Free Republic

Mozilla's Firefox keeps chipping away at Microsoft's massive lead in browser usage, two Web metrics firms reported Monday. San Diego, Calif.-based WebSideStory, which last released usage numbers in January, said that in the last five weeks, Firefox has gained an additional 0.74 percent to account for 5.7 percent of all browsers used in the U.S. Microsoft's Internet Explorer, meanwhile, now stands at 89.9 percent, a drop from January's 90.3 percent, and the first time WebSideStory pegged IE as falling under the 90-percent mark. "That 7/10s of a point compares well with previous increases," said Geoff Johnston, an analyst for WebSideStory....

Web analytics firm Onestat.com reported Monday that the global usage share of Mozilla's Web browsers and Apple's Safari Web browser continue to rise. The firm said that since November 2004 Mozilla usage has increased more than 1 percent to 8.45 percent thanks to the popularity of Firefox, and Safari increased 0.3 percent to 1.21 percent. For the same period, use of Microsoft's Internet Explorer browser declined from 88.79 percent to 87.28 percent. Previous figures published by Onestat broke out Web browser usage by version; this new report consolidates all versions of Internet Explorer and refers to Mozilla Firefox specifically, rather...

FEBRUARY 26, 2005 (IDG NEWS SERVICE) - Several security vulnerabilities in Firefox and the Mozilla Suite of Internet software put users of the open-source products at risk of hacker attacks, the Mozilla Foundation warned this week. The organization released Firefox 1.0.1, which fixes 17 security flaws in the popular Web browser. The most serious flaws could allow an attacker to gain full control over a victim's PC, the Mozilla Foundation said in a statement. Firefox 1.0 was released in November and has since been downloaded more than 27 million times. Firefox 1.0.1 also includes several fixes to guard against spoofing...

The Mozilla Foundation on Thursday released an update to the Firefox Web browser to fix several vulnerabilities, including one that would allow domain spoofing. The open-source project released Firefox 1.0.1 to fix a vulnerability in the Internationalized Domain Names (IDN), a standard for handling special character sets in domain names that could let an attacker spoof Web sites on non-Microsoft browsers. The standard allows companies to register domain names that appear to be the same in different languages.

Mozilla Firefox project (formerly Firebird, which was formerly Phoenix) is a redesign of Mozilla's browser component, written using the XUL user interface language and designed to be cross-platform. It includes a popup blocker, tabbed browsing, a smarter search, hassle free downloading, and improved privacy and security.

Even if there's a newer IE 7 coming before the next Windows release, I won't trust what [its company] says. Nothing says that Microsoft will really secure its browser against silent and malicious ActiveX installations, and nothing says that IE 7 will support the many users who still have Windows 98 and 98 SE (and the few users still using Me who bought a "new" OS, which was really so deceptive that they won't even try to upgrade to XP...). What is consistently frightening is that Bill tries to convince everybody that the only way to browse the Internet is...

On February 15th, exactly 99 days after it was released, Firefox 1.0 smashed through the 25 million download milestone. Thank you. Thank you for helping us take this product from 25 to 25 million, from our little corner of the world to yours, from the technically elite to Karen and Rimone. With a minimal set of tools—an affiliate system, a small donations fundraising system, blogs, galleries, forums, and the good old human larynx—you all are spreading Firefox to a quarter of a million people a day. More than 500,000 sites now link to Firefox according to Google—a fivefold increase from...

"update SAN FRANCISCO--Reversing a longstanding Microsoft policy, Bill Gates said Tuesday that the company will ship an update to its browser separately from the next major version of Windows. A beta, or test, version of Internet Explorer 7 will debut this summer, Microsoft's chairman and chief software architect said in a keynote address at the RSA Conference 2005 here. The company had said that it would not ship a new IE version before the next major update to Windows, code-named Longhorn, arrives next year. In announcing the plan, Gates acknowledged something that many outside the company had been arguing for...

The party's over. In the past year, the little browser that could, Firefox, became the people's hero, an underdog warrior that took a huge swipe at its enemy, Internet Explorer. IE dipped below 90 percent market share for the first time in years, while Firefox lured users like the Pied Piper, blowing past its own fundraising goals and reigniting the browser wars. Meanwhile, the bad news continued to mount for Microsoft. An IE exploit put even Windows XP SP2 users at risk from phishing schemes, even as Microsoft touted SP2 as the most secure version of Windows yet. Worse, major...

Netcraft has the story that Mozilla has decided to drop support for international domain names in future versions of its Firefox Web browser. The decision comes after demonstrations by the Schmoo Group that the feature can be used to aid in phishing scams and other browser naughtiness." From the article: "The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration functions). The Mozilla development team today made this the default setting. Users who want IDN support will be able to turn it...

Gartner urges caution before downloading Firefox The Web browser may not be an unstoppable juggernaut News Story by Matthew Broersma FEBRUARY 10, 2005 (TECHWORLD.COM) - Companies should think twice before jumping on the Firefox bandwagon, according to research firm Gartner Inc. The open-source browser has been gaining market share steadily over the past few months, helped by industry support and user enthusiasm, but Firefox isn't the unstoppable juggernaut it might seem. Browser switching is taking place at the level of individual users, rather than organizations, and some of the factors that make Firefox more appealing than Internet Explorer are likely...

Yahoo Inc. on Thursday launched a beta release of a toolbar for Mozilla Firefox, a sign of the increasing popularity of the open-source web browser. The Sunnyvale, Calif., portal giant is providing Firefox users with a version of the toolbar Yahoo currently provides for Microsoft Corp.'s Internet Explorer. The purpose of the software, which is installed under the browser's address bar, is to give people one-click access to Yahoo services. Features in the toolbar beta include search that looks for information on the web, Yahoo or on a particular website. There's also a search history to check previous searches. Translation...

Security experts are advising that spyware that targets browsers from the Mozilla Foundation has been spotted--a threat that could worsen as its Firefox browser takes market share from Microsoft. Stu Sjouwerman, the founder of Sunbelt Software, said on Tuesday that the anti-spyware company has discovered what it believes is the first spyware to take aim at surfers using Mozilla browsers. Richard Stiennon, the vice president of threat research at Webroot Software, which also develops anti-spyware tools, said that the malicious software does not target Firefox specifically. "According to my research team, this site does not target Firefox, but it does...

It hasn't been a good week for Firefox and its fans. First, the Danish security company Secunia warned that it had uncovered a vulnerability in Firefox and other browsers that can allow the URL displayed in the address bar and the SSL certificate to be spoofed, which means the browser and others are vulnerable to phishing attacks. The flaw affects all browsers built using the open-source Gecko browser kernel. And this time around, Internet Explorer is not vulnerable to the attack. Making matters worse, a few days after that, a security researcher found a trio of security bugs that affect...

Experts: International domain names may pose threat The new trick is a variation of the 'homograph attack' The new trick is a variation of a known technique called the "homograph attack" and takes advantage of loopholes in the way some popular Web browsers display domain names that use non-English characters. It could allow malicious hackers and online identity-theft groups to trick unsuspecting users into divulging sensitive personal information, according to an advisory from The Shmoo Group, a hacker collective, and from Secunia. snip For example, attackers could register a Web domain "bloomberg.com," which looks identical to the popular business news...

One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators, who are already poking at the open source browser alternative. Webroot Vice President of Threat Research Richard Stiennon said he expects there will be spyware for Firefox this year, adding that while the browser was designed to be immune from the spyware infecting IE, Firefox will face a new breed of spyware tailored specifically...

New Browser Trick FoundUses homograph attack to spoof links As members of our Security forum discuss, a new homograph browser trick (see demo page) has been discovered that oddly works in every browser but IE. The trick uses International Domain Name (IDN) character support (using foreign characters that resemble American alphabet letters) to trick your browser into showing fake domain names in hyperlinks and in the address bar. IE doesn't support IDN (though it can via plug-in), so by default isn't vulnerable. More detail in this advisory from the group that discovered it.

All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs. The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in...

Phishers are taking advantage of Microsoft’s new software anti-piracy initiative by launching a wave of phishing e-mails in an attempt to get credit card numbers from Microsoft customers. The rogue e-mails also allow phishers to install spyware and adware on users’ machines. Last month Microsoft said it would not allow users in some countries install software updates online unless they could prove that their Microsoft software was legitimate. Security company Websense said it has received several reports of two new versions of spoofed e-mails that are being used to install spyware/adware onto end-user's machines and steal credit card details. The...

The next version of the popular open-source Firefox will likely show up in June of 2005, not March as earlier expected, the browser's lead engineer wrote this weekend in his blog. "In a move that I would hope should surprise exactly nobody, we're pushing back 1.1 by a little bit because of the realities of the work remaining to be done," wrote Ben Goodger. The updated road map for Firefox 1.1 noted that beta should ship in early April, with a final edition to follow in June. The next major revision, dubbed 2.0, is still on track for release sometime...