Security Features of Firefox 3
Source: Linux Security.com Editors - Posted by Administrator   
Features Lets take a look at the security features of Firefox 3. Since its release, I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.

Introduction


Bill Keys
Features

Warning users of potential harmful websites while surfing the Internet is an important security feature of a web browser. Being able to clearly warn the user without being a computer expert is one of the problems Firefox tried to solve with Firefox 3.0. They have two features that do this: Google-powered Malware Protection and a feature called “One-Click Site”. Google-powered Malware Protection displays a warning screen if the web site is known to contain malware. This is the same technology that Google already uses in warning users if they try to visit a search result that may install malicious software on your computer.

“One-Click Site” lets the user know who owns the site they visited, which is a useful tool in deciding the integrity of the site. It also checks if the connection is protected from eavesdropping. The last part of “One-Click Site” is if a site uses the Extended Validation SSL certificates, then the sites favicon button will turn green and show that name of the company you're connected to. All this data is displayed in the location bar of the browser which makes it easier for the user to get quick security information off the websites they are browsing.

In Firefox 3.0, Mozilla took a new approach in SSL secured sites. They changed the SSL error pages to make them cleaner and tighter when the browser finds an invalid SSL certificate. This also protects the user by preventing them from proceeding to a possible harmful site. After using Firefox 3.0 I found that many of the HTTPS sites that I visit in the past now displays the Firefox SSL warning page. I know that I could trust the site so I clicked on the Add Exception button which allowed me to visit the site. It was a little inconvenient but, Firefox looks like they are taking no chances with user security. Mozilla looks like they have significantly reduced the likelihood of a successful man-in-the-middle attack. Up to the release they have been getting some heat on how they handle SSL pages. So, if you have an option on their SSL changes then feel free to add a comment.

Add-ons and Plugin security has been a problem which Mozilla has worked on to solve with this release. One way they are improving it's plug-in security is to disable ones that update in an insecure manor. It checks your installed plug-ins and add-on versions automatically. For example, if the third-party software gets updated without using a SSL digital signature then Firefox will disable the plug-in. This helps prevent some of the flat file vulnerabilities that they were having in the past.

Another security tool is integration with Anti-virus software. With this release Firefox will inform anti-virus software when the user is downloading executable files so the user's virus software can scan it to see if the file is a virus and alert the user before they download it.

Conclusion

Time will only tell on how these security features and tools will help protect the users from attacks but they sure seem to take security as a top priority with this release. My overall experience with Firefox 3 was good, I was happy to see all the new security enhancements with this major release. Feel free to comment on your experience with Firefox 3.0.

Resources

Comments
www.renjusblog.comWritten by renju on 2008-07-09 13:43:39
Make sure Firefox is set to auto update since Tipping Point DVLabs has announced a vulnerability in Mozilla's latest browser. 
sited here: 
http://www.renjusblog.com/2008/06/get-your-personalized-firefox-3.html
Good pointWritten by Mike on 2008-07-15 21:31:11
Good point
great thoughtsWritten by Vegas online casino gambling on 2009-03-27 09:21:51
Google-powered Mal ware Protection displays a warning screen if the web site is known to contain Mal ware. This is the same technology that Google already uses in warning users if they try to visit a search result that may install malicious software on your computer. Vegas online casino gambling In Firefox 3.0, Mozilla took a new approach in SSL secured sites. They changed the SSL error pages to make them cleaner and tighter when the browser finds an invalid SSL certificate. This also protects the user by preventing them from proceeding to a possible harmful site. After using Firefox 3.0 I found that many of the HTTPS sites that I visit in the past now displays the Firefox SSL warning page.so i think so its very useful and knowledge able.it is Very good info.i would like to thank you for the efforts you have made in writing this article.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!