics. For the threat modeling initiative, she’s hired Matasano Security consultants to review Firefox’s code for weaknesses and recommend mitigation tactics to protect the browser from hacker attacks. This isn’t inherently unusual; what is abnormal is that the information, once the work is done, will be revealed to the public. The training initiative will have IOActive trainers working with Mozilla engineers on secure computer programming practices. At the end, according to [Snyder], online versions of the classes will be released to the public, along with the class materials. The last initiative revolves around security metrics, and is already in progress. Essentially, the project will ideally take the focus off of patch-counting and provide a better assessment of security and vulnerability issues. [Snyder] says “We’re in the early phase, working on incorporating feedback from the rest of the industry.” She also reveals some more Firefox developments, including possibly incorporating NoScript into the core browser and implementing protected mode, but they’re still a long way from becoming standard features.

Firefox 3 Vulnerability


TippingPoint’s Zero Day Initiative reported a critical vulnerability affecting Firefox 3.0 yesterday. It includes the 2.0 versions as well. It’s unreleased and Mozilla is working on a fix already. Whatever the exploit is, it does require the user to visit a malicious site or click a link to executed. It came in 5 hours after the FF3 release, but since it affects previous versions, we wonder if the researcher was just sitting on it to be first. The Zero Day Initiative pays researchers for the exploits they submit.

Hacking Firefox Menus


[Nick] sent in his quick hack for getting rid of extra menu options in Firefox 3, like the ever useless ‘Work Offline’ option. (OK, maybe modem lovers like it…) If you’re tired of seeing cluttered menu choices that you never use, [Nick]’s simple trick of editing the XML formatted XUL files in Firefox to clean things up. There’s some risk involved, but it’s nothing that a quick re-install can’t repair. The writeup includes a basic introduction to the XML tags, so you can probably do it. You can use a text editor right? (Just don’t forget to have the installer or a backup copy handy before you start playing around.)

Mozilla’s First Public Release


In honor of Firefox 3.0 download day, Waxy.org has posted the full Code Rush documentary. It spans March ’98 to April ’99, as the Mozilla team publishes the first source code and then the eventual AOL acquisition of Netscape. Embedded above is a short clip of [Jamie Zawinski] pushing the code live at 10AM on March 31, 1998. The hour documentary is well worth watching.

If you’re unsure about moving from FF2 to 3, MultiFireFox still works perfectly fine with the new release.