“No software is free from bugs” and that statement holds true for the mighty Firefox too. Yesterday the Mozilla Foundation released Firefox 3.0.1, the first update for Firefox 3.0, patching some of the known vulnerabilities. It mainly addresses several security and stability issues. A update was also released for Firefox 2.0 users upgrading them to 2.0.16.

The two critical patches deal with remote code vulnerabilities and command line URLs spawning tabs when Firefox is not running. MFSA 2008-34 is the first critical patch. It was reported via TippingPoint’s Zero Day Initiative, and centers on issues with Mozilla’s internal CSSValue array data structure. An attacker can create a large number of calls to common CSS objects, triggering a crash of the browser when it attempts to free the CSS object while still in use. The resulting crash could be used to execute code on the system.

The second critical issue comes from Billy Rios, who reported that, “if Firefox is not already running, passing it a command-line URI with pipe (“|”) symbols will open multiple tabs. This URI splitting could be used to launch chrome:i URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which was intended to block external applications from loading such URIsi,” Mozilla explains. The vulnerability in MFSA 2005-53 remains patched however.

“For example, web browsers normally handle file: URIs themselves, or block them from web content altogether, but this flaw enabled attackers to pass them from another browser into Firefox. In Firefox 2 scripts running from file: URIs can read data from a user’s entire disk, a risk if the attacker could first place a malicious file in a guessable location on the local disk. Rios demonstrated that the so-called “Safari Carpet-bombing vulnerability” could be used for this, as well as other techniques that do not rely on that now-fixed Safari vulnerability,” the advisory added.

Internal testing on Firefox 3.0 also showed that Rios’ research can be combined with various vulnerabilities to trigger code execution. “In Firefox 3 scripts running in local files have limited access to other files, almost entirely mitigating the file: attack. However, combined with a vulnerability which allows an attacker to inject script into a chrome document the above issue could be used to run arbitrary code on a victim’s computer.”

Firefox 3.0.1 Updated

Related articles

• Mozilla patches Firefox side of Safari ‘carpet bomb’ threat
• Firefox 3.0.1 More Secure and Stable [Firefox]
• Unpatched Web browsers prevalent on the Internet
• Microsoft updates Live Calendar with birthdays, holidays, iCal subscriptions

Yesterday, Matt officially announced the release of WordPress 2.6 codenamed “Tyner” to the blogging community. WordPress release codename’s are named after jazz musicians and continuing with the tradition, 2.6 has been named after McCoy Tyner. It contains many new features that makes WordPress a more powerful  CMS (Content Management System).

One of the most important features of this release is Version Control System which enables Wiki-like tracking of edits similar to Wikipedia. This would be a very handy feature which enables the users to just undo and go back to a previous version of the post.

Another major feature introduced in this version is display of captions alongside the images. The example can be seen in the WordPress logo displayed in top of this post.  [Looks like alignment of captions has an issue. I am not just able to get it aligned]

Theme previews would be loved by any serious WordPress user. It was a long awaited feature. It enables to preview the theme, tweak and correct your mistakes before the whole world sees it.

WordPress uses Gears (previously known as Google Gears), an open source browser extension project started by Google. It is primarily for developers to manage offline storage thus enabling you to get a little extra juice. It maintains a cache or keeps a copy of commonly-used Javascript and CSS files on your computer, which can speed up the loading of some pages by several seconds (they just pop right up!). You can install Gears for Firefox or Internet Explorer, with support for Safari and Opera pending. WP 2.6 only uses the cache concept and the future versions are promised with more features in collaboration with Gears.

Other notable features in this release of WordPress are

• Word Count are displayed in the side bar when writing or editing the posts.
• You can reorder the gallery just by drag and drop.
• Bulk management of plugins. Just enable or disable all plugins in a single click.
• “Press This” bookmarklet which enables you to blog from anywhere just by clicking a boomarklet in your browser.
• More advanced image control enabling easy insertion, resizing.  Also shifting from Flash uploader to the classic uploader is easy.
• Full SSL support in the core, and the ability to force SSL for security.
• A number of proactive security enhancements, including cookies and database interactions. Version 2.6 fixes approximately 194 bugs.
• Stronger better faster versions of TinyMCE, jQuery, and jQuery UI.

With all these new features, I decided to jump the bandwagon without having to wait for my Hosting company to update the Fantastico which will help me automatically upgrade my WordPress installation. Now bit Feed is powered by WordPress 2.6

Related articles

• WordPress 2.6 is out. Should you upgrade. Yes!
• WordPress 2.6 adds revisions, Gears and Tumblr style blogging
• ‘Press It’ Bookmarklet in WordPress 2.6 Makes Tumblelogging Easy
• WordPress 2.6 Released Early
• Happy birthday, Google Gears!

For those who are bored with their old wallpapers and looking for a hot spicy firefox wallpaper, there are more than 70 wallpaper links at Hongkiat.com. Get your desktop a new look and help to spread the Firefox 3 around.

Visit Hongkiat.com to download the wallpapers

Related articles

• An amazing collection of abstract satellite photos, demonstrating the “impressionist, cubist
• 50 Remarkable Nature Wallpapers
• Landscapes, Cities, Nature full HD photos

Eventhough Shiretoko, is going to have Visual Tab switching feature inbuilt, it will be still some more months before we get the stable release. Till then Ctrl-Tab extension should satisfy the Firefox Tab addicts. This extension emulates the Alt+Tab feature which helps to switch between windows in most of the operating systems. It is much more faster in Firefox 3 than the previous versions.

Pressing [Ctrl]+[Tab], brings up a thumbnail preview of the tabs, and repeated presses of [Tab] proceeds in the order of tab usage. Releasing the [Ctrl] selects the particular Tab window. Holding the [Tab] makes the scroll faster. Press [Shift] to make the scroll in the reverse order.

For those who want to see all the tabs present in the present Firefox session, just press [F4] or the List all Tabs button in the right end of Tab bar to bring up a grid view of all the tabs. There is a filter option also thrown in for the hardcore Tab addicts.

I am using this add-on in Firefox 3 and really recommend all to try it out for yourself. It’s worth the effort.

Download Ctrl-Tab

Related articles

• Simple Extensions in Firefox 3
• Download of the Day: Send Tab URLs
• CLiCk,Speak for Firefox 3.
• Next Tab Keeps Your Tabs in Context [Featured Firefox Extension]