Archive for the ‘Mozilla’ Category

Mozilla releases alpha version of Firefox 3.0

December 12, 2006

Oh my, this came out of nowhere!

Mozilla, only a few months ago released their final and public version of Firefox 2.0. Now they’re at it again, with an alpha version of Firefox 3.0.

Here is the screen shot

Click the links below to download for your respective OS.

Windows – 32bit version

Mac

Linux – i686

Note: the download links above point to the US English builds of Firefox 3.0 alpha. If you find links for other languages, please leave a comment with the download links.

And for those of you who know ‘code’, here is the link for the source code of the alpha build

I’ll post updates as Mozilla releases newer builds.

Cheers!

Firefox Passwords security problem

November 24, 2006

Security experts Wednesday warned that Mozilla Corp.’s Firefox browser has an unpatched flaw that lets criminals pilfer Web site or account passwords, and said that the tactic has already been used on MySpace to steal log-in information from users of the popular social networking service. Dubbed the “Reverse Cross-Site Request” vulnerability by its discoverer, the vulnerability is in Firefox’s password-saving feature. Attackers can exploit the flaw by crafting malicious HTML code that hijacks a username and password from a legitimate site, such as a blog or message forum, then transports the log-in to another site.

Users would not notice that the theft had even taken place, said Robert Chapin, who reported the bug to Mozilla earlier this month. Microsoft’s Internet Explorer is also vulnerable to RCSR attack, added Chapin, although circumstances make it less likely that attackers will exploit the bug in IE. Current versions of Firefox, including 1.5.0.8 and 2.0, are vulnerable to RCSR attack; until a patch is available, users can deflect such attacks by disabling the automated password saving feature. In Firefox, users should select Tools|Options|Security, then clear the box marked “Remember passwords for sites.” Let’s hope it will be fixed soon. Anyway, still way better than all these ActiveX bugs in IE…

Source: InformationWeek