Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Tighter security coming in Firefox 4

31 Jul 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Tighter security coming in Firefox 4

Quote:

A new JavaScript engine, HTML5, tabs on top, and a new add-on framework are not the only improvements that users can expect in Firefox 4. At Black Hat on Wednesday, a trio of security representatives from Mozilla detailed how the company plans to push the browser to be more secure for users while nudging developers towards safer coding practices.


Mozilla Security Program Manager Brandon Sterne demonstrated on Wednesday how this ostensibly dull code, which is part of Firefox 4's new Content Security Policy, will make the next-generation browser safer.
(Credit: Mozilla)

One of the biggest fixes that's been implemented in the Firefox 4 beta (Windows | Mac | Linux) repairs a hole that affects all browsers, a decade-old vulnerability that was mentioned in the documentation for CSS2. The exploit is a CSS sniffing history attack, where malicious code can gain access to your browser history by manipulating link appearance and style. What made the bug so difficult to repair is that the simplest solution, to prevented all link style manipulation, would be like throwing the baby out with the bathwater said Firefox's director of development, Jonathan Nightingale. Changing an already-visited link's colors is one the most-used features of the Web, and it would be catastrophic to prevent that.

Mozilla's David Baron figured out how to solve the problem with a three-pronged approach that focuses on the user instead of the Web site. His solution limits what aspect of links can be tweaked to color, then "lies" through JavaScript so that although the page queries the link and reports back what it would look like if it was unvisited, the one that Mozilla's engine draws is the correct one, whether it's been visited or not. This solution also limits the amount of computation that the rendering engine needs to do, said Nightingale, which allows the focus to remain on the content and reduces the overall "heavy lifting" required to render it properly. "By limiting the link, there's fewer options for [link exploits that look like] dancing bananas."

More -
Tighter security coming in Firefox 4 | The Download Blog - Download.com


My System SpecsSystem Spec
.
Reply

 Tighter security coming in Firefox 4




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Firefox 4.0 Beta 2 Coming Soon
More - Firefox 4.0 Beta 2 Coming Soon - Possibly, as early as next week - Softpedia
Browsers & Mail
Firefox 3.6 Final Coming Right Up
While the development of the next iteration of Firefox hasnít really dragged for too long, with the previous version released in mid-2009, fact is that the initial availability deadline was missed by a couple of months. Still, the wait is nearly over, and the final development milestone of Firefox...
Browsers & Mail
Firefox 3.6 Final coming on Thursday
In case some people aren't keeping track of the thread in News. Firefox 3.6 is coming soon!
Browsers & Mail
Firefox 3.6 - Coming soon.
For all the Firefox fans looks like a Merry Christmas!:) Lookie, Lookie For you Brave Souls, get the last beta here...
Browsers & Mail
Firefox 3.6 Beta 5 Coming Right Up.
WARNING Beta programs are programs that have been tested but will still have bugs, do not use if you do not feel comfortable running into minor/major bugs.http://www.sevenforums.com/images/warn.png Source - Firefox 3.6 Beta 5 Coming Right Up - A preview release is already up for grabs -...
Browsers & Mail
Firefox 'firedrill' critical fix coming next week
Attack code targets browser vulnerability Robert McMillan Online attack code has been released targeting a critical, unpatched flaw in Mozilla's Firefox browser. The attack code, written by security researcher Guido Landi, was published on several security sites on Wednesday, sending...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:43.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App