xxx

Tuesday, November 27, 2007

Mozilla Firefox 3.0 80% of the bug has yet to be repaired

Mozilla Firefox 3.0 80% of the bug has yet to be repaired
This paper Keywords: Mozilla Firefox 3.0 firefox
Open-source developers site disclosure, Mozilla only solve its current generation FireFox browser 20% of the Bug. New browser will be released next year.

Therefore Beta2 version will be a full version of the amendment, it is estimated that sooner rather than later we can see.

Thursday, November 8, 2007

Has IE 7 turned back Firefox?

But a Web metrics company immediately disputed the conclusion, and said that IE 7's introduction has helped -- not hurt -- Firefox.
Firefox's success in chipping away at Internet Explorer's (IE) majority Web browser market share has slowed since Microsoft began pushing the new IE7 as an automatic update to Windows users last year, a management consulting firm said Wednesday.

According to Janco Associates, which tracked users to several Web servers that the Nevada-based company manages, Firefox's growth rate has stalled since December 2006, when Microsoft started automatically issuing IE 7 to Windows users. "We've started to see a stabilization of the marketplace," said Victor Janulaitis, Janco's CEO. "In three years IE lost about 15 percent of the market share, but we're now seeing that leveling off."

From December 2006 to this month, Firefox's share increased less than a percentage point, from 12.5 percent to 13.4 percent. Meanwhile, IE's overall share climbed to 70.5 percent in March from December's 67.5 percent. In particular, IE7's share almost tripled from the beginning of December by March 1, climbing from 6.9 percent to 18.7 percent.

Firefox's stall, said Janulaitis, meant that it and other IE rivals won't be able to overtake Microsoft's browser "without some major new innovation or driver."

Poppycock, said Geoff Johnston, an analyst with WebSideStory of California, U.S. "I'm surprised at how well Firefox has done since IE7 came out," he said. "It looks like the forced migration of IE7 is helping Firefox."

By WebSideStory's figures, Firefox accounted for 13.7 percent of the U.S. browser usage share as of last Friday. IE, meanwhile, owned just under 82 percent. During the December-March period, Firefox actually grew its share by more than 2.5 percent, while IE's share has been clipped by more than 3 percent.

Although Microsoft released IE7 to Windows XP users in October 2006, the company did not start feeding the updated browser to users via Automatic Updates until early December. At the time, there was significant criticism of Microsoft for using the update service, which is typically reserved for security patches, not program upgrades.

"IE7 has almost 31 percent of the whole browser market," said Johnston, "but its growth has been almost exclusively at the expense of IE6. IE7 has not slowed the pace of either Firefox or Safari. Microsoft's getting it from both those two fronts."

Janulaitis stood by his data. "It's very solid. We've used the same methodology since 1997." And he stood by his conclusion. "IE7 has features that negate the advantages that Firefox had. It may continue to lose share, but I think it will stabilize around the 60 percent to 65 percent mark.

Johnston's not so sure. "If you're Mozilla you have to be happy with these numbers. That big, that's the big news, that Firefox was able to stand up to IE7. It says the world's changed a little."

Firefox 3 Alpha Blocks Malware,Secures Plug-in Updates

Among the security provisions debuting in the new alpha of "Gran Paradiso," the code name for Firefox 3.0, are built-in anti-malware warnings and protection against rogue extension updates, according to documentation Mozilla posted to its Web site.

The malware blocker, which was first mocked up in June, will block Web sites thought to contain malicious downloads. The feature, a companion to the phishing site alert system in the current Firefox 2.0, will use information provided by Google Inc. to flag potentially-dangerous sites, warn anyone trying to reach those URLs with Firefox and automatically block access to the site.

Mozilla also pointed to a URL that demonstrates the new malware blocker for alpha 8 users.

Also taking a bow is a check meant to prevent plug-ins' automatic updates from sending users to malicious sites where they might be infected by attack code or drive-by downloads.

Firefox relies on small plug-ins -- called "extensions" in the Mozilla vernacular -- for much of its power and flexibility. Several thousand extensions have been written, the vast bulk of them by outside developers, that do everything from boost browsing speed to block irritating Flash animations. Firefox regularly checks to see if the installed extensions are up to date, and if not, automatically pulls in the newest version and installs it.

"Firefox automatically checks for updates to add-ons using a URL specified in the add-on's install manifest," Mozilla spells out in a developer's document. "Currently there are no requirements placed on these URLs. In particular, [they are not] required to be https. This allows either the update manifest or the update package to be compromised, potentially resulting in the injection of malicious updates. A demonstration of one form of compromise is already public."

Most extensions are hosted on Mozilla's own servers -- at the servers feeding its Add-ons site -- but some are not; it's those off-site extensions that Mozilla wants to lock down.

To stymie attacks through a compromised extension update, Mozilla will require updates -- both the actual update package and the much smaller "manifest," or notification of an update -- to be delivered over an SSL-secured connection. Or the update must be digitally signed.

The change doesn't affect the initial installation of an extension, something Mozilla recognized. "[This] has no impact on the security of initial add-on installs," it told developers in the online guide.

This newest preview, which can be downloaded in versions for Windows, Mac OS X and Linux from the Mozilla site, still comes with a warning to end users. "Alpha 8 is intended for Web application developers and our testing community. Current users of Mozilla Firefox should not use Gran Paradiso Alpha 8," the browser's release notes.

Mozilla has not officially committed to a release date for the final version of Firefox 3.0.