Information freedom for open source users.

Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.

One of yesterday’s patches addressed a problem found in scores of Windows applications, making Firefox one of the first browsers to be patched against the DLL load hijacking bug that went public three weeks ago.

An anonymous reader writes “We always knew that WebKit is going to make Konqueror fast; but how much faster? Today we test that by putting Konqueror with KHTML through the SunSpider JavaScript Test and the then do the same with WebKit. To get an idea of how fast they are compared to other browsers, we also decided to put Firefox 4.0 Beta 2 through the tests.”

Read more of this story at Slashdot.

CWmike writes “Taking a page from rival Google’s playbook, Mozilla plans to introduce silent, behind-the-scenes security updating to Firefox 4. The feature, which has gotten little attention from Mozilla, is currently ‘on track’ for Firefox 4, slated to ship before the end of the year. Firefox 4′s silent update will only be offered on Windows, Mozilla has said. Most updates will be downloaded and installed automatically without asking the user or requiring a confirmation. ‘We’ll only be using the major update dialog box for changes like [version] 4 to 4.5 or 5,” said Alex Faaborg, a principal designer on Firefox, in the ‘mozilla.dev.apps.firefox’ forum. ‘Unfortunately users will still see the updating progress bar on load, but this is an implementation issue as opposed to a [user interface] one; ideally the update could be applied in the background.’ Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update.”

Read more of this story at Slashdot.

Both Mozilla and the Google are raising their rewards for submitted critical vulnerabilities in respective browsers. Mozilla is now paying $3,000 for Firefox bugs and the Google Chromium team is paying $3133.70 (“elite” in hacker leet-speak) for bugs in Chrome, compared to the initial $1,337 reward from six months ago.

For the second time in two months, Mozilla has rushed out a fix for Firefox to patch a problem with a browser update issued just days before.

Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called “a stability problem that affected some pages with embedded plug-ins.”

Mozilla, the organization behind the Firefox Web browser, has upped the amount it will pay security researchers for information on security bugs in its products from $500 to $3,000.

The change is part of what Mozilla calls a refresh of its Security Bug Bounty Program, which launched in 2004.

An anonymous reader writes “Mozilla has reached an important milestone as its new JavaScript engine, ‘JaegerMonkey,’ is now faster than the current ‘TraceMonkey’ in a key benchmark. Mozilla wants JaegerMonkey to be faster than the competition and launch on September 1, which means that JaegerMonkey will make it into Firefox 4.0.”

Read more of this story at Slashdot.

An anonymous reader writes “Firefox Mobile 1.1 has been released for Maemo devices such as the Nokia N900. Madhava Enros has put together a field guide for Firefox Mobile 1.1 which highlights what’s new and notable in this release.”

Read more of this story at Slashdot.

In the early hours of June 18 the Electronic Frontier Foundation and the Tor Project released a beta of a Firefox extension dubbed “HTTPS Everywhere” with the intention of providing encryption of user data when visiting certain sites. According to the official announcement, “HTTPS Everywhere” will provide SSL encryption to sites like Google Search, Wikipedia, Twitter and Identi.ca, and Facebook. more>>

Mozilla on Tuesday patched nine vulnerabilities, six of them critical, in Firefox 3.6 and Firefox 3.5.

But rather than highlighting the security fixes in Firefox 3.6.4, the company instead emphasized the addition of crash protection, a move meant to keep the browser alive when popular plug-ins drop dead.

DragonHawk writes “Mozilla Firefox 3.6.4 went to general release today. The big new feature in this release is out-of-process plugins (OOPP). This means things like Flash, Java, QuickTime, etc., all run in separate processes, so when Flash decides to crash, it won’t take your browser out with it. If Flash starts consuming all the CPU it can find, you can kill it without nuking your browser session. I’ve been using this feature since it was in the ‘nightly build’ stage, and it was still more stable than 3.6.3, just because Flash was isolated.” And reader Trailrunner7 supplies another compelling reason to download 3.6.4: “Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser’s address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they’re visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers.”

Read more of this story at Slashdot.

The latest wares of three popular browsing applications were released this week reflecting a changing Internet. Open formats are taking center stage at Mozilla, Opera, and Flock as lock-in (or freeze-out), security concerns, and performance issues fuel the drive toward the VP8 video format. more>>

yanyan writes “I’m fairly new to the field of web application development. Currently I’m working on a big online ticketing system for passage and freight for a local shipping company. It’s a one-man show and the system is written in Ruby and uses Rails. Aside from the requisite functionality of creating bookings the system must also print reports and tickets, and this is where I’ve discovered (the hard way) that most, if not all, browsers fall short. I’ve had to switch from Firefox 3.6.3 to Opera 10.53 because of a major printing bug in Firefox, but the latest stable Opera is also giving me its own share of problems. To complicate things, an earlier version of Opera (10.10) doesn’t appear to have 10.53′s printing problems, but I’m wary. What browsers and specific versions do you end up deploying for use with big, complex web apps that include printing? Also consider CSS accuracy and consistency.”

Read more of this story at Slashdot.

rtfa-troll writes “Beef Taco is a Firefox extension that allows a mass opt-out from tracking and targeted advertising by many ad networks. The Register reports that the original system, TACO, has become proprietary, and has added new ‘features’ best described as bloatware. I guess this should serve as a warning for users to always prefer software under a copyleft license where possible. If Google had chosen a license with better protection, such as the GPL, when it released its own opt-out tool, this problem would have been much less likely. This also shows why forks are so important when software development begins to get messy.”

Read more of this story at Slashdot.

climenole writes “HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.”

Read more of this story at Slashdot.

Andreas(R) writes “Microsoft has published a set of HTML5 tests comparing Internet Explorer 9 to other web browsers. In Microsoft’s own tests, IE9 performs 100% on all tests. However, the Internet Explorer 9 HTML5 Canvas Campaign has published results that show that Internet Explorer gets 0% on all their tests.” The results reported here are selected with tongue in cheek: “Therefore, we’ll also present shameless results from tests which have been carefully selected to give the results that the PR department has demanded.”

Read more of this story at Slashdot.

An anonymous reader writes “Web browser history detection with the CSS:visited trick has been known for the last ten years, but recently published research suggests that the problem is bigger than previously thought. A study of 243,068 users found that 76% of them were vulnerable to history detection by malicious websites. Newer browsers such as Safari and Chrome were even more affected, with 82% and 94% of users vulnerable. An average of 63 visited locations were detected per user, and for the top 10% of users the tests found over 150 visited sites. The website has a summary of the findings; the full paper (PDF) is available as well.”

Read more of this story at Slashdot.

sopssa writes “Firefox’s co-founder Blake Ross is skeptical about the future of Firefox. He says that ‘the Mozilla Organization has gradually reverted back to its old ways of being too timid, passive, and consensus-driven to release breakthrough products quickly.’ Within the past year Chrome has been steadily increasing its market share, along with the other WebKit-based browsers like Safari. Meanwhile Mozilla’s (outgoing) CEO says that while Firefox is more competitive than ever, they’re looking forward to their mobile version of Firefox. ‘Clearly, both are annoyed at what has happened to their former renegade web browser. But, by many accounts, Firefox is no longer considered to be the light, open alternative it once was.’”

Read more of this story at Slashdot.

Elledan writes “Only two countries in the world have software patents which make it impossible to freely use video codecs such as AVC (H.264). This has led to projects such as Firefox not including AVC support with the HTML 5 video tag in all their releases, resulting in the rest of the world having to suffer indirectly the effects of software patents as well. To rectify this situation at least somewhat, I have created the Wild Fox project, which aims to release Firefox builds with the features previously excluded due to software patents. This software will be available to those in non-software patent encumbered countries. Any developers who wish to join the project are more than welcome.”

Read more of this story at Slashdot.

Barence writes “Mozilla has given a breakdown of its plans for Firefox 4. Perhaps the most striking change to Firefox 4 is the user interface, which takes a great deal of inspiration from Google Chrome. ‘Something UI designers have known for a long time is that the simpler an interface looks, the faster it will seem,’ said director of Firefox Mike Beltzner during the presentation. Also mooted was the ability to give applications such as Gmail and Twitter their own permanent tabs for easy access, and the introduction of a ‘switch to tab’ button, allowing power users running hundreds of tabs to quickly find the one they want. Beltzner said Mozilla was also looking at replicating Chrome’s tactic of silently updating the browser in the background, removing the annoying wait when Firefox first loads up.”

Read more of this story at Slashdot.