LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Security Features of Firefox 3 Print E-mail
User Rating:      How can I rate this item?
Source: Linux Security.com Editors - Posted by Administrator   
Features Lets take a look at the security features of Firefox 3. Since its release, I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.

Introduction


Bill Keys
Features

Warning users of potential harmful websites while surfing the Internet is an important security feature of a web browser. Being able to clearly warn the user without being a computer expert is one of the problems Firefox tried to solve with Firefox 3.0. They have two features that do this: Google-powered Malware Protection and a feature called “One-Click Site”. Google-powered Malware Protection displays a warning screen if the web site is known to contain malware. This is the same technology that Google already uses in warning users if they try to visit a search result that may install malicious software on your computer.

“One-Click Site” lets the user know who owns the site they visited, which is a useful tool in deciding the integrity of the site. It also checks if the connection is protected from eavesdropping. The last part of “One-Click Site” is if a site uses the Extended Validation SSL certificates, then the sites favicon button will turn green and show that name of the company you're connected to. All this data is displayed in the location bar of the browser which makes it easier for the user to get quick security information off the websites they are browsing.

In Firefox 3.0, Mozilla took a new approach in SSL secured sites. They changed the SSL error pages to make them cleaner and tighter when the browser finds an invalid SSL certificate. This also protects the user by preventing them from proceeding to a possible harmful site. After using Firefox 3.0 I found that many of the HTTPS sites that I visit in the past now displays the Firefox SSL warning page. I know that I could trust the site so I clicked on the Add Exception button which allowed me to visit the site. It was a little inconvenient but, Firefox looks like they are taking no chances with user security. Mozilla looks like they have significantly reduced the likelihood of a successful man-in-the-middle attack. Up to the release they have been getting some heat on how they handle SSL pages. So, if you have an option on their SSL changes then feel free to add a comment.

Add-ons and Plugin security has been a problem which Mozilla has worked on to solve with this release. One way they are improving it's plug-in security is to disable ones that update in an insecure manor. It checks your installed plug-ins and add-on versions automatically. For example, if the third-party software gets updated without using a SSL digital signature then Firefox will disable the plug-in. This helps prevent some of the flat file vulnerabilities that they were having in the past.

Another security tool is integration with Anti-virus software. With this release Firefox will inform anti-virus software when the user is downloading executable files so the user's virus software can scan it to see if the file is a virus and alert the user before they download it.

Conclusion

Time will only tell on how these security features and tools will help protect the users from attacks but they sure seem to take security as a top priority with this release. My overall experience with Firefox 3 was good, I was happy to see all the new security enhancements with this major release. Feel free to comment on your experience with Firefox 3.0.

Resources

Comments
www.renjusblog.comWritten by renju on 2008-07-09 13:43:39
Make sure Firefox is set to auto update since Tipping Point DVLabs has announced a vulnerability in Mozilla's latest browser. 
sited here: 
http://www.renjusblog.com/2008/06/get-your-personalized-firefox-3.html
Good pointWritten by Mike on 2008-07-15 21:31:11
Good point
great thoughtsWritten by Vegas online casino gambling on 2009-03-27 09:21:51
Google-powered Mal ware Protection displays a warning screen if the web site is known to contain Mal ware. This is the same technology that Google already uses in warning users if they try to visit a search result that may install malicious software on your computer. Vegas online casino gambling In Firefox 3.0, Mozilla took a new approach in SSL secured sites. They changed the SSL error pages to make them cleaner and tighter when the browser finds an invalid SSL certificate. This also protects the user by preventing them from proceeding to a possible harmful site. After using Firefox 3.0 I found that many of the HTTPS sites that I visit in the past now displays the Firefox SSL warning page.so i think so its very useful and knowledge able.it is Very good info.i would like to thank you for the efforts you have made in writing this article.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.