Firefox Smörgåsbord

A Smörgåsbord of Firefox related news items from the past couple weeks.

  • Fake PayPal screen dupes IE, Safari, Chrome – Microsoft Blog/Seattle PI
    Sadly it is stores like these that give PayPal a bad reputation as being associated with fraud and theft.  But it is not PayPal’s fault. Most of the fault comes down to the uneducated web user who don’t take a quick moment to review the address bar for https as well as making sure they are really at PayPal.com and to look for the secure ‘padlock” (also in IE7 and Firefox the address bar will have a green background).  This time around the hackers got a bit for sophisticated and created a bogus SSL which fooled most browsers into showing the site as legit. However, it did not work on Firefox,  because Firefox does not use the Microsoft security library which the other three browser do.  The story gets worse though:

      “Microsoft has known about the gaping hole in its CryptoAPI security library since June, when a hacker exploited it at the Black Hat security conference in Las Vegas. And Microsoft still hasn’t fixed it.”Microsoft is investigating a vulnerability in SSL in Windows presented during Black Hat,” a Microsoft spokesperson told seattlepi.com. “Once we’re done investigating, we will take appropriate actions to protect customers.”
  • There is a sample shot of the ‘fake’ PayPal page with the URL removed on the Microsoft Blog/Seattle PI. 

  • MediaFire asks Mozilla to take down SkipScreen – mozillaLinks

    MediaFire is a file sharing site, which like many other sites of its type, are riddled with advertisements. This can make it difficult for some users to find the download link for the file they are requesting. MediaFire does offer an “ad-free experience” for around $7 a month with their Pro account. SkipScreen simply bypasses the download page, navigating to the download link immediately. So users don’t get to see the ads, or click on them, or even want to get a Pro account. MediaFire is saying this hurting their revenue and business model. On the other end is SkipScreen with whom, the Electronic Frontier Foundation has sided with and has taken them as clients and sent a letter to Mozilla making the case for the continued hosting of the extension:

    • MediaFire probably would prefer that we all sit, transfixed, while they display ads for us, just like certain Hollywood executives wish we would never leave the couch or hit FFWD when commercials run during our favorite TV shows, and certain websites wish they could ban Firefox ad-blockers. Fortunately, there’s nothing in the law that says that by simply visiting a website, I give up the right to control my desktop.

    I also have to wonder how ‘clean’ those ads really are on that site. Just because the user doesn’t click on the ad doesn’t mean the site hasn’t sent cookies, malware and/or spyware to the users computer.

  • Mozilla Plugin Check page to help safer web experience – mozillaLinks
    Firefox 3.5.3 was the first Firefox update which would also check for updates for your browser plugins the first time you started the browser after installing the update. Presently, it only checks the Adobe Flash plugin. Mozilla has been in the works of creating a Plugin check page which is going to check the remaining “well known” plugins. This site is currently in beta status.
  • Firefox 3.6 gets full screen native video – mozilla LinksPhotobucket
    I could have sworn this was going to be part of Firefox 3.5 final release. So hard to keep track what features are associated which version (3.5, 3.6, 3.7 or 4.0). Anyway, the current Firefox 3.6 nightlies (Beta1pre) now feature a full screen option for videos embedded using the tag like the natively supported Theora encoders. Haven’t had a chance to try this out yet…oh wait I haven’t even tried out Firefox 3.6 yet. May be next week when Beta 1 is released.
  • Not funny: 60% still using IE6 in South Korea – mozilla Links
    I work for a hosting company which also provides SSL certificates so I know a little bit about the technology and how it works. All SSL certificates issued now are 256-Bit encryption. In the late 90’s 128-bit encryption was just being introduced but would not be ‘exported’ outside the US until the end of 1999. The South Korean Government now wanting to wait for 128-bit encryption to become available to them and since IE had 95% of the market share, ended up designing their own propitiatory encryption system. This system was used via a Netscape Plugin or as an Active-X Control in IE.

    Fast forward a decade later…Netscape is long since gone and most everyone in South Korea who want to access secure sites (banking, government services, etc) have to do so using a Windows computer with only 128-bit encryption and IE6. Users can not access these sites with Firefox (no Active-X support) or for that matter IE7 or IE8.

  • Tweaks Update: Out with Firefox 2 and in with Firefox 3.6. In the coming weeks once I start using Firefox 3.6 beta 1, I am going to be updating the tweaks section. Since Firefox 2 will soon be 3 versions ago and to keep the pages from getting overly large I am going to be removing compatibility info for Firefox 2. But at the same time will be adding compatibility info for Firefox 3.6 version. Still haven’t seen an official release date, but seeing that Firefox 3.6 is going from Alpha 1 to Beta 1 soon is a good sign that the release may be before year-end.