≡ Menu

Mozilla

Mozilla Asks To Display Firefox EULA In Ubuntu Linux

A software license agreement is a contract between a producer and a user of computer software which grants the user a software license. Most often, a software license agreement indicates the terms under which an end-user may utilize the licensed software, in which case the agreement is called an end-user license agreement or EULA. EULA is very common under Windows and other oses like Mac OS X.

A free software license grants the right to modify and redistribute the licensed software for any purpose, both of which would ordinarily be forbidden by copyright law. So you get considerably more rights than most EULAs provide. Now Mozilla asked Ubuntu to display EULA first time you launch Firefox. From the bug page:

Mozilla Corp asked that this be added in order for us to continue to call the browser Firefox. Since Firefox is their trademark, which we intend to respect, we have the choice of working with Mozilla to meet their requirements, or switching to an unbranded browser.

I don't see a big deal here. If you don't like EULA in Ubuntu, try Iceweasel - rebranded version of the Mozilla Firefox program.

Download of the day: Firefox 3.1 Alpha 1

Mozilla has released Firefox 3.1 Alpha 1 - code named Shiretoko Alpha 1 and is now available for download.

New features

=> Web standards improvements in the Gecko layout engine
=> Text API for the <canvas> element
=> Support for using border images
=> Support for JavaScript query selectors
=> Several improvements to the Smart Location Bar
=> A new tab switching behavior

=> Download Linux version here.

You may also find my step by step easy instructions on how to install the Firefox browser under Linux useful.

Update: Vmware sever 2.0 final has been released. Version 2.0 has updated version for Firefox 3.0.x series.

VMWare remote console plugin allows to control VMWare server 2.0RC1. However, when you upgrade Firefox to 3.0.1 it will not work or get disabled by Firefox 3.0.1 due to plug-in compatibility issue. To fix this issue shutdown your Firefox, locate a directory called VMwareVMRC@vmware.com. This hack tested on:
=> Linux running Firefox 3.0.1

=> VMware Remote Console Plug-in version 2.5.0.100265

Open a shell prompt and type the following commands:
$ cd ~/.mozilla/
$ find . -type d -iname "VMwareVMRC@vmware.com"

Sample output:

./firefox/szvrcz3m.default/extensions/VMwareVMRC@vmware.com

Change the directory, enter:
$ cd ./firefox/szvrcz3m.default/extensions/VMwareVMRC@vmware.com
Open install.rdf
$ cp install.rdf ~/install.rdf.bak
$ vi install.rdf

Find line that read as follows:

<em:maxVersion>3.0.0.*</em:maxVersion>

Replace it with:

<em:maxVersion>3.0.1.*</em:maxVersion>

Save and close the file. Open Firefox and plug-in should work without a problem.
(Fig.01: Running VMWare Server Remote Console Plugin under Updated Firefox v3.0.1)

Firefox Leads Web Browser Security War

Firefox users like you and me considered as the most secure. According to new study Firefox offers the most secure browsing experience to its user. According to study paper called - Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg" :
=> Firefox users most likely to use the latest version and well secured from the Internet attacks.

=> Failed to update browsers will result in increases the chance for remote attacks executed by attacker.

=> Internet explorer security is bad because most users stuck with older version. Most people can't uninstall IE, therefore they end up using it outdated default browser version.

See study paper for all the details.

Mozilla hat issued important security update for Firefox package that that fix various security issues are now available from Mozilla, Red Hat, and other distributions. Mozilla announced Firefox 2.0.0.15 security and stability update available for download. This update has been rated as having critical security impact by the Mozialla. All Mozilla Firefox users should upgrade to this updated package, which contains backported patches that correct many issues.

How do I update FireFox 3.x or 1.5.x or 2.x under Red Hat / CentOS Linux?

Simply type the following command at a shell prompt:
# yum update

How do I update Firefox under Debian / Ububtu Linux?

Open terminal and type the following commands:
$ apt-get update
$ apt-get upgrade

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Security Issues Details

From the CVE database:
Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799)

Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-2800) Collin Jackson discovered various flaws in the JavaScript engine which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker may be able to execute arbitrary code with the privileges of a different website or link content within the JAR file to an
attacker-controlled JavaScript file. (CVE-2008-2801)

It was discovered that Firefox would allow non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802)

A flaw was discovered in Firefox that allowed overwriting trusted objects viaozIJSSubScriptLoader.loadSubScript(). If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803)

Claudio Santambrogio discovered a vulnerability in Firefox which could lead to stealing of arbitrary files. If a user were tricked into opening malicious content, an attacker could force the browser into uploading local files to the remote server. (CVE-2008-2805)

Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker could exploit this to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, the browser may be able to see data from other programs.(CVE-2008-2807)

Masahiro Yamada discovered that Firefox did not properly sanitize file URLs in directory listings, resulting in files from directory listings being opened in unintended ways or not being able to be
opened by the browser at all. (CVE-2008-2808)

John G. Myers discovered a weakness in the trust model used by Firefox regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809)

A flaw was discovered in the way Firefox opened URL files. If a user were tricked into opening a bookmark to a malicious web page, the page could potentially read from local files on the user's computer. (CVE-2008-2810)

A vulnerability was discovered in the block reflow code of Firefox. This vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811)

I was little worried about judges for Mozilla'z Guinness World Record attempt. However, Firefox team is lucky to have Paul Vixie of the Internet Systems Consortium and Corey Shields of Indiana University as judges. Paul is well known as the author of Vixie cron and DNS BIND server daemon. Corey has made contributions to many open source projects including Mozilla and the Gentoo Linux.

Checkout mozilla blog for more details.


(Fig.01: Keep your friends close, and your enemies closer [click to enlarge image]).

The Microsoft Internet Explorer Team sent a cake for the release of Firefox 2 in 2006 and now they did it again. Thanks Ryan Paul for posting image and information (via Digg).

PS: Mozilla will be eating cake as well as Internet Explorer's marketshare ;)