Switching from Internet Explorer to Mozilla Firefox

Critical flaws squashed in Firefox update
Update to popular open-source Web browser addresses a dozen security vulnerabilities, five of which are deemed critical.

Click here to go to the update menu
Home Browsers MsOffice 97 & 2000 Site Search Windows

Firefox Version 2.0 Beta Candidate Released

The browser wars are heating up, as the first beta of Firefox 2.0 is due on Tuesday July 11th, and Internet Explorer version 7.0 is now on it's third beta release.

Reports from early testers compliment two of the significant new features: an integrated spell checker, and an anti-phishing tool. The spell-checker promises to make blog and forum postings more lucid. The phishing filter (an integrated component of IE 7.0 as well) works with locally stored lists of bad sites, along with Google's site listing, and possibly others down the road.

The rest of the interface stays mostly the same, unlike the more radical changes in IE 7.0. Firefox 2.0 does include a horizontal scrolling capability for tabs, and an ability to close a tab directly from within the tab itself. The Options dialog has been reworked to include a horizontal, tabbed based interface, and numerous changes have been made under the hood.

As is the case with any beta product it is best left to the propeller heads like me to work out the bugs. As is the case with Microsoft Internet Explorer Beta 3, leave the testing to those who have the time to report and fix bugs. Wait for the final release.

If you simply must have the newest brightest srinkwraped what ever, check ou the below links:

You can download the Windows release candidate of Firefox 2.0 Beta 1 directly, along with Mac and Linux versions, but beware. It will overwrite your existing themes, and render existing extensions unusable.

Firefox Security Update
Firefox 1.5.0.3 has a security update that is part of their ongoing program to provide a safe Internet experience for there users. They recommend that all users upgrade to this latest version.

Firefox 1.5 
Now Available

Firefox 1.5, available free via download, is the browser's first major update since creator the Mozilla Foundation introduced it about a year ago

The award-winning Web browser is better than ever. Browse the Web with confidence - Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy. It's easy to import your favorites and settings and get started. Download Firefox now and get the most out of the Web.
Download Firefox 1.5 for Windows, English (5.0MB) 

New in the 1.5 version are more sophisticated security and performance features. In addition to a more effective pop-up blocker, the updated browser is designed to ease security updates. The program checks daily for patches, downloads them automatically and then prompts users to install them, said Chris Beard, vice president of products at Mozilla.

Other improvements include "forward" and "backward" browsing buttons designed to load Web pages more quickly. A new drag-and-drop feature for browser "tabs" lets users keep related pages together.

Firefox 1.5 also supports new Web programming standards, such as AJAX, that enable more graphical capabilities in Web pages. And the browser features more sophisticated application programming interfaces for people who build and use add-on programs, such as browser-based weather updates.

Mozilla plans to introduce new versions more frequently from now on. Firefox 2.0 is due in mid-2006, and the 3.0 release is set for the first quarter of 2007. The group expects to release security and stability updates every six to eight weeks. 

Noted Problems from some of our readers with Firefox 1.5:


The Browser Wars Are Heating up Again~Don't get caught in the crossfire!

Microsoft Internet Explorer, though a very good browser, has it's problems. Attacks on MSIE are on the rise and why? Because Microsoft is the biggest bad boy on the block. That leaves them wide open for attack and, if you are using Microsoft Software, you are the recipient of the Redmond Successes. See the Microsoft vs. Firefox update

Those of you who know us know that we love Microsoft, we hate Microsoft, we love to hate Microsoft. Unfortunately the attacks are real and the most recent attacks got us to reconsider our support for Microsoft Internet Explorer. Now, let us be very clear on this. We still use MSIE and with Windows XP Service Pack 2 installed Microsoft Internet Explorer is most definitely safer then it ever has been. Still, for most of our day to day browsing, and we do a ton of it, we like and use Mozilla's Fire fox. Of course we also use Netscape's new browser package Netscape 7.2 as well, but mainly because we still get questions about the software so we have to keep up to speed. Yes, we tend to have tons of different software for testing and it is true that most people are not going to run into anywhere near the amount of trouble that we do. Having said that, it may be a good idea to keep MSIE, sure, but also for moat day to day browsing, I would suggest one for the alternative we have listed here.

Updates & Questions About FireFox

FireFox Add-ons:

The following describes how to switch to Mozilla Firefox from Microsoft Internet Explorer.  We are providing these instructions due to the recent exploits in Internet Explorer and the recommendation to switch to an alternative browser, such as Firefox, by the United States Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.

Microsoft says that it doesn't intend to upgrade Microsoft Internet Explorer until it rolls out the next version of Windows, code named "Longhorn". Well, so much for "Trusted Computing"! We are alarmed enough to make this statement in agreement with the Department of Homeland Security and the US-CERT. Update- Sense this article was written, old mister softie, Bill Gates, has had a change of heart and has said that Microsoft 7.0 will be a stand alone browser free downloadable package but only for those running Windows XP with Service Pack 2 installed. Right now we are recommending Firefox from the Mozilla team. Netscape has rolled out a newer version of it's browser from Netscape 7.1 to 7.2. You can check it out at this site :http://channels.netscape.com/ns/browsers/default.jsp

If you want to get really funky, please see Netscape 8.0 beta 1 the Bo first Looks, a review.

Watch out Microsoft, the buzzards are hovering and they sense a tasty piece of market share. Well, Bill, waiting until the release of Longhorn may not be an option any longer. Bet ya thought that you had the browser market sowed up huh?

 

 

 

 

 

Browser Update:

Microsoft has said that Internet Explorer 6.0 would be the last free update to the browser. Firefox seems to have pulled the browser out of the Redmond mothball closet. It seems that Mr. Gates has had a change of mind, again. Microsoft Internet Explorer 7.0 will be out sometime this spring or summer but only for user's of Windows XP with SP2 installed. If Microsoft is true to it's usual releases, you can expect it by the fall. Notice I did not say of what year. But at least it will be free. I expect it will incorporate a number of welcome security features that have been sadly missing from earlier Microsoft browsers.

But in the midst of this turmoil what has been missed by many people is that Microsoft has done a 180-degree turnaround. Internet Explorer 7, as I understand it, will be a stand-alone browser, not tightly integrated with the operating system, despite the fact that it will apparently rely heavily on the security enhancements built into XP SP2.

Microsoft Internet Explorer 7.0 Updated:
10 things you should know about Internet Explorer 7.0 enhancements.
This is a TechRepublic Download in Acrobat Reader Format (PDF).

Final word:
IE 7’s deployment date has been moved around several times and has just been moved up. Now, if I were cynical, I might point out that a LOT of companies and even government agencies have been taking a serious look at Firefox 1.0, which already does a far superior job of blocking adware and probably also spyware (I can’t comment on the spyware specifically, but Firefox certainly does a superb job on some adware that IE 6 ignores completely).

 See also: Microsoft Puts IE Enhancements on Fast Track

Microsoft offers tabbed browsing--in IE 6

Weeks after it promised tabs in IE 7, the software giant releases toolbar update that offers tabs in IE 6.

With the version of MSN Search Toolbar made available Wednesday, June 9, 2005, IE 6 gains the ability to open numerous Web pages within a single window, each selectable by a small tab at the top of the window.

The feature--long offered by IE competitors like Opera, Safari and Firefox, and by browser shells built to run on top of IE--is one of many that Web surfers have said they missed in the aging IE 6.

IE has not had a major feature upgrade in more than three years. Last month, Microsoft confirmed speculation that it would offer tabbed browsing in the upcoming IE 7.

 

Go to MSN to get the add-on
7.89 MB only available in US English. 
Might we be getting a glimpse of Microsoft's upcoming new browser?

The down side? It is still Microsoft Internet Explorer 6.0 no matter how much paint Redmond chooses to put on it.

Maxthon Tabbed Browser
Does the MSN toolbar leave you a little befuddled (Be-fuddle-d- Adjective, Geek Speak for "a head scratcher" and a strange desire to say the word, "HUH?", a lot!

I've seen ya. You have been cheating on Microsoft and experimenting with Tabbed browsers haven't you? You flirt! 

Okay, okay, you love the way MSIE 6.0 runs. You're comfortable with it but really think that the MSN's version of tabbed browsing is a little, well...dull. You long for tabbed browsing from a browser like MSIE with a ton of options for configuring the browser which is in plain English, not in some cryptic code like that of Firefox's About;Config setup. Well bunky, set back and take a look at Maxthon Tabbed Browser. It adds a much prettier face than that of MSIE plus you get tabbed browsing on steroids. It is not a whole browser by itself, it runs on the Microsoft Internet Explorer framework so most of the bugs, and flaws inherent to MSIE will be found in the Maxthon Tabbed Browser. However, Maxthon does have a rapid response team and you can have Maxthon search for updates automatically so you do not have to worry about it. It is a small download, downloads being what they are today, and it is worth trying out. We use Maxthon Tabbed Browser at BLCOW when we are not using Firefox. I think (Hey, I get to think from time to time, no, really I do!) once you give Maxthon a try, you will be hooked on tabs. We're thinking about starting a twelve step program for those of us hooked on tabs. Hey, if it works for Dr. Phil, why the heck not.

One note of caution. Maxthon has some BHO's (Browser Helper Object). One of which is Robo Form. It seems okay but has the annoying habit of setting in the System Tray at startup robbing you of system recourses. It just sits there waiting for you to open a browser, then it wants to intrude on every little thing you do. Do you need it? wellllll, ya you do!. Maxthon works off of the MSIE engine but for some unknown reason, it will not use MSIE's AutoComplete feature.

Where can you get this wonder toy? Click here.
Of course it is free bunky. Have you not been paying attention? BLCOW is all about being frugal. Okay, we're cheaper then your old spinster aunt. We are all about free stuff, aren't you?

Okay, enought of that. Here is what you need to do to disable MSIE's nasty little habits: That's Habits, not Hobits all you Tolkin fans.

First Blaster. Then Sasser. What’s Next?
Don't wait. Personally? I'd rather switch than fight. At least for now.

Two methods for disabling IE

Several simple, popular methods exist to disable IE. The easiest way to remove users' ability to browse with IE is to add a bogus proxy server to IE's Internet Settings.

Follow these steps:

  1. In IE, go to Tools | Internet Options.
  2. On the Connections tab, click the LAN Settings button.
  3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
  4. Enter 0.0.0.0 in the Address text box.
  5. Enter 80 in the Port text box, and click OK.

You can also restrict Internet settings via Group Policy. Follow these steps:

  1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
  2. On the Group Policy tab, click Edit.
  3. Expand User Configuration to set restrictions on a per-user basis.
  4. Expand Windows Settings, and expand Internet Explorer Maintenance.
  5. Select Connection, and double-click Proxy Settings.
  6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
  7. Expand Administrative Templates, and expand Windows Components.
  8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
  9. Select Enabled, and click OK.

Remember that Enabled sets a restriction, Disabled prevents a restriction from applying to a group of users (even if you enable it for a broader category of users), and Not Configured doesn't set the restriction.

Please note that adding a bogus proxy server to your Internet settings won't affect Automatic Windows Update from connecting and updating your operating system.

Download and Install Firefox:
Before you take any of these steps, download another browser, and test it on your current configuration. I highly recommend Mozilla's Firefox (http://getfirefox.com). After you install a new browser, answer Yes when it asks whether to make it your default browser. A very god companion for Mozilla's Firefox is the email client, Thunderbird which you can learn more about and download by clicking on the Thunderbird image below.

Final thoughts

No matter how many patches Microsoft releases, ActiveX and the Browser Helper Object (a file loaded with Internet Explorer) are all an attacker needs to control your system and steal your data. Microsoft designed IE for functionality--not security. And antivirus software can't defend your network against IE exploits.

Firefox:
For those of you used to MSIE 6.0 Firefox will seem very familiar indeed. In fact, the interfaces if quite similar and you will feel right at home in no time flat. The plus? Firefox integrates very well with your Outlook Express (See:
Outlook Express And Security Zones) or Outlook mail client. Of course, Mozilla has an email client as well called Thunderbird. You might want to check it out as well. Find it here. Take Firefox for a spin and see for yourself.

Get Firefox, a safer way of browsing the web        Thunderbird Email client from Mozilla

Windows security isn't about eliminating security holes; it's about managing risk and user functionality. All operating systems have vulnerabilities, but Windows' popularity makes it the target of choice for most black hats.

Final thoughts from the Bomister:

I have always liked Microsoft Internet Explorer and if the folks in Redmond jump onto this, I am in hopes to like Internet Explorer in the future too. One of the biggest problems with being on top is, you make an easier target and it isn't helped by the Gates hyperbolizes either. Microsoft can no longer mouth "Trust Worthy computing", they have to start living it and I mean right now, not next moth or next year. I have every confidence that the Redmond gang is finally getting the message and will, I hope, act upon it. Until they do, and do it convincingly, I am advising, in the strongest possible terms, that all of our readers switch to Netscape 7.2, or Firfox. Firefox is ready now but Netscape 7.2 won't be out much before the end of the month, August 2004. However, Netscape 7.1 is a very good and viable browser. You can find Netscape 7.1 here. Got problems with Netscape? See our NetscapeAid, Netscape I and Netscape II pages for your answers.

For all of you brave risk takers out there, why not give Netscape 8.0 beta 1 a shot. Read our review and get instructions on how to get your very own copy of Netscape's newest thingy. Click here, I'll take you there.

Q&A's
Firefox Bo Tip:
One question I know that you will want to ask after downloading and installing Firefox is, "Hey Bo, how the heck do I get Browser Tabs to load in the background?

Answer: In the browser's address window, type or copy and paste the following:

about:config 

Then hit enter. Once the window opens, copy and paste the following into the Filter box without the quotation marks

"browser.tabs.loadInBackground"

Only "browser.tabs.loadInBackground" will appear.

Right click on it and choose, "Toggle" if the value is false it will be turned to true. Close the configuration window or tab and you're done.

From now on all of the tabs reached from links will open in the background. 

Tip within a tip; to open a link in a new tab, without right clicking and choosing new tab, simply hold down on the Ctrl Key while clicking on the link. The tab will open on the tab bar and if you followed this tip, you will still be on your current page. 

If you want the links in your Favorites folder to do the same, find the line, 

"browser.tabs.loadBookmarksInBackground"

and change that false to true as well. Bada Bing, Bada boom, your done. Nothing could be simpler, at least once you know where to look.


Is Firefox secure?

Question: I’ve made the switch from Internet Explorer to Firefox as you have recommended, and I couldn’t be happier! It’s a fantastic browser that has so much to offer. I know that Firefox is pretty secure, but do I still need to worry about privacy issues?

Answer: Unfortunately, in the software world, you'll rarely find anything that's perfect. Web browsers are tricky to keep secure because of all the Internet communication that takes place. When you think of security problems in a browser, Internet Explorer usually instantly jumps to mind. It is without a doubt the victim of the most problems, but that doesn't mean it's the only one. Even though Mozilla, Firefox, Opera, and other alternative browsers are suggested as being safer to use, they still experience problems just like IE. The fact that I prefer Firefox to IE doesn't mean that I just run the software and assume that everything's in good shape. In fact, security problems have been made public in these alternative browsers, as well. People who have enough motivation will find a way to break the software, and when they do, we all suffer.

The point is that you can't forget that security problems plague all browsers. When problems are found, patches are usually issued in a short period of time. Check the Web site of your browser to see if any updates are available. By regularly patching your browser, you're doing what you can to protect yourself.

No matter what browser you use, always remember that nothing's perfect. Just try not to use IE.

As always, all my best!
Bo


Speed up Firefox with the Network Extension

We've already explained about the config screen (See about:config) , but if you didn’t really pay attention to the contents then an explanation may be in order.

On the Firefox website are things that Mozilla is calling Browser Extensions. Basically, for you died in the wool MSIE fans, they are BHO's (Browser Helper Objects). The one that we are currently referring to is called Tweak Network Settings. Of course you can do the same thing using the About:config option but how many of us really know what some of these cryptic settings really are. If you mess around with them wily nilly then sooner or latter Firefox may, and probably will, become a useless icon on your desktop. Tweak Network Settings takes the mystery out of the cryptic and puts it into the realm of, "Hope whoever wrote this knows what the heck he/she is doing". To get Tweak Network Settings, click here. Once on the page, click the install now link or the Download Extension link. 

What Are Extensions? Extensions are small add-ons that add new functionality to Firefox. They can add anything from a toolbar button to a completely new feature. They allow the browser to be customized to fit the personal needs of each user if they need additional features, while keeping Firefox small to download

Once installed, shut down any and all open instances of Firefox and then re-open it. Click the Tools menu and you will notice a new command called, "Tweak Network Settings" Click on it and a new dialog box appears. Click the Power button, click Apply, click Ok. If you have a dialup network, you should notice that pages load considerably faster.

You can view other extensions like one for putting a Print Preview button on the toolbar at this address:

https://update.mozilla.org/extensions/?application=firefox.

Clicking on a link will take you to that Add-on's explanation and install and/or download site.


Give Firefox Amnesia:

Reader Mark writes: One of the things that I like the most about Firefox is the Google search box in the upper right-hand corner of the browser. I use it for just about all of my searches, and I’ve noticed that it remembers what I have searched for in the past. How can I erase Firefox’s memory?

A lot of people find these memory features to be extremely helpful because the browser will think for them by offering relevant suggestions. However, if you share your computer with one or more individuals, you’ll most likely want to wipe the slate clean.

The process of erasing saved form information is just as easy as erasing saved passwords. When you open Firefox, go to the Tools menu at the top and select Options. Click the Privacy tab on the left, and expand the Saved Form Information option. Uncheck the checkbox if you’d like to stop Firefox from keeping track of your data entry, or just click the Clear button to give the program temporary amnesia. Long-term or short-term – it’s your choice.


Firefox 1.0.1 is released to fix security holes

The Mozilla Foundation released on Feb. 24, 2005 Firefox 1.0.1, a security upgrade for its wildly successful 1.0 browser. More than 25 million people have downloaded 1.0 since its release on Nov. 9, according to the foundation.

I immediately felt that the security improvements in Firefox 1.0.1 warranted me publishing a newsletter update. But I held off until now because installation problems were causing severe confusion. I found it extremely difficult to nail down the best upgrade procedure.

Firefox 1.0's "check for updates" feature, for example, didn't report that any Firefox updates were available for six days after 1.0.1 became available. The foundation had kept the feature from reporting the existence of this update because of concern that 25 million people downloading the update simultaneously couldn't be supported by the existing infrastructure. This problem was apparently solved by Mar. 1, and checking for updates now reports that 1.0.1 is ready.

Rumors had also been flying that installing 1.0.1 required that Firefox 1.0 first be uninstalled. It's now clear that uninstalling 1.0 is necessary only if you want to install a ".exe" version of 1.0.1 over an instance of Firefox 1.0 that you obtained in a ".zip" file. Downloading 1.0.1 and installing it on top of a 1.0 .exe setup file you downloaded (as most people did) is fine. We've tested this and it works without deleting any bookmarks or Firefox extensions.

I recommend that Firefox 1.0 users upgrade to 1.0.1 immediately. The new version fixes a security problem with international domain names (IDN). The address bar can appear to show "paypay.com," for example, by composing a domain name of look-alike Unicode characters. Some registrars, unfortunately, are selling Unicode domain names that look identical to ASCII domains. Firefox 1.0.1 cures this by displaying all Unicode in "punycode," a plain-text equivalent. The punycode for the PayPal fake wouldn't fool anyone: "www.xn--pypal-4ve.com". This is a better fix than the two workarounds we published in the paid version of the Feb. 10 and 24 newsletters.

Firefox 1.0.1 also closes 16 other bugs, some of them potentially serious security weaknesses. This update is a good one to have.

Here, therefore, are the steps I recommend for this upgrade:

1. Read the Firefox 1.0.1 release-notes page carefully to see if any issues affect you:

http://www.mozilla.org/products/firefox/releases/

2. To be safe, back up your PC, or at least make a copy of Firefox's Profiles folder, which contains your bookmarks and other settings. The location of the Profiles folder differs in various versions of Windows. See the release-notes page for the exact location.

3. In Firefox 1.0, click Tools, Extensions and make a note of any extensions you've installed. After upgrading to Firefox 1.0.1, you may need to re-enable or re-install one or more extensions.

4. Close the Extensions window. In Firefox 1.0, click Tools, Options, Advanced. In the Software Update section, make sure "Periodically check for updates to Firefox" is ON. Click the "Check Now" button. A window should open to announce that a 1.0.1 ".exe" file is ready to download. Download this file, which will save itself to your Desktop and then start to install. You'll need to close any open Firefox window when prompted to do so.

5. The download process may present you with Firefox 1.0.1 in a language other than your preferred one (for example, en-US for U.S. English instead of it-IT for Italian). If so, halt the download and go to the foundation's All Downloads page, which offers language- specific versions (note: British English is not yet available):

http://www.mozilla.org/products/firefox/all.html

6. If you're running the ".exe" upgrade, but you originally installed Firefox 1.0 from a ".zip" file, you'll need to halt the upgrade and uninstall Firefox 1.0 before continuing. Running the ".exe" file to upgrade a version of Firefox 1.0 you originally installed from a ".exe" file, however, doesn't require uninstalling anything. (Some people recommend uninstalling *any* program before you install a new version, but this seems unnecessary.)

7. After Firefox 1.0.1 is installed, make sure your bookmarks are still intact and check that your extensions still work. If an extension isn't certified to work with 1.0.1, Firefox may disable it. In that case, click Tools, Extensions and try to download a new version of the extension. (We'll print in the Mar. 10 newsletter a way to make any Firefox 1.0 extension run in 1.0.1, even if it hasn't been certified to run in 1.0.1 by its developer yet.)

8. If you installed Firefox 1.0.1 over 1.0, the Add/Remove Programs applet in your Control Panel will show two uninstallers: one for "Mozilla Firefox (1.0)" and one for "Mozilla Firefox (1.0.1)." Running either routine at this point will uninstall Firefox 1.0.1. This is a known bug. Don't run either uninstall routine unless you want to uninstall Firefox 1.0.1.

That's it. In my opinion, the Mozilla Foundation should have written better instructions and made the process much smoother for Firefox users that they did. Hopefully, this will open the foundation's eyes to the usability problems that can arise with even a minor upgrade


Force extensions to work with 1.0.1

One issue you may run into is that updated versions of Firefox won't run any installed extension that hasn't been "marked" for that version by the extension's developer. Most 1.0-registered extensions should work with no problem under 1.0.1. But some developers may take their time or just forget to re-register their extensions when a new edition of Firefox is released.

If you have a crucial extension that won't work under 1.0.1, but you're sure it actually would work fine if given a chance, the procedure described below will trick Firefox into running it.

Let me be clear that you need to use caution and common sense when attempting this. There's a reason why extensions are required to specify a valid range of Firefox versions they'll work with. In most cases, a minor upgrade won't change anything enough to break any extensions. But the chance of a mismatch that could crash Firefox increases with every subsequent release.

For this reason, you shouldn't use this trick across major revisions. And be sure to test the effects when you do make such a change, so you can remove the tweaked extension if it causes problems.

Having said all that, it's a fairly simple process. Here it is, as promised in my Mar. 3 newsletter update:

Step 1: Uninstall any previous versions of the extension.

Step 2: Download the latest version and save the file in an empty folder.

Step 3: Rename the file from Extension.xpi to Extension.xpi.zip (replace Extension with the actual filename).

Step 4: From this file, unzip Install.rdf into the same folder as the .zip file.

Step 5: Open the file Install.rdf in your favorite plain-text editor.

Step 6: Find the line containing the word maxVersion. Change the number between the angle brackets to a number equal to or larger than your current Firefox version.

Step 7: Save the file, then add it back into your Extension.xpi.zip file, overwriting the original Install.rdf.

Step 8: Rename the extension file from Extension.xpi.zip back to Extension.xpi.

Step 9: Drag and drop the file into an open Firefox window. Hold your breath, and if it works, enjoy it!

Form more information, please see: Packaging Firefox/Thunderbird Extensions by Ben Goodger


To check for updates with Firefox, do this:

  1. Open Firefox
  2. Click Tools | Options | Advanced
  3. Scroll down to Software Updates and click "+" to expand the tree
  4. Checkmark Firefox and then to check for updates immediately, click the Check Now button

To learn more about Firefox, go to the Firefox Release Notes page.


Mozilla fixes risky Firefox flaw

The Mozilla Foundation issued a patch for a major security flaw in its Firefox browser on Wednesday and advised people to update their software.

The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.

Mozilla's Hofmann  "As the data shows, the flaws are of lesser severity," he said. "The kinds of things the Microsoft's browser is vulnerable to is much more worrisome."

To learn more about Firefox, go to the Firefox Release Notes page


Browser hole affects Firefox 1.0.3 and 1.0.4

Secunia reports a frame-injection vulnerability in Firefox 1.0.3 and 1.0.4. Mozillazine has details, including a comment that you can close the hole (until 1.0.5 is released) by clicking Tools, Options, Advanced, Tabbed Browsing and changing "open links in a new window" to "open links in a new tab in the most recent window": http://www.mozillazine.org/talkback.html?article=6762

A Secunia bulletin also notes that a similar hole has existed in Internet Explorer 5.x and 6.x since June 2004 and has not yet been patched by Microsoft (but there is a workaround): http://secunia.com/advisories/11966/


Tabbrowser Preferences

If you find Firefox's tab controls less than intuitive, give this extension a whirl. Tabbrowser Preferences installs directly into your Firefox browser. Not only does this plug-in make the tab controls more evident, but it also brings other hidden parts of the browser to the foreground. Tabbrowser Preferences boasts its own features, as well, such as letting you select tabs with a mouse-over instead of a click.

[Tabbrowser Preferences, (4.01 stars, 54152 downloads]
Enables enhanced control for some aspects of tabbed browsing.

See more Extensions for FireFox


Configure Firefox's settings to strengthen security

Despite its recent spate of security vulnerabilities, the default installation of the Firefox browser is actually pretty secure. However, as its popularity continues to grow, it's a good idea to add a standard layer of security to better protect your organization's users. Mike Mullins walks you through the settings in Firefox's Options window to help you boost the browser's security.

Despite its recent spate of security vulnerabilities, the Mozilla-based Firefox browser appears to be as popular as ever. While the browser's growth has somewhat slowed, Firefox continues to gain on Microsoft's Internet Explorer.

Firefox's default installation is actually pretty secure. However, the number of Firefox users continues to increase, and such popularity often spells more attention from attackers. With so many people using Firefox, it's a good idea to add a standard layer of security to better protect your organization's users.

Let's walk through Firefox's Options window (which you can access by going to Tools | Options) and look at some tweaks you can make to boost the security of the browser. Keep in mind that all of these suggested settings assume that the user login is for a single user and not shared among multiple users.

The Options window has five sections: General, Privacy, Web Features, Downloads, and Advanced. Because the General section focuses more on the browser's look and feel, we'll skip this one. 

Privacy

Web Features

Downloads

Advanced

After running through all of these various Firefox settings, you might be wondering how to deal with security zones, browser helper objects (BHOs), and ActiveX. Don't worry: These are Microsoft inventions that support Microsoft products. As long as you use Firefox, they won't bother you anymore.


Security Alerts and Updates
An independent researcher has reported a new crash bug in the Mozilla, Firefox and Camino browsers from the Mozilla Foundation.


Firefox update squashes security bugs
The Mozilla Foundation has fixed several security flaws in its Firefox browser, but has left people in the dark about what some of the issues entail.
Read the complete story.


Speed Up Firefox
For Broadband Users Only

If you’re using Firefox and if you have broadband, you can speed up your surfing with the following simple little hack. If you’re using dialup it might help a little bit. If the idea of messing with internal files makes you nervous, maybe you should skip it altogether.

  1. Open Firefox (Fx), type about:config into the address bar, and hit return.
  2. Locate the following entries:
  3. Double click each entry, and alter them as below:
  4. Right-click anywhere on the page and select New - Integer. Name it nglayout.initialpaint.delay and set its value to 0. This changes the amount of time that Fx waits to act on information.
Your pages should load noticeably faster. Enjoy!

For you Microsoft Internet Explorer diehards, the process is similar. Please see:

How can you speed up Internet Explorer?


A Couple Firefox Search Shortcuts

Firefox has an embedded search box in the upper right corner. By default, it searches Google, and I for one am happy with that. But, hit the little arrow and you can access or add other search engines. But, here are a couple quick little tips for using search directly from Firefox:

(1) Want to do a quick calculation? Just enter it into the search box and hit Enter and you will get an answer from Google. For example, enter "6*5" into the search and hit Enter, and you will get an answer from Google of 30.

(2) When surfing the internet, you can search using any word on a webpage. Simply highlight any word or phrase on a website, right-click on it and hit "Search for xxxx", where xxxx is the highlighted phrase. You will immediately get search results in a new tab.


What Firefox and Mozilla users should know about the IDN buffer overflow security issue

On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.

On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. Instructions on administering these changes can be found below.

How to update

There are two methods for resolving this problem. The first method is to install a small download and the second method is to manually change the browser configuration. You only need to do one of the two.

Installing the Patch

Manually Configuring the Browser

For more on the about:config preferences, please see the following article sites:


Force Firefox to make itself default

Loyal reader Jimmy writes: I have just installed Marathon as you have recommended for those who like MSIE. I also want to use firefox as the default browser but Marathon keeps opening any and all links. I only want to use Marathon sometimes but now it has set itself as the default and no matter what I try, it still stays the default. Is there any way around this short of uninstalling Marathon? Thanks - Jimmy

Sure Jimmy, try the following:

If Firefox already thinks that it is default then, when it's not running, go to * Start | Run * and enter this into the text box: and press OK

 firefox.exe -silent -nosplash -setDefaultBrowser

Still a no go Jimmy? Then give these two solutions a try:

Set default browser to FireFox (manually). To do this:

  1. Go to your Desktop; Open My Computer; Click Tools | Folder Options;
  2. Go to the File Types tab, and assign the following things to Firefox:
  3. When complete, load FireFox,
  4. Click Tools | Options, and click 'Set Default Browser'.

Solution #2: SetBrowser (freeware)

Try a freeware utility called SetBrowser to force your system to use Netscape, IE, or Opera. From the web site:

" [SetBrowser is] a very simple program that lets you set the default web browser in Windows. Select the browser you want, and the program will modify the required registry settings. Can now also automatically locate the browser. A valuable tool for anybody who uses more than one web browser on their system (e.g. if you switch between Netscape Navigator / Communicator, Microsoft Internet Explorer, Opera and others). Warning: Since most web browsers have the ability to make themselves default (and automatically set all the proper registry settings), only use SetBrowser in situations where browsers don't recognize the current settings. 'Forcing' the default browser, as SetBrowser does, is really a last resort. "

http://www.pc-tools.net/win32/freeware/setbrowser/

The set browser utility is a foolproof way to change the System Registry (For more on the uses of the System Registry, please see, Bo's Tweaky clean Windows)  to force Firefox or any browser you choose, to become the default. It works very well. We have this listed on our Featured Freeware Site also.


FoxyVoice

FoxyVoice is a Firefox extension that provides text-to-speech functionality using Microsoft Win32 Speech API (SAPI). With FoxyVoice you can listen to the page being read; or browse on one page and listen to another page being read for higher degree of sensory overload. The soothing voices that comes with SAPI also makes FoxyVoice a competent virtual hypnotist.

Find FoxyVoice Extension Here: