Tighter security coming in Firefox 4

    Tighter security coming in Firefox 4


    Posted: 31 Jul 2010

    A new JavaScript engine, HTML5, tabs on top, and a new add-on framework are not the only improvements that users can expect in Firefox 4. At Black Hat on Wednesday, a trio of security representatives from Mozilla detailed how the company plans to push the browser to be more secure for users while nudging developers towards safer coding practices.


    Mozilla Security Program Manager Brandon Sterne demonstrated on Wednesday how this ostensibly dull code, which is part of Firefox 4's new Content Security Policy, will make the next-generation browser safer.
    (Credit: Mozilla)

    One of the biggest fixes that's been implemented in the Firefox 4 beta (Windows | Mac | Linux) repairs a hole that affects all browsers, a decade-old vulnerability that was mentioned in the documentation for CSS2. The exploit is a CSS sniffing history attack, where malicious code can gain access to your browser history by manipulating link appearance and style. What made the bug so difficult to repair is that the simplest solution, to prevented all link style manipulation, would be like throwing the baby out with the bathwater said Firefox's director of development, Jonathan Nightingale. Changing an already-visited link's colors is one the most-used features of the Web, and it would be catastrophic to prevent that.

    Mozilla's David Baron figured out how to solve the problem with a three-pronged approach that focuses on the user instead of the Web site. His solution limits what aspect of links can be tweaked to color, then "lies" through JavaScript so that although the page queries the link and reports back what it would look like if it was unvisited, the one that Mozilla's engine draws is the correct one, whether it's been visited or not. This solution also limits the amount of computation that the rendering engine needs to do, said Nightingale, which allows the focus to remain on the content and reduces the overall "heavy lifting" required to render it properly. "By limiting the link, there's fewer options for [link exploits that look like] dancing bananas."

    More -
    Tighter security coming in Firefox 4 | The Download Blog - Download.com
    Posted By: JMH
    31 Jul 2010



 

  Related Discussions
More - Firefox 4.0 Beta 2 Coming Soon - Possibly, as early as next week - Softpedia
While the development of the next iteration of Firefox hasn’t really dragged for too long, with the previous version released in mid-2009, fact is that the initial availability deadline was missed by a couple of months. Still, the wait is nearly over, and the final development milestone of Firefox...
In case some people aren't keeping track of the thread in News. Firefox 3.6 is coming soon!
Firefox 3.6 - Coming soon.
in Browsers & Mail

For all the Firefox fans looks like a Merry Christmas!:) Lookie, Lookie For you Brave Souls, get the last beta here...
WARNING Beta programs are programs that have been tested but will still have bugs, do not use if you do not feel comfortable running into minor/major bugs.https://www.sevenforums.com/images/warn.png Source - Firefox 3.6 Beta 5 Coming Right Up - A preview release is already up for grabs -...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:49.
Find Us