Firefox 3 Beta 3 steps up its security game

Firefox 3 Beta 3 steps up its security game

Summary: Mozilla launched the third beta of its Firefox 3 browser Tuesday night with enhanced security features.Firefox 3 Beta 3 contains more than 1,300 changes from the second beta to improve performance.

TOPICS: Security, Browser

Mozilla launched the third beta of its Firefox 3 browser Tuesday night with enhanced security features.

Firefox 3 Beta 3 contains more than 1,300 changes from the second beta to improve performance. Meanwhile, Mozilla improved some of the security features in Firefox 3 Beta 3. Among the notable items detailed in Mozilla's release notes:

  • Improved one-click site information: Mozilla says you can click on a site's favicon in the location bar to wee who owns the site and whether the connection is secure. Identity verification is also easer to use.
  • Malware protection: Firefox 3 Beta 3 includes malware protection that warns users when they get to sites that are known to deliver malicious payloads.
  • Add-on updates. Firefox will disable add-ons that update in an "insecure manor." This feature could cut down on some of the flat file vulnerability issues of late.
  • Vista parental controls: Firefox 3 now is compatible with Vista's control settings to disable file downloads.
  • Anti-virus integration: Firefox 3 will inform antivirus software when downloading executables.

And there are other features, but the big picture is this: Mozilla recognizes that browsers are often the weak security link. As a result Mozilla is building in more features to plug-and-play with existing security software. It may not be a stretch to predict that many security features in existing suites will be built into future browsers.

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • coOL

    D T Schmitz
  • RE: Firefox 3 Beta 3 steps up its security game

    Runs great with Leopard. On my system it is much faster than Safari.
  • Anti-virus integration is useless

    Anti-virus integration is useless because your real-time antivirus protection already does it
    • firefox 3..

      I agree.I have an active AV running anyways,so what is the big deal? if you don't already have an av program running,then it's on you.I still prefer opera over firefox.Firefox has proven to crash on me too too many times.
    • Not entirely true, actually.

      The problem with real time antivirus is that, in order to prevent performance bottlenecks, it will often delay scanning a file until a time when the computer is idle.

      This means that it's entirely possible that the file might get scanned [b]after[/b] it is executed by the user - which means the virus might be already running and the system already infected!

      It's much better that a virus be detected before the code in it has a chance to run, so it can be wiped immediately before it has a chance to infect the system.

      So yes, I'd much rather it do a deliberate scan on the spot when the file is downloaded rather than depending on real time protection.
  • RE: Firefox 3 Beta 3 steps up its security game

    There are way too many people out there who DON'T have any real-time anti-virus protection either because they aren't enough aware of the problems or don't have the time to keep it updated. A browser that helps them out should maybe keep at least a few of them out of the botnets that are clogging up the Internet. ---gk
  • Still waiting for Protected Mode

    Sorry, IE has a huge leg up over Firefox on Vista with the existence of Protected Mode. No matter how many remote execution holes IE (or an ActiveX control it loads) may have, I breathe a bit easier knowing that the token it is running under has severely restricted rights. Firefox runs with the same token as every other app on your desktop, thus a hole in Firefox can allow hackers to do anything that you yourself are allowed to do.

    Protected Mode is built on publicly-documented Vista APIs, so I'm not sure what is stopping the Firefox folks from adopting this.
    • What about people that don't use Vista?

      Protected Mode is fine and dandy, but I personally don't see myself using Vista ever, in my experience Vista is a horribly buggy OS, and I will use XP or switch to Mac or Linux if I have too once XP becomes outdated.

      On a related note, I have Beta 2 installed, on XP Pro, and no real issues with it. I haven't used Beta 3, but I like the changes and comments I'm reading about it, so I'm sure the final product will be even better. I've been using Firefox since version 0.7 I believe, and I've been happy with the way they've improved it.
      • They don't get Protected Mode

        Shipping cross-platform doesn't mean that every feature must be available on every platform. It's perfectly acceptable to take advantage of platform-specific features instead of restricting yourself to the least common denominator.

        Actually if they wanted to they probably could roll their own protected mode on XP using a technique similar to "drop my rights". But then they'd find it hard to maintain compat since XP doesn't have support for file/registry virtualization like Vista does.
        • file/registry virtualization

          "But then they'd find it hard to maintain compat since XP doesn't have support for file/registry virtualization like Vista does."

          Actually, this is less of a problem than you think - they are using cross platform libraries for storing state information, and the libraries provide the appropriate services.

          Firefox actually does not use the Registry very much; it stores most of its information in XML and INI files.

          The registry is probably the worst invention Microsoft has ever created anyways. It fixed a "problem" that really didn't exist and made it harder, not easier, to locate, find, and adjust configuration information.
    • Interesting

      What's interesting is that Protected Mode is simply a stripped down UAC, yet everybody seems to hate UAC.

      Now, it they came out with something similar to NoScript and all of my other plugins, I might be interested in switching.

      The Mozilla team has actually talked to Microsoft's UAC team about it. It appears they're worried that IE7's Protected Mode is not a complete sandbox.

      In addition, they [b]still[/b] have to maintain portability, because they work on a wide variety of OSes. I'm sure they want to provide security for everybody, not just Vista users.

      Being that Protected Mode is only available to Vista users, it's probably not the best solution for a team that wants cross platform compatibility.
      • Excellent link, CobraA1

        That really makes it clear why Protected Mode isn't a panacea, and why Mozilla elected not to support it.

        Anyway, the basic concept is flawed - limited user accounts in XP are a previous implementation of the idea of restricting privileges to enhance security, and millions of users don't use them because they're too limiting. So they came out with Protected Mode, which is even more restrictive and likely to be even less used. It's just the wrong way to go.
    • Isn't that the same as "safe mode"

      which is included even with version 2.
      If you look at your menu, you should see two entries for firefox, the "regular" one and another icon with "(safe mode)" appended to it...
      Sure, it may not be the default, but my guess is it accomplishes much the same thing, and there's nothing to stop you from switching which icon you launch it from.
      My $0.02
      • never mind...

        I was curious after I posted this and from the documentation, it looks like it is mainly for troubleshooting addons and the like.
        My bad.
        But here is the link documenting it, if anyone else is curious.
  • RE: Firefox 3 Beta 3 steps up its security game

    Tried it and liked it except for the fact it crashes every time you Right Click on any link when used on Vista Home Premium. Is this a one off or are other users experiencing the same or similar?
    • Crashes on Right Click

      Eureka, found that disabling Free Dowload1 Add-on fixes the problem
  • It may have stepped up on security but....

    Images really do look a bit crap when browsing sites. I decided to download it, and i think its great except for the above reason.

    Yes.... i know its a beta, and this will probably be fixed, but just thought i'd point it out. Love the new interface, starting to get used to the way the drop down form the address bar appears when typing in a URL but other than that, no problems with it at all!
  • This is fabulous

    It's about time that a browser step up to the plate in the security arena and Firefox has and continues to lead the way in this area. Keep up the great work Mozilla, you're setting a great example for the rest of the browsers (*cough IE *cough)! :)

    - John Musbach
    John Musbach
  • RE: Firefox 3 Beta 3 steps up its security game

    Ever since the change I have had nothing but trouble trying to watch my favorite streaming video at Comedy Central and Hulu, been going on now since 3-09 months tried all the changes and suggestions, especially with the last upgrade and I love Firefox so like an idiot I keep trying..