Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Tighter security coming in Firefox 4

31 Jul 2010   #1

Win 7 Ultimate 64-bit. SP1.
Tighter security coming in Firefox 4


A new JavaScript engine, HTML5, tabs on top, and a new add-on framework are not the only improvements that users can expect in Firefox 4. At Black Hat on Wednesday, a trio of security representatives from Mozilla detailed how the company plans to push the browser to be more secure for users while nudging developers towards safer coding practices.

Mozilla Security Program Manager Brandon Sterne demonstrated on Wednesday how this ostensibly dull code, which is part of Firefox 4's new Content Security Policy, will make the next-generation browser safer.
(Credit: Mozilla)

One of the biggest fixes that's been implemented in the Firefox 4 beta (Windows | Mac | Linux) repairs a hole that affects all browsers, a decade-old vulnerability that was mentioned in the documentation for CSS2. The exploit is a CSS sniffing history attack, where malicious code can gain access to your browser history by manipulating link appearance and style. What made the bug so difficult to repair is that the simplest solution, to prevented all link style manipulation, would be like throwing the baby out with the bathwater said Firefox's director of development, Jonathan Nightingale. Changing an already-visited link's colors is one the most-used features of the Web, and it would be catastrophic to prevent that.

Mozilla's David Baron figured out how to solve the problem with a three-pronged approach that focuses on the user instead of the Web site. His solution limits what aspect of links can be tweaked to color, then "lies" through JavaScript so that although the page queries the link and reports back what it would look like if it was unvisited, the one that Mozilla's engine draws is the correct one, whether it's been visited or not. This solution also limits the amount of computation that the rendering engine needs to do, said Nightingale, which allows the focus to remain on the content and reduces the overall "heavy lifting" required to render it properly. "By limiting the link, there's fewer options for [link exploits that look like] dancing bananas."

More -
Tighter security coming in Firefox 4 | The Download Blog -

My System SpecsSystem Spec


 Tighter security coming in Firefox 4

Thread Tools

Similar help and support threads for2: Tighter security coming in Firefox 4
Thread Forum
Firefox 4.0 Beta 2 Coming Soon Browsers & Mail
Firefox 3.6 Final Coming Right Up Browsers & Mail
Firefox 3.6 Final coming on Thursday Browsers & Mail
Firefox 3.6 - Coming soon. Browsers & Mail
Firefox 3.6 Beta 5 Coming Right Up. Browsers & Mail
Multi-processor support coming for Firefox News
Firefox 'firedrill' critical fix coming next week News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:18 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33