Jun 04
Word is that Michal Zalewski posted about 4 vulnerabilities on the Full Disclosure mailing list. Two are for Firefox, one is for IE 6 & 7, and one is exclusive to IE 6. The thing I love is that they require Javascript to run, and ever since a few months ago I have been using the NoScript Firefox extension to block sites from executing Javascript unless I specifically allow them. It’s a great way to stop these attacks. The only nuisance is having to allow scripts to run on certain sites you visit, but once you do it for each site you don’t have to do it again. And the alternative of not being protected is even worse and makes the extra effort worthwhile.
Mozilla is already discussing the Firefox bugs in their bugzilla tracking system. I wonder how long it will take for Firefox to fix these. I give it less than a week.
Get protected: NoScript for Firefox
Source: Full Disclosure
Dec 16
Have you ever wanted to copy multiple lines from a website, but had to copy them each individually? Fret no more. There is a setting in Firefox’s about:config that lets you define how many lines you will paste in Firefox after having selected text. This is useful when copying a URL that is displayed on more than one line.
editor.singleLine.pasteNewlines defaults to 1 line. You can double click the entry and change it to a number of your choosing. I find that setting it to 3 usually does the trick for me.
1) Enter about:config in the Location Bar to display the list of user preferences.
2) Find editor.singleLine.pasteNewlines and double click it.
3) Enter the number of lines you would like the paste function to concatenate in Firefox.
Nov 30
Mozilla has finally released Firefox 1.5. A notable new feature is the new Software Update to easily get the newest updates for Firefox. No longer will you have to reinstall the entire browser to get the latest version; it’s all done within the browser instance. Pop-up blocking is also improved, and Firefox now has even stronger security.
I have been using Firefox 1.5 since the first Release Candidates were made available and I haven’t run into any problems with it. It actually seems a lot more stable than Firefox 1.0.7. And many of my favorite extensions have been updated for 1.5 (Google Toolbar, Bloglines Toolkit, Gmail Notifier). And the new version of Greasemonkey for Firefox 1.5 should see the light of day eventually.
Oct 20
Flock is a cool new take on the browser experience. It uses Mozilla Firefox as the base and adds some neat enhancements. I will have some more information for you in the future, but I just wanted to test out its blogging feature.
Oct 14
So Google released Google Reader, their foray into the RSS feed reader field, about a week ago. I began using it right away, but then I stopped because it was painful to keep hitting the down link to go to the next post. I wanted to be able to use my mouse scrollwheel to easily scroll through news. I looked into the source code a bit and thought about creating a Greasemonkey script to enable the scrollwheel, but I just didn’t have the time. Well it appears someone has created the script and it works just the way I wanted it to. Here’s to open source and innovation.
Sep 23
The Google Toolbar for Firefox has been updated and has come out of beta. Two great new features to note are: being able to customize your Toolbar layout, and having Google Suggest built-in to the Toolbar search box. You can move the Google search box to where the current Firefox search box is, and then you have Google Suggest at your finger tips. It gives you suggestions of search terms as you type in the box. You can also move the Pagerank display to a more convenient location in Firefox.
There are also the other features you would expect to find such as a Pagerank display, search highlighting, and spell checking. There is even a “BlogThis” button that loads up a Blogger popup that lets you easily login and blog about a URL. It passes the current URL as a field to Blogger.
Aug 01
Greasemonkey 0.5 beta is now available for download. It fixes the previously publicized security issues, and some bugs that were not mentioned. It also merges in the features that were planned for Greasemonkey 0.4. User script commands no longer get lost sometimes when switching tabs, user script commands can now have keyboard shortcuts, memory leaks were addressed, and there is a new API to open links in a new tab. Check it out, along with my Greasemonkey scripts.
Jul 20
It has recently been reported that Greasemonkey, a popular addon for the Firefox web browser which allows users to modify the content of the sites they view, has a flaw that could open up users to attacks by malicious websites that they visit. The Greasemonkey developers quickly released a scaled down version of the addon while they fix the problem.
Mark Pilgrim discovered that a trio of bugs, when combined, could lead to the unwarranted access of local files. He announced his findings to the Greasemonkey mailing list and as Pilgrim says, “the GM developers, as well as everyone else on the list, immediately took the threat seriously and began discussing possible solutions.” He also created a detection script that uses Greasemonkey’s vulnerability to non-maliciously inform web visitors if they are running a vulnerable version. The script displays a warning which points them to the Greasemonkey home page to download the update, and to the mailing list message that explains how serious the vulnerability is.
Aaron Boodman, the creator of Greasemonkey, is hard at work fixing the bugs. As Jeremy Dunck, a Greasemonkey contributor, puts it, “he’s been unavailable because he’s snowed under trying to finish a working 0.4 release which fixes the vulnerabilities without sacrificing compatibility or performance.” “Aaron’s pretty much single-handedly been doing the code in this response.” But it’s not just about one person.
“I think the community fostered by an open source project is very important in terms of how responsive we can be. I’m trying to imagine Aaron hacking away on this code by himself without any feedback or contact with the outside world other than ‘deploy’, and I just can’t see it working at all” says Dunck. “There’s been a lot of useful feedback on how to address this issue in the last 2 days. The community wouldn’t exist if it wasn’t open, and now we’re pulling together.”
© 2006-2007 Jason Schramm. Site design by
Jason Schramm.
Jason Schramm is the man.
subscribe
Posts (RSS)