Firefox 4 Set to Improve Security

[Nytro]

Firefox 4 Set to Improve Security

September 8, 2010

By Sean Michael Kerner

The race to accelerate browser features continues as Mozilla developers race towards the finish line to get the finished version of the Firefox 4 Web browser out the door.

The first Firefox 4 beta was released in early July of this year and the final release is due by the end of the year. Along the way to its final generally available release, Mozilla developers have been issuing milestone releases with new features and bug fixes. Firefox 4 development is occurring at a time when rival browser vendor Google (NASDAQ: GOOG) is updating it Chrome browser to version 6 and Microsoft is working on Internet Explorer 9.

Firefox 4 Beta 5 is set to debut this week providing testers with new hardware accelerated graphics capabilities and an implementation of the IETF HTTP Strict Transport Security (HSTS) draft standard.

"A while ago, we talked about Force-TLS that lets sites say 'hey, only access me over HTTPS in the future' and the browser listens," Mozilla developer Sid Stamm blogged. "Well, this idea has been solidified into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release."

The HSTS specification will enable site owners to ensure that browsers visit the SSL (define) secured version of a website instead of going through an unencrypted non-SSL HTTP address first. SSL secured sites help to ensure that password, login and other sensitive information is encrypted.

"If Firefox knows your host is an HSTS one, it will automatically establish a secure connection to your server without even trying an insecure one," Stamm blogged. "This way, if I am surfing the 'net in my favorite cafe and a hacker is playing MITM with paypal.com (intercepting http requests for paypal.com and then forwarding them on to the real site), either I'll thwart the attacker by getting an encrypted connection to paypal.com immediately, or the attack will be detected by HSTS and the connection won't work at all."

What will Firefox 4 Include – and leave out?

While the Beta 5 release includes new features, the final feature freeze for Firefox 4 is likely coming soon. A number of features that were originally set for inclusion of Firefox 4 have already been dropped including a new Account Manager tool.

On Mozilla's platform wiki, the open source organization has also noted in its latest meeting notes that new Windows silent updating feature may be at risk from being dropped from the final release. The silent update feature is one that is intended to run in the background and update the Firefox browser as new security releases come out.

With Beta 5 out the door, Mozilla developers are turning their attention to Beta 6 which is currently scheduled for a code freeze on Friday September 10th. During a conference call on Tuesday, Mozilla's director of Firefox, Mike Beltzner noted that there are currently 114 blockers (items still to be fixed and/or completed) and as such he's not sure that the September 10th date for a Beta 6 code freeze will be achievable.

"I would also like to avoid a repeat of landing particularly risky changes right before a code freeze, which is what happened with Beta 5," Beltzner said. "As a result, Beta 5 will ship with some drawing regressions, especially on Mac."

[begood]

deci vor rezolva problema asta :

Places to MITM ha.ckers.org web application security lab

[LLegoLLaS]

pana n-o sa fie unele addon-uri de pe 3.6.8 compatibile pe 4 nu ma bag.Mi-a placut nu zic dar am nevoie de astea.Stiti cumva cum pot face sa am instalate ambele versiuni?excludem varianta cu 4 instalat si 3.6.8 portable

[Guest User Name]

eu i-am facut update la mozila,si imi merg toate plugin'urile+ca traiesc cu impresia ca ruleaza mai repede aplicatia.

[LLegoLLaS]

eu folosesc in jr de 7-9 addonuri din care 4 nu merg (le postez dupa aucm sunt pe ubuntu si nu le am instalate)