X
Tech

Firefox 3 final beta to be released in March

Mozilla's vice president of engineering has pointed to a definite release date for the final beta and discussed security features in the upcoming browser
Written by Tom Espiner, Contributor

Firefox 3 edges closer to release, with the fourth and final beta of the web browser out "in a couple of weeks", according to Mozilla's vice president of engineering, Mike Schroepfer.

The final Firefox 3 beta release will address issues including memory usage and cross-site XML HTTP requests. Memory usage has been improved in the final release version of Firefox 3 by rewriting "big chunks of the core Firefox code" and tuning the core scripting engine, according to Schroepfer.

Talking to ZDNet.co.uk on Monday, Schroepfer said that security had also been beefed up in Firefox 3. A major security concern for browser developers is browser susceptibility to cross-site scripting attacks (XSS), where code that can exploit browser vulnerabilities is injected into web pages.

Firefox 3 has secure cross-site XML HTTP requests, based on an emerging standard Mozilla, Google and others are developing, said Schroepfer. The standard allows websites to securely exchange information, he added. Essentially whitelists, cross-site XML HTTP request capabilities in browsers negate the need to embed iFrames in websites, which can be exploited, said Schroepfer.

"People are building sites but they're using hacks, including the site having embedded iFrames," said Schroepfer. "People are building complicated [web-facing] mashups, but big sources of attacks are cross-site scripting bugs or problems with implementation."

As well as including secure cross-site XML HTTP requests, Schroepfer said that the final version of Firefox 3 will have anti-malware capabilities. Firefox 3 will block web access to sites blacklisted by StopBadware.org, an organisation contributed to by Google and Mozilla, which lists potentially compromised websites.

"[Firefox] will check against the local list to make sure the URL isn't on the [StopBadware.org] blacklist," said Schroepfer.

This capability is already in the current beta version the browser, Firefox 3 beta 3. Schoepfer said that a "couple of weeks ago" the blacklist utility had a real-world test when the Firebug site got hacked.

"Firebug, the Mozilla debugging website, got hacked, with malware [injected] on the site" said Schroepfer. "Firefox blocked access to the site, which we thought initially was a bug in Firefox. Actually, it really worked."

Schroepfer added that the third beta of Firefox 3 had proved popular, saying it had gained half a million active users since its release on 12 February 12.

When Mozilla started to develop Firefox 3, Schroepfer said the organisation had started an in-depth security review process, with "security experts" and Mozilla developers going through each new feature in detail to discuss possible attack vectors and privacy implications of Firefox features.

Editorial standards