firefox

45 Articles

IBM Sees Influx In Zero-day Exploits

August 26, 2008 by 7 Comments


IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Best Firefox 3 Extensions

August 23, 2008 by 43 Comments


We generally try to limit the number of extensions we install for security, performance, and because we use a lot of different systems. That’s not to say there aren’t a lot of interesting addons out there and Mozilla has recently announced the winners of their Extend Firefox 3 Contest. Lifehacker has a full rundown of each of the winners. Nothing really stands out in our eyes (although we might try Last.fm’s toolbar).

The three extensions we always end up installing are Firebug, Greasemonkey, and Flashblock. What are yours?

Black Hat 2008: What’s Next For Firefox Security

August 8, 2008 by 23 Comments

Mozilla security chief [Window Snyder] made some surprising announcements about Firefox Next, Mozilla’s next major browser overhaul. In her chat at the Black Hat security conference, she introduced three new initiatives that focused on threat modeling, training, and vulnerability metrics. For the threat modeling initiative, she’s hired Matasano Security consultants to review Firefox’s code for weaknesses and recommend mitigation tactics to protect the browser from hacker attacks. This isn’t inherently unusual; what is abnormal is that the information, once the work is done, will be revealed to the public. The training initiative will have IOActive trainers working with Mozilla engineers on secure computer programming practices. At the end, according to [Snyder], online versions of the classes will be released to the public, along with the class materials. The last initiative revolves around security metrics, and is already in progress. Essentially, the project will ideally take the focus off of patch-counting and provide a better assessment of security and vulnerability issues. [Snyder] says “We’re in the early phase, working on incorporating feedback from the rest of the industry.” She also reveals some more Firefox developments, including possibly incorporating NoScript into the core browser and implementing protected mode, but they’re still a long way from becoming standard features.

Firefox 3 Vulnerability

June 18, 2008 by 1 Comment


TippingPoint’s Zero Day Initiative reported a critical vulnerability affecting Firefox 3.0 yesterday. It includes the 2.0 versions as well. It’s unreleased and Mozilla is working on a fix already. Whatever the exploit is, it does require the user to visit a malicious site or click a link to executed. It came in 5 hours after the FF3 release, but since it affects previous versions, we wonder if the researcher was just sitting on it to be first. The Zero Day Initiative pays researchers for the exploits they submit.

Hacking Firefox Menus

June 17, 2008 by 8 Comments


[Nick] sent in his quick hack for getting rid of extra menu options in Firefox 3, like the ever useless ‘Work Offline’ option. (OK, maybe modem lovers like it…) If you’re tired of seeing cluttered menu choices that you never use, [Nick]’s simple trick of editing the XML formatted XUL files in Firefox to clean things up. There’s some risk involved, but it’s nothing that a quick re-install can’t repair. The writeup includes a basic introduction to the XML tags, so you can probably do it. You can use a text editor right? (Just don’t forget to have the installer or a backup copy handy before you start playing around.)

Mozilla’s First Public Release

June 17, 2008 by 1 Comment

[youtube=http://www.youtube.com/watch?v=mZTJbsUcdeU&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999]
In honor of Firefox 3.0 download day, Waxy.org has posted the full Code Rush documentary. It spans March ’98 to April ’99, as the Mozilla team publishes the first source code and then the eventual AOL acquisition of Netscape. Embedded above is a short clip of [Jamie Zawinski] pushing the code live at 10AM on March 31, 1998. The hour documentary is well worth watching.

If you’re unsure about moving from FF2 to 3, MultiFireFox still works perfectly fine with the new release.

Get Firefox 3 Early

June 17, 2008 by 14 Comments


It’s five hours till the official release of Firefox 3. We know your hands are sweating in anticipation, waiting to click that download link and contribute to the greatest World Record known to man… What? You don’t want your browser to have all the notoriety afforded to fat twins? Well then, let’s just go grab the file now since they’re already on the mirrors.

First, pick out a mirror from the official list. Navigate to the the directory of the Firefox 3.0 release: /pub/mozilla.org/firefox/releases/3.0/ You’ll be greeted by a message that says, “We’re not quite ready yet!” and that “Downloading them directly can harm our ability to distribute Firefox efficiently.” Also, you won’t be in the world record count. Think about that, jerk. All releases are named using a consistent pattern. Looking at an earlier release you can determine that the Mac version of 3.0 will be named: Firefox 3.0.dmg Add on the OS and language directories and it will look like this: /pub/mozilla.org/firefox/releases/3.0/mac/en-US/Firefox%203.0.dmg

You can find out more about the new release by reading Dria’s Field Guide to Firefox 3.