Browser Security News

Mozilla has issued another minor update to its Firefox 2.0 web browser. New for Firefox 2.0.0.3 is a single security fix that patches up a hole in the browser’s FTP PASV functionality. A malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the [...]

Mozilla Corp.’s Firefox suffered from 26% fewer vulnerabilities in the second half of 2006 than Microsoft Corp.’s Internet Explorer, a security company’s research said yesterday. According to Symantec’s tally, 40 Firefox vulnerabilities were disclosed between August and December 2006; Internet Explorer (IE), meanwhile, was hit with 54 bugs. Opera and Safari — the browser Apple [...]

Microsoft’s Internet Explorer browser may have the lion’s share of the general market, but when it comes to security types, Mozilla’s Firefox open source browser is an even contender, according to a security survey released Monday. Security-minded people also were quicker to try out Internet Explorer version 7, researchers with the SANS Institute found, though [...]

HttpOnly cookies are a mechanism Microsoft developed for IE6 SP1 to add some security to cookies. The web developer would set a cookie (for instance the session cookie) to be HttpOnly (both ASP and PHP support setting HttpOnly cookies) and the browser would only ever use that cookie when sending HTTP requests, not when client [...]

Mozilla Corp. is changing the way it publishes security fixes for its Firefox browser. Over the next day, the open-source company plans to begin delivering bug fixes to a select group of beta testers who will try out the upcoming Firefox 2.0.0.3 version before it is released to all Firefox users.

A vulnerability in Microsoft’s Internet Explorer (IE) browser could help fraudsters make phishing websites appear legitimate, a security researcher reported Wednesday. The flaw lies in the way IE7 processes a locally stored HTML error message page that is typically shown when the user cancels the loading of a webpage, said Aviv Raff, a security researcher [...]

Mozilla is still wrestling with adding a security feature to Firefox that its browser rival, Microsoft’s Internet Explorer 7, uses on Windows Vista to keep malware from hijacking computers. In Vista, IE7 uses a technique Microsoft calls Protected Mode – another name for "low rights" – that blocks disk access to all but a temporary-files [...]

Shortly after Apple introduced its Safari Web browser, I switched — primarily because Internet Explorer for the Mac flat-out sucked. I use several other browsers, but my day-in, day-out workhorse is still Safari. However, just because that’s my browser of choice, it doesn’t necessarily mean it’s the best option. I’ve already written reviews for Firefox [...]

A design error in the Firefox browser can allow phishers to conceal the true origins of a web page from the user. This could be used to place extremely deceptively genuine looking web pages from organisations such as banks, eBay, PayPal and other providers on the web (spoofing). Browser security specialist Michal Zalewski has provided [...]

…Web Assistant, a browser enhancement which applies a sense of context to content in order to make searching for related information faster and more accurate. With work already underway on Internet Explorer 8, which is slated for release in late 2008 or early 2009, Web Assistant certainly looks a starter. It struck us as a [...]