Security Features High in Firefox 3 Beta 3 Release
Mozilla is inching closer to delivering the next major refresh of its flagship Firefox browser.
Late this evening, the open-source group shipped Firefox 3 Beta 3, an update that features approximately 1,300 individual changes from the previous beta, including fixes for stability, performance, memory usage, platform enhancements and user interface improvements.
The latest beta is heavy on security improvements, including an enhancement to the Google-powered Malware Protection feature that puts up a warning sign when users visit sites which are known to install viruses, spyware, Trojans or other malware.
Here's a mock-up of what the malware protection warning looks like:
It also comes with improvements to the security-themed One-click site info feature that lets Firefox users click on the favicon in the location bar to see who owns the site and to check if the connection is protected from eavesdropping.
The feature prominently displays identity verification that makes it easier for the non-technical user to understand. For example, when a site uses Extended Validation SSL certificates, the site favicon button will turn green and show the name of the company the browser is connected to. Here's a demo of how it works.
Also new in Firefox 3 Beta 3:
Web Forgery Protection page: The content of pages suspected as Web forgeries is no longer shown. See this demo.
SSL error pages: Clearer and stricter error pages are used when Firefox encounters an invalid SSL certificate.
Add-ons and Plugin version check: Firefox now automatically checks add-on and plugin versions and will disable older, insecure versions.
Secure add-on updates: To improve add-on update security, add-ons that provide updates in an insecure manner will be disabled.
Anti-virus integration: Firefox will inform anti-virus software on the desktop when executables are being downloaded.
Windows Vista Parental Controls: Firefox will respect the Vista system-wide parental control setting for disabling file downloads.
Effective top-level domain (eTLD) service: Better restricts cookies and other restricted content to a single domain.
Better protection against cross-site JSON data leaks.