The two magic numbers of the day are 5 and 3, and after PHP 5.3, Firefox 3.5 have just been released. Firefox 3.5 aims to be the Fastest browser ever, a Sunspider test on windows xp machine show only 1,524ms compared to FF2 and FF3 with respectively 18,148ms and 3,669ms, and I guess there is need to compare to other browsers.

Major new features in Firefox 3.5 are :

• Support for the HTML5 video and audio elements including native support for Ogg Theora encoded video and Vorbis encoded audio.
• Improved tools for controlling your private data, including a Private Browsing Mode.
• Better web application performance using the new TraceMonkey JavaScript engine.
• The ability to share your location with websites using Location Aware Browsing
• Support for native JSON, and web worker threads.
• Improvements to the Gecko layout engine, including speculative parsing for faster content rendering.
• Support for new web technologies such as: downloadable fonts, CSS media queries, new transformations and properties, JavaScript query selectors, HTML5 local storage and offline application storage, canvas text, ICC profiles, and SVG transforms.

There are already 1,2 Million Firefox 3.5 Download, so you can also join the fun and upgrade here http://www.firefox.com.

Posted by Hatem at 7:04 PM to Announcements | Permalink | Comments (0)

In a recent post in Mozilla Security Blog, Brandon Sterne Security Program Manager talked about Mozilla effort to shut down XSS (Cross-Site-Scripting) attacks with Content Security Policy.

For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web's most popular sites and victimized their users. At Mozilla, we've been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down.

Mozilla is making efforts not only to make Firefox the fastest browser, but also the most secure platform. Brandon explains CSP approach to validate content :

In order to differentiate legitimate content from injected or modified content, CSP requires that all JavaScript for a page be 1) loaded from an external file, and 2) served from an explicitly approved host. This means that all inline script, javascript: URIs, and event-handling HTML attributes will be ignored. Only script included via a script tag pointing to a white-listed host will be treated as valid. Additionally, CSP allows several other common-sense security restrictions to be enforced.

Of course this will not save you 100% from XSS, Clickjacking or Packet Sniffing Attacks, but I think it's a good initiative from browsers to help keeping the web safe.

Posted by Hatem at 9:20 PM to Announcements | Security issues | Permalink | Comments (0)

This is a firefox plugin that I was looking for since long time, you will probably say why we need activeX with Firefox ? But some Intranet application require some functionnalities that are already available as ActiveX. I had a ActiveX twain solution that I wanted to run on firefox, so finally I think this could be done using ff-activex-host.

The extension is developed by Leeor Aharon, IT Structures Ltd, makes possible to use ActiveX controls in Firefox and provides full access to the hosted control (events, functions, properties) based on the Gecko NPAPI. Concerning security :

The plugin has some security related features to limit the risk it might pose to users by making ActiveX controls available in Firefox. First of all, it is using a special MIME Type so that it won't get triggered by sites that were not specifically designed for it. Additionally, it supports lists of well known CLSIDs and PROGIDs so that it can be limited to use with specific controls and interfaces. Finally, it can be "site locked" to make sure it's only being used by a predetermined list of domains.

You can find sample usage and download in the project website at http://code.google.com/p/ff-activex-host/

Posted by Hatem at 1:02 PM to Firefox Extensions | Permalink | Comments (3)

The Firefox community is joining forces this Friday to realize a new Guinness world record for highest software download in 24h ! Firefox3 is going to make the Buzz this week and certainly getting higher market share against Internet Explorer. The official date for the launch of Firefox 3 will be posted really soon in the next days, so for now you can pledge to get Firefox 3 during Download Day to set the Guinness World Record for Most Software Downloaded in 24 Hours. Until today 718,034 pledges from all over the world, 15% of them from US, then 7.5% Poland and 7.5% from Brasil. You also could be involved and be part of this mission impossible http://www.spreadfirefox.com/worldrecord.

Posted by Hatem at 7:37 AM to Announcements | Permalink | Comments (0)

EC2 Firefox Extension is now open sourced, the extension which aims to make Amazon EC2 usage easier. From the extension it's very easy to manage and launch EC2 instances. The extension is now available on Sourceforge under the name Elasticfox and under the Apache License V2.0. What this extension do :

• List available AMIs (Amazon Machine Images)
• List your running instances
• Launch new instances of an AMI
• Manage security groups and launch permissions associated with your instances

Posted by Hatem at 6:09 PM to Firefox Extensions | Permalink | Comments (0)

This is another amazing Firefox extension which let you manage your task right in your Gmail. Remember the milk for Gmail (or RTM) provide the possibility to add new tasks, complete, postpone, and edit tasks. Best of all, it connect tasks to your Emails, Contacts or Google Calendar events. You can automatically add tasks for starred messages or specific labels... Very innovative way to get your tasks done in Gmail.

Posted by Hatem at 7:58 PM to Firefox Extensions | Permalink | Comments (0)