Lots and lots of computer security related news recently, the IE and Firefox brouhaha concerning a high security risk with how IE handles a “firefoxurl://” URI (uniform resource identifier), Haute Secure blocks malware, Microsoft security bulletins and Facebook pimping da crudware baby.
Firefox and IE together brew up security trouble News.com article about the Firefox and IE combo flaw that could allow someone to compromise their machine remotely.
Site Advisor 2.0: Haute Secure Launches To Detect and Block Malware Little review of Haute Secure from Michael Arrington, he says, “Haute Secure launched moments ago: it?s a new browser plug-in that the company says will detect and block malware before it has a chance to infect your computer. The timing couldn?t be better as news spreads of more Windows-based vulnerabilities.”
Haute Secure They block bad sites and then let you decide if you want to allow it or not. Sounds like the UAC feature of Windows Vista, but I haven’t tried it yet myself.
Microsoft Security Bulletin MS07-036 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) This critical security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities as well as other security issues identified. These vulnerabilities could allow remote code execution on your computer if a user opens a specially created Excel file. Users whose accounts are not configured to run as Administrator will be less impacted than those who do. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
Microsoft Security Bulletin MS07-039 – Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) This critical security patch resolves a vulnerability in Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition, and remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software. Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it’s a bargain.
Categories: Firefox, IE7, Security Tags: Facebook, Firefox, Haute Secure, Microsoft Excel, Microsoft Office, Microsoft Office 2003, Microsoft Security Bulletin, Office XP, Remote Code Execution, Windows Vista
Firefox version 126.96.36.199 was released today, download available here.
Fixed in Firefox 188.8.131.52
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:184.108.40.206/220.127.116.11) Source: Fixes
Windows & Windows Vista
Clicking links in some applications (e.g. some instant messaging programs) might not open them in Firefox, even if you have set it as your default browser. To workaround this problem, go to Start -> Default Programs -> Set default programs for this computer, expand custom, select the radio button next to the app you want to set as the system wide default app (e.g. Firefox, etc.), and apply.
Using the context menu (right-clicking on the Firefox icon) to start in Safe Mode, doesn’t work. As a workaround, use the “Mozilla Firefox (Safe Mode)” menu item that appears in the Start Menu instead.
A Windows Media Player (WMP) plugin is not provided with Windows Vista. As a workaround, in order to view Windows Media content, you can follow these instructions. Note that after installing you may have to get a security update and apply it before you can see the content in the browser.
Vista Parental Controls are not completely honored. In particular, file downloads do not honor Vista’s parental control settings. This will be addressed in an upcoming Firefox release.
When migrating from Internet Explorer 7 to Firefox, cookies and saved form history are not imported. Source: Firefox Release Notes
Here is the current activity listed by US-CERT after the break.
For all of you still running Firefox 1.5, they have released a security and stability update, version 18.104.22.168, that you should update to. Buy why not just go ahead and get Firefox 2.0?
As part of Mozilla Corporation?s ongoing stability and security update process, Firefox 22.214.171.124 is now available for Windows, Mac, and Linux for free download from mozilla.com (http://www.mozilla.com/en-US/firefox/all-older.html). We strongly recommend that all Firefox 1.5.x users upgrade to this latest release. This update is available immediately in 37 languages including German, French, Spanish, Japanese, Simplified and Traditional Chinese, Korean, and more.
Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2 (http://www.getfirefox.com). Source: Mozilla Developer Center
Release notes are available here.
Download it from here.
If you don’t want to go ahead and get it, you should receive an automated update notification with 48 hours.
The folks over at Read/Write Web just posted an article, Web Browser Face-off, comparing web browsers, including the recent upgrades, IE7 and Firefox 2.0. It’s more of a “roundup” than a face-off, this is not a big review of each browser, just a comparison of their pros and cons. They look at [tag]IE7[/tag], Firefox 2.0, [tag]Safari[/tag], [tag]Opera[/tag], [tag]Flock[/tag] and [tag]Maxthon[/tag]. Anyway, if a good quick comparison of web browsers with no one picked as a winner is what you are looking for, read on.
The last few weeks have been packed with browser action and the two market leaders, Internet Explorer and Firefox, have launched major new versions. So to round out our recent browser coverage, we present the Web Browser Face-off – looking at how all the main browsers compare with each other in terms of features and innovation. We are basically looking for what is unique, interesting – and missing – in each browser.
Right now Microsoft still holds onto its huge market lead, but Firefox is gaining more ground every month. Probably more importantly, there are other major innovators in the browser space – such as the social browser Flock (a Read/WriteWeb sponsor) and the perennial innovator Opera. The Mac browser Safari of course has many passionate supporters, while new kid Maxthon is one to watch.
Regardless of who will prevail in the ‘browser 2.0 wars’, the users will win. While fighting each other, the browser makers innovate and simplify. They increase our productivity by integrating into the browser web concepts such as search, RSS, OPML, micro formats and more. The core browsers are getting slimmer and faster, while extensions that cover a wide range of services are being developed by external parties. Source: Read/Write Web
Over on PCWorld, they compare IE7 to Firefox 2.0 and come up with a winner, even if their reasoning is because one was first to the table with some of it’s offerings.
Firefox is a global, open-source project, so development has been very swift when compared to Microsoft’s closed-source development of Internet Explorer. We’ve had to wait a very long time between IE6 and IE7, so most users are installing IE7 with high expectations. The good news is that both browsers have seen some significant enhancements in three key areas: user experience, security and web standards. The bad news is that one browser still has better features and standards support than the other.
The better browser is Firefox 2 for two reasons: innovation and ease of use.
Both browsers are loaded with modern productivity features, but while Microsoft is just introducing these features to its browser, Firefox has already had them long enough to refine them, enhance them and make them even easier to use. While Microsoft has added an integrated search box to IE7, Firefox has added auto-suggest query completion and advanced search engine management to its own familiar search box. IE7 can now handle RSS feeds, but Firefox has several options for adding feeds within the browser, a client or your web service of choice. Source: PCWorld
I’m currently using both browsers and like both equally, but I am used to using the big blue E, so my time is mostly one sided, I need to remember to use Firefox. So, i guess I lean more towards IE7 by default, just as some of these people lean towards Firefox. They are both better browsers so you really can’t go wrong.
Ars contacted Firefox to find out if version 2.0 had been released a day ahead of schedule. We were told that “Mozilla has started the process to get Firefox 2 ready for release on Tuesday,” by a Mozilla spokesperson. “Mozilla does not guarantee that any set of files currently found within its Web site or elsewhere will be the final release. Starting tomorrow afternoon, everyone should go through Mozilla’s main channels for download at getfirefox.com or mozilla.com to obtain Firefox, as this is the pathway Mozilla has optimized for the high volume of Web traffic.” Source: Ars Technica
So, don’t download it until tomorrow when they officially release it, or you may end up with some problems you don’t need.
Here is a great write-up on Firefox 2.0 RC2 from ars technica.
Numerous elements of the user interface have received a considerable stylistic overhaul. Although these changes are primarily aesthetic in nature, several alterations also affect usability. First present in the second beta release, the initial modifications suffered from several minor deficiencies that made the whole thing look rather awkward, particularly on Linux. Most of the problems introduced by the visual changes were resolved in the first release candidate. In RC1 and RC2, the various elements of the URL bar finally have a consistent size and shape. Unfortunately, the green arrow button is difficult to remove from URL bar, but it can be accomplished by hitting about:config and tweaking the browser.urlbar.hideGoButton, changing it to “true.” The magnifying glass button in the search bar appears impossible to remove.
Looking for all of the new features added?
- Visual Refresh
- Built-in phishing protection
- Enhanced search capabilities
- Improved tabbed browsing
- Resuming your browsing session
- Previewing and subscribing to Web feeds: Users can decide how to handle Web feeds.
- Inline spell checking
- Live Titles
- Improved Add-ons manager
- Extended search plug-in format
- Updates to the extension system
- Client-side session and persistent storage
- SVG text: Support for the svg:textpath specification enables SVG text to follow a curve or shape.
- New Windows installer
Check the Release notes for a full description, and get the latest version here. Check here for the latest extensions and themes and the knowledge base for more useful information. If you are having trouble after upgrading, you may be having trouble with an extension or a theme, so start Firefox in safe mode by going to run and entering this command: firefox.exe -safe-mode. When started in safe mode all extensions are disabled and it used the default theme. Happy and safe browsing.
Categories: Firefox Tags:
Had numerous searches on my site for Firefox Linkchecker, so here it is.
Check webpage links at a glance with simple color coding. Ditch those massive listings of bad links that provide no context and add LinkChecker to your arsenal of web development tools today.
Categories: Firefox Tags: