Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Firefox 3 Beta 3 steps up its security game

By | February 12, 2008, 7:00pm PST

Mozilla launched the third beta of its Firefox 3 browser Tuesday night with enhanced security features.

Firefox 3 Beta 3 contains more than 1,300 changes from the second beta to improve performance. Meanwhile, Mozilla improved some of the security features in Firefox 3 Beta 3. Among the notable items detailed in Mozilla’s release notes:

  • Improved one-click site information: Mozilla says you can click on a site’s favicon in the location bar to wee who owns the site and whether the connection is secure. Identity verification is also easer to use.
  • Malware protection: Firefox 3 Beta 3 includes malware protection that warns users when they get to sites that are known to deliver malicious payloads.
  • Add-on updates. Firefox will disable add-ons that update in an “insecure manor.” This feature could cut down on some of the flat file vulnerability issues of late.
  • Vista parental controls: Firefox 3 now is compatible with Vista’s control settings to disable file downloads.
  • Anti-virus integration: Firefox 3 will inform antivirus software when downloading executables.

And there are other features, but the big picture is this: Mozilla recognizes that browsers are often the weak security link. As a result Mozilla is building in more features to plug-and-play with existing security software. It may not be a stretch to predict that many security features in existing suites will be built into future browsers.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Game, Mozilla Firefox, Beta, Mozilla Corp., Firefox 3 Beta 3, Identity Verification, Web Browsers, Security, Internet, Larry Dignan

Talkback Most Recent of 19 Talkback(s)

  • coOL
    nt
    ZDNet Gravatar
    D T Schmitz
    12th Feb 2008
  • RE: Firefox 3 Beta 3 steps up its security game
    Runs great with Leopard. On my system it is much faster than Safari.
    ZDNet Gravatar
    dicka@...
    12th Feb 2008
  • Anti-virus integration is useless
    Anti-virus integration is useless because your real-time antivirus protection already does it
    ZDNet Gravatar
    qmlscycrajg
    13th Feb 2008
  • firefox 3..
    I agree.I have an active AV running anyways,so what is the big deal? if you don't already have an av program running,then it's on you.I still prefer opera over firefox.Firefox has proven to crash on me too too many times.
    ZDNet Gravatar
    qique12569@...
    13th Feb 2008
  • Not entirely true, actually.
    The problem with real time antivirus is that, in order to prevent performance bottlenecks, it will often delay scanning a file until a time when the computer is idle.

    This means that it's entirely possible that the file might get scanned after it is executed by the user - which means the virus might be already running and the system already infected!

    It's much better that a virus be detected before the code in it has a chance to run, so it can be wiped immediately before it has a chance to infect the system.

    So yes, I'd much rather it do a deliberate scan on the spot when the file is downloaded rather than depending on real time protection.
    ZDNet Gravatar
    CobraA1
    13th Feb 2008
  • RE: Firefox 3 Beta 3 steps up its security game
    There are way too many people out there who DON'T have any real-time anti-virus protection either because they aren't enough aware of the problems or don't have the time to keep it updated. A browser that helps them out should maybe keep at least a few of them out of the botnets that are clogging up the Internet. ---gk
    ZDNet Gravatar
    gary.s.kearney@...
    13th Feb 2008
  • Still waiting for Protected Mode
    Sorry, IE has a huge leg up over Firefox on Vista with the existence of Protected Mode. No matter how many remote execution holes IE (or an ActiveX control it loads) may have, I breathe a bit easier knowing that the token it is running under has severely restricted rights. Firefox runs with the same token as every other app on your desktop, thus a hole in Firefox can allow hackers to do anything that you yourself are allowed to do.

    Protected Mode is built on publicly-documented Vista APIs, so I'm not sure what is stopping the Firefox folks from adopting this.
    ZDNet Gravatar
    PB_z
    13th Feb 2008
  • What about people that don't use Vista?
    Protected Mode is fine and dandy, but I personally don't see myself using Vista ever, in my experience Vista is a horribly buggy OS, and I will use XP or switch to Mac or Linux if I have too once XP becomes outdated.

    On a related note, I have Beta 2 installed, on XP Pro, and no real issues with it. I haven't used Beta 3, but I like the changes and comments I'm reading about it, so I'm sure the final product will be even better. I've been using Firefox since version 0.7 I believe, and I've been happy with the way they've improved it.
    ZDNet Gravatar
    drdoug99@...
    13th Feb 2008
  • They don't get Protected Mode
    Shipping cross-platform doesn't mean that every feature must be available on every platform. It's perfectly acceptable to take advantage of platform-specific features instead of restricting yourself to the least common denominator.

    Actually if they wanted to they probably could roll their own protected mode on XP using a technique similar to "drop my rights". But then they'd find it hard to maintain compat since XP doesn't have support for file/registry virtualization like Vista does.
    ZDNet Gravatar
    PB_z
    14th Feb 2008
  • file/registry virtualization
    "But then they'd find it hard to maintain compat since XP doesn't have support for file/registry virtualization like Vista does."

    Actually, this is less of a problem than you think - they are using cross platform libraries for storing state information, and the libraries provide the appropriate services.

    Firefox actually does not use the Registry very much; it stores most of its information in XML and INI files.

    The registry is probably the worst invention Microsoft has ever created anyways. It fixed a "problem" that really didn't exist and made it harder, not easier, to locate, find, and adjust configuration information.
    ZDNet Gravatar
    CobraA1
    14th Feb 2008
  • Interesting
    What's interesting is that Protected Mode is simply a stripped down UAC, yet everybody seems to hate UAC.

    Now, it they came out with something similar to NoScript and all of my other plugins, I might be interested in switching.

    The Mozilla team has actually talked to Microsoft's UAC team about it. It appears they're worried that IE7's Protected Mode is not a complete sandbox.

    http://www.computerworlduk.com/technology/internet/applications/news/index.cfm?newsid=2204

    In addition, they still have to maintain portability, because they work on a wide variety of OSes. I'm sure they want to provide security for everybody, not just Vista users.

    Being that Protected Mode is only available to Vista users, it's probably not the best solution for a team that wants cross platform compatibility.
    ZDNet Gravatar
    CobraA1
    14th Feb 2008
  • Excellent link, CobraA1
    That really makes it clear why Protected Mode isn't a panacea, and why Mozilla elected not to support it.

    Anyway, the basic concept is flawed - limited user accounts in XP are a previous implementation of the idea of restricting privileges to enhance security, and millions of users don't use them because they're too limiting. So they came out with Protected Mode, which is even more restrictive and likely to be even less used. It's just the wrong way to go.
    ZDNet Gravatar
    Greenknight_z
    15th Feb 2008
  • Isn't that the same as "safe mode"
    which is included even with version 2.
    If you look at your menu, you should see two entries for firefox, the "regular" one and another icon with "(safe mode)" appended to it...
    Sure, it may not be the default, but my guess is it accomplishes much the same thing, and there's nothing to stop you from switching which icon you launch it from.
    My $0.02
    ZDNet Gravatar
    martian@...
    14th Feb 2008
  • never mind...
    I was curious after I posted this and from the documentation, it looks like it is mainly for troubleshooting addons and the like.
    My bad.
    But here is the link documenting it, if anyone else is curious.

    http://support.mozilla.com/kb/Safe+Mode
    ZDNet Gravatar
    martian@...
    14th Feb 2008
  • RE: Firefox 3 Beta 3 steps up its security game
    Tried it and liked it except for the fact it crashes every time you Right Click on any link when used on Vista Home Premium. Is this a one off or are other users experiencing the same or similar?
    ZDNet Gravatar
    anvar5
    13th Feb 2008
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources