≡ Menu

Mozilla

Download of the day: Firefox 3.1 Alpha 1

Mozilla has released Firefox 3.1 Alpha 1 - code named Shiretoko Alpha 1 and is now available for download.

New features

=> Web standards improvements in the Gecko layout engine
=> Text API for the <canvas> element
=> Support for using border images
=> Support for JavaScript query selectors
=> Several improvements to the Smart Location Bar
=> A new tab switching behavior

=> Download Linux version here.

You may also find my step by step easy instructions on how to install the Firefox browser under Linux useful.

Firefox 3.0.1 has been released and available for download. This update has been rated as having critical security impact by the Mozilla. Use the following instructions to upgrade Firefox.

Security Issues

An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785)

A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933)

Download Firefox 3.0.1

=> Visit offical site to grab Firefox 3.0.1

How do I upgrade Firefox to version 3.0.1?

See how to install firefox-3.0.1.tar.bz2 in Linux

How do I update Firefox under Redhat / Fedora / CentOS Linux?

Simply type the following command, enter:
# yum update

How do I update Firefox under Debian / Ubuntu Linux?

Open terminal and simply type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get upgrade

Mozilla hat issued important security update for Firefox package that that fix various security issues are now available from Mozilla, Red Hat, and other distributions. Mozilla announced Firefox 2.0.0.15 security and stability update available for download. This update has been rated as having critical security impact by the Mozialla. All Mozilla Firefox users should upgrade to this updated package, which contains backported patches that correct many issues.

How do I update FireFox 3.x or 1.5.x or 2.x under Red Hat / CentOS Linux?

Simply type the following command at a shell prompt:
# yum update

How do I update Firefox under Debian / Ububtu Linux?

Open terminal and type the following commands:
$ apt-get update
$ apt-get upgrade

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Security Issues Details

From the CVE database:
Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799)

Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-2800) Collin Jackson discovered various flaws in the JavaScript engine which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker may be able to execute arbitrary code with the privileges of a different website or link content within the JAR file to an
attacker-controlled JavaScript file. (CVE-2008-2801)

It was discovered that Firefox would allow non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802)

A flaw was discovered in Firefox that allowed overwriting trusted objects viaozIJSSubScriptLoader.loadSubScript(). If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803)

Claudio Santambrogio discovered a vulnerability in Firefox which could lead to stealing of arbitrary files. If a user were tricked into opening malicious content, an attacker could force the browser into uploading local files to the remote server. (CVE-2008-2805)

Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker could exploit this to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, the browser may be able to see data from other programs.(CVE-2008-2807)

Masahiro Yamada discovered that Firefox did not properly sanitize file URLs in directory listings, resulting in files from directory listings being opened in unintended ways or not being able to be
opened by the browser at all. (CVE-2008-2808)

John G. Myers discovered a weakness in the trust model used by Firefox regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809)

A flaw was discovered in the way Firefox opened URL files. If a user were tricked into opening a bookmark to a malicious web page, the page could potentially read from local files on the user's computer. (CVE-2008-2810)

A vulnerability was discovered in the block reflow code of Firefox. This vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811)

Thanks to everyone. Mozilla today received confirmation from Guinness World Records that they have officially achieved the record for the "largest number of software downloads in 24 hours."

New Guinness World Record - 8 million Firefox 3 downloads in a day!

From the mozilla site:

Thanks to the support of the always amazing Mozilla community, we now hold a Guinness World Record for the most software downloaded in 24 hours. From 18:16 UTC on June 17, 2008 to 18:16 UTC on June 18, 2008, 8,002,530 people downloaded Firefox 3 and are now enjoying a safer, smarter and better Web.


(Fig.01: Keep your friends close, and your enemies closer [click to enlarge image]).

The Microsoft Internet Explorer Team sent a cake for the release of Firefox 2 in 2006 and now they did it again. Thanks Ryan Paul for posting image and information (via Digg).

PS: Mozilla will be eating cake as well as Internet Explorer's marketshare ;)

Firefox 3 Set To Release on June 17th 2008

Firefox version 3, the best web browser set to release on June 17th 2008 Mozilla has announced the date today:

After more than 34 months of active development, and with the contributions of thousands, we're proud to announce that we’re ready. It is our expectation to ship Firefox 3 this upcoming Tuesday, June 17th. Put on your party hats and get ready to download Firefox 3 — the best web browser, period.

=> Coming Tuesday, June 17th: Firefox 3

The second Firefox 3 Release Candidate (RC2) has been released and available for download from official site. It is a preview release of Mozilla's next generation Firefox browser and is being made available for testing purposes only.

Grab Firefox 3 Release Candidate 2 Here