"Mozilla released its latest browser, Firefox 3.0, last week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release. They discussed the protection against phishing and the new malware protection, the new update mechanism for add-ons, Mozilla's security policies and processes, and the hardening of their Javascript implementation."
Post a Comment
Member since:
2006-11-14
while we still talk about firefox3 ...does anybody know why not or how difficult it will be to abstract extension engine from firefox to provide a stable API that will enable plugins to work on multiple versions of firefox?
how much entangled are extensions to firefox that they only work for only a certain version of firefox? and how come other extensions can work or multiple versions are others cant?
Edited 2008-06-23 18:01 UTC
Member since:2005-07-08
I don't know an exact reply to your first question but one should realize that Firefox 3 is a new major upgrade and that a lot of inner things have intentionally changed from the older Firefox 2.* series. Also, there are hundreds of very different third party extensions and add-ons for Firefox so it should be no surprise that some extensions work better than others.
Quite often the only reason why some old Firefox 2 extensions don't yet work with the new Firefox 3 is that - for security reasons - Firefox 3 now requires that all add-on updates use https which is not always the case with third party extension / add-on sites yet.
Member since:2005-11-10
Member since:
2008-06-23
yeah... we can see that the new firefox 3 javascript engine is as "rock solid" as the one in firefox 2...
http://www.julien-manici.com/essai/test.html
(warning: opening this link on firefox with javascript enabled will make firefox fanboys cry)
Member since:2007-09-03
Member since:2005-07-08
Yup. For example, that "test" page hangs Internet Explorer 6 as well. Hmm, I wonder what exactly is that test page supposed to test??
As to Firefox 3 and Javascript, like the article tells us, it is true that Firefox 3 is a little bit stricter in its way of running Javascript, in order to improve web security, which is only a Good Thing:
"Obviously we tread carefully when we are changing the way the browser permits web pages to behave, since there is a lot of web out there, and we don't want to break it. Nevertheless we have made some small, but smart, changes to the way certain things work. We no longer execute unclosed script tags, for instance, because doing otherwise allows a DoS attack to trigger unexpected and potentially dangerous behavior by interrupting pages when scripts are partially loaded. We've also tightened the same origin policy rules around local files so that they can't walk directory trees and send arbitrary content to bad people in shady places."
Member since:2008-06-23
"This is not a real test... this isnt even a TEST "
how do you call a script that test the ability of a browser to handle correctly an infinite loop if it is not a test?
be serious...
"What ever system you are going to test this is going to hang my friend... "
only firefox, my friend...
IE, Opera, and Safari don't hang...
(tested with firefox/opera on xp/vista/linux)
Member since:2005-07-08
Ok, I see what you mean: Firefox may even crash while, for example, IE doesn't. It could be considered a Firefox bug indeed. However, my guess is that pages that have such code causing infinite loops are not that common, and therefore the problem could be considered rather small only.
