Over one million downloads on the first day of its release must tell you something about the latest browser version from Mozilla. Why should you download Firefox 4? Here are 5 reasons why you should upgrade to Firefox 4.

1. It’s a major upgrade for Mozilla
2. Total redesign of its plug-in architecture called JetPack
3. A redesigned of its interface that is less cluttered and more user friendly
4. Faster JavaScript performance
5. Much improve support for HTML5

Two things I like most about this new upgrade are;

1. Firefox 4 users can now pin frequently used sites to the top left of the browser. You can pin sites like Gmail, Facebook, or Flickr which can be turned into “App Tabs.” When new mail or a new notification from your frequently used social network arrives, the small icons on the top left will glow to let you know that a new notification arrived.

2. Mozilla really out did itself by adding some user experience in the mix to streamline the user interface, collapsing the full menu bar into a small “Firefox” drop-down option on the top left. The tabs are front and center, with the URL and search bars underneath.

If you are hesitate about upgrading because the add-ons you currently use might not work, Mozilla said that more than 70 percent of its add-ons are now compatible with Firefox 4.

Download Firefox 4 and enjoy another great experience from the Mozilla team.

Firefox is faced again with another challenge in the security of its latest browser, Firefox 3.6. As of late, I have noticed more browser crashes in the last two weeks in which could be a result of this exploit.

There’s new zero day exploit in Firefox 3.6. The exploit allows attackers to remotely gain control of a PC. Russian security firm Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. Intevydis made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers.

Mozilla (Firefox) hasn’t released any updates to correct this exploit, even though its been known since the beginning of February.

According to the analysis on the Extraexploit blog, a significant increase in the number of Firefox 3.6 crashes was noted on the 12th and 13th of February. It is unclear whether the crashes were connected to the exploit being tested. The pages causing the highest number of crashes are listed in Mozilla’s crash reports.

Mozilla Crash Reports: http://crash-stats.mozilla.com/topcrasher/byurl/Firefox/3.6

Mozilla needs to find a way to release updates a lot quicker to reduce the exposure of such exploits.

There are many add-ons to help you when you need to rush through a Firefox browsing session and see something you want to read, but don’t have the time to do so.

There is the add-on “Wired Marker” (https://addons.mozilla.org/en-US/firefox/addon/6219) that let’s you mark up web pages and keeps a list of those web pages with the mark ups and allows you to go back to them. This is particularly useful for things like forum postings and blog comments, where the mark up allows you to remember just exactly why you wanted to come back to the page. Before I started using this, I’d often go back to a forum posting I had meant to comment on and I’d forget just what I wanted to comment on. I’d find myself saying “What in the heck did I want to say in this thread?”

Then there’s “Scrapbook” (https://addons.mozilla.org/en-US/firefox/addon/427). This add on allows you to save an entire web page so that you can read it off line or come back to it later on line. In the online circumstance, it will even allow you to mark up the page with comments, but you actually have to do this in the offline save, and then you can call it up and put it in a tab beside the online page. It’s a little Rube Goldberg-like and kind of tedious, but it is sort of an enhanced bookmark.

And then there’s an add-on called “Read It Later” (https://addons.mozilla.org/en-US/firefox/addon/7661). Basically it’s just what it says. If you run across something you want to read and then discard after you read it, it’s good for that circumstance instead of cluttering up your bookmarks with what is really “temporary” bookmarks.”

Finally, there’s an add-on called “Dog Ears” (https://addons.mozilla.org/en-US/firefox/addon/4482). This one is pretty bare bones. If you see something on a web page you want to come back to, you can mark it with Dog Ears.

And then there’s just plain old bookmarking.

I’ve used all of the add-ons, and of course bookmarks. But here’s the deal. Unless you make it a point to go back to these web sites, the listings can get lengthy and old fast. For example, at one time I had a “Read It Later” list that numbered 66, with the first in the list going back several months. Looking at it, I found myself saying “What in the heck did I save that for?” So if you don’t keep up on these things, the lists grow long and pretty much outdated.

I finally decided the best way to do this was to use Firefox’s built in “Session Restore” feature. If I was in a hurry and saw something I wanted to come back to, I left the tab open when I closed Firefox. That way, the next time I opened Firefox, those tabs were fresh and staring me in the face. It’s sort of like a nag screen . . . a constant reminder. Eventually, I’d open up so many tabs just to clear out the clutter (not to mention the slow loading time for all those open tabs), I’d either do what I was thinking of doing or just flat out close the tab. It’s amazing how clutter will get you focused on priorities.

With those add-ons, the clutter is hidden and you’re more likely to allow it to accumulate. With the Session Restore feature, it’s either deal with it or dump it!

Firefox 3.5 is almost here, are you ready?

Mozilla plans to issue Firefox 3.5 final version tomorrow, according to Firefox director Mike Beltzner. The version has been delayed for several months, but it will be here in 24 hours? We hope!

Mike Beltzner gives a quick preview of what’s new and exciting in Firefox 3.5, coming tomorrow from Mozilla.

Firefox 3.5 comes with a load of new features–5,000 total, according to Mozilla. Among the major ones: built-in video; local storage to enable richer Web applications that can work even with no network connection; a private browsing mode; geolocation to aid Web pages that can benefit from knowing a user’s location; and faster performance loading pages and executing Web-based JavaScript programs.

“We’ve added technology we think upgrades the Web itself,” Beltzner said.

Get ready to get even more foxy tomorrow!

Barack Obama is still in the hunt for his Cyber Czar and maybe this could be the person for that position. According to reports Window Snyder (Go figure) is leaving for a start-up company. I guess Obama will still be fishing for his Cyber Czar.

Window Snyder, the head of security at Mozilla Corp., will resign her position at the end of the year, she said in a blog post Wednesday.

“I am sad to be leaving, but I am excited to go work on something I have always been passionate about,” Snyder wrote in the Mozilla security blog. “I wish I could tell you about it now, but that will have to wait for a while.”

She joined Mozilla in September 2006 from Microsoft, where she was a security strategist and worked on Microsoft’s security-focused Windows XP Service Pack 2 update.

Security has become more important for Mozilla as its Firefox browser has gained more users, making it a more attractive target for malicious hackers. Just last week it was being targeted by a new Trojan that tries to steal online banking passwords, according to security company BitDefender.

“It’s impossible to build a perfectly secure browser,” Snyder told Computerworld in an interview earlier this year. “That’s not the goal. The goal is to build the safest browser we can. It’s an ongoing process. It’s not a goal where we’ll say, ‘OK, we’re done.’”

The good news is she leaving Mozilla’s security in capable hands, naming several colleagues who will assume her duties.

If you are still using the older version of Firefox 2.0, it’s time to upgrade to 3.0 and fast!

There will be no antiphishing feature in the final version of Firefox 2.0 when it is released later this month, according to Computerworld.

Google asked Mozilla to disable the feature in Firefox 2.0.0.19 that warns users of sites suspected of hosting identity fraud scams because the older browsers rely on an outdated SafeBrowsing protocol that Google is not supporting anymore, Mike Beltzner, director of Firefox, told Computerworld.

Firefox 2.0.0.19 is scheduled to ship December 16 and will be the final security update for the browser. The company released Firefox 3 in June.

Asked for comment, a Google spokesman provided this statement via e-mail: “Google encourages users to always use the latest version of the software they’re running. Users of Firefox 2 will be notified of the change when they are updated to 2.0.0.19; we recommend that users upgrade to Firefox 3 to continue getting protection.”

Firefox 3 includes our Safe Browsing v2 protocol which is more efficient with network bandwidth, continues to help protect against phishing, and also adds malware protection.

Source: Google, ComputerWorld

Most of what’s new in Firefox 3.1 Beta 1 is under the hood. The performance has improved tremendously over the current version and for good reason. Mozilla dramatically improved the JavaScript processing time. Sorry Chrome, it’s just not your day.

Firefox 3.1 Beta 1 is available for download. Here are some of the new features and improvements:

• Web standards improvements in the Gecko layout engine
• Added support for CSS 2.1 and CSS 3 properties
• A new tab-switching shortcut that shows previews of the tab you’re switching to
• Improved control over the Smart Location Bar using special characters to restrict your search
• Support for new web technologies such as the <video> and <audio> elements, the W3C Geolocation API, JavaScript query selectors, web worker threads, SVG transforms and offline applications.

The new tab-switching feature is really neat (press CTRL+TAB to get a view of all the open tabs), and the special character support for the Awesome Bar makes life a lot easier (for example, you can restrict the search to your history by typing ^, or search only bookmarks using *, or tagged pages with +, if you want to match only text in the URL type @, and for title and tags only use #).

What are your thoughts?

SSL/TLS (HTTPS) is critical to user security and privacy on the Internet. In recent news about SSL/TLS certificates surf jacking, “HTTPS: Surf jacking makes it vulnerable,” and could lead to major issues for internet users.

It’s required to have human intervention to validate the authenticity of certain types of certificates. This was obvious when Mozilla changed how its newest Web browser (Firefox 3) handles Web sites with expired or self-signed SSL/TLS certificates. If you visit a Web site with either an expired or a self-signed SSL/TLS certificate, Firefox 3 will not show that page at all. Instead, it will display an error message, similar to any other browser error (for example a “page not found” 404 message). This was by far a good call on Mozilla’s part to force ecommerce sites to update or renew expired certificates.

How does the error occur?

The error occurs because Mozilla has decided to take SSL/TLS Web page security to the next level, challenging any certificate that isn’t in the Web browser’s certificate database, has incorrect information, or is expired. This is a good thing; it will make Web browsing and online commerce a great deal safer. In order to understand why, let’s take a quick look at the SSL/TLS process.

SSL/TLS process:

SSL/TLS consists of two important and independent processes: authentication and data stream encryption. With today’s tough Internet environment, it’s vital to have strong encryption to protect the data packets as they travel to their destination. Thank goodness, using a SSL/TLS VPN is secure and working properly.

Authentication is a digital certificate is a data file that contains information about the Web site’s certificate holder and used to verify that the Web site is indeed what it portrays to be. The Web server’s host name, issue and expire time, and the public key for the Web server are just a few of the details contained in a certificate.

That’s it in a nut shell!

This confirms are previous post on the Firefox 3 exploit that it’s not as bad as you think. Surf safe and don’t open anything that looks strange.

Mozilla security chief has confirmed the existence of serious code execution vulnerability in the brand-new Firefox 3.0 browser is not a serious risk.

Snyder’s confirmation follows a public warning my TippingPoint’s ZDI (Zero Day Initiative) that the flaw could lead to PC takeover hijacks if a user simply surfs to a rigged Web site with Firefox.

On the Mozilla security blog, Snyder said the bug impacts Firefox versions 2.x and 3.0:

This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There is no public exploit, the details are private, and so the current risk to users is minimal.

Tech Jaws hit this one right on the head! Firefox 3 fans sit back and breathe easy.

A day after the official release of Mozilla’s Firefox 3, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox 3.0 users at risk of PC takeover attacks.

According to a note from TippingPoint’s Zero Day Initiative (ZDI), a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

Mozilla’s security team is keeping this under wraps until they release a new patch. This risk is considered high-severity.

In order for this vulnerability to be successfully exploited, an attacker will have to execute arbitrary code, permitting the attacker to completely take over the vulnerable process.

However, I would not be too concerned as this vulnerability requires interaction from a user such as clicking on a link in email or inadvertently visiting a malicious web page.

Until a fix is available, users should practice safe browsing habits and avoid clicking on strange links that arrive via e-mail or IM messages.