Firefox 3 Beta 3, released this week by Mozilla, purports to deliver a host of security enhancements to the popular open-source browser, including fixes for stability, performance, memory usage, platform enhancements and user-interface improvements.
Among the security enhancements in this version is what Mozilla calls its "one-click site info" feature. Clicking the site favorites, or "favicon," icon in the browser's location bar will allow Firefox users to see the site's owner and check if their connection is protected from eavesdropping.
When a website has deployed extended validation SSL certificates, the favicon button turns green and shows the company the user is connected to. Owners of extended validation certificates undergo a "more robust evaluation" to ensure they're who they say they are, adding another level of security to online transactions, Window Synder, Mozilla's chief security officer, told SCMagazineUS.com.
The new malware-protection feature warns users when they visit sites that have been known to contain viruses, spyware, trojans or other malware, Snyder said.
“[The feature] displays a page that alerts users that malicious software has been identified and the [requested] page doesn't load," she said.
The latest Firefox beta release also delivers a forgery protection page that displays an alert warning that the site is designed to trick end-users into disclosing personal information.
Other planned security enhancements in Firefox 3 include easy-to-understand information on SSL error messages, close integration with Windows Vista's parental controls feature for disabling file downloads and the ability to work cooperatively with anti-virus software when downloading executable files. In addition, it adds a more effective top-level domain (eTLD) service that restricts cookies and other restricted content to a single domain.
The new version also incorporates more than 350 memory leak fixes. While such leaks are often associated with security issues, these fixes enhance reliability and performance, Snyder said.
"We're always looking for memory issues and fix those as they come up," she said. "Our policy is to fix them when they're identified and not worry about whether or not they can actually be exploited."