Firefox 3 – The awesome bar

A new update to Firefox has just been made available. An up-to-date version should now be at 3.0.2. Update soon if you have not been auto updated already.

Incase you are  still on the 2.x version for Firefox, you should know that the 3.x versions have greatly improved performance for JavaScript based apps (besides other things) and that means things like GMail, Yahoo Mail, Google Reader etc. that you use regularly.

It also has this great new address bar called the “Awesome bar” because it’s…awesome. It remembers the frequency with which you visit URLs and predicts the site you want to visit from just the first few characters you type in. It doesn’t even have to be characters of the URL from the begining. It can be keywords which occur in the middle of the URL as well. And it can be a word in the title of the page as well! And you have to do absolutely nothing to configure it since it is enabled by default and gets more accurate as you use it.

Awesome, isn’t it?

Yes, Google Chrome, Google’s official entry to The Browser Wars, has come along and it may have some fine features as well. But it’s just not mature enough for me yet. Most importantly, it doesn’t have all the addons that Firefox does at present. But if Google is backing it, Mozilla will sure need to work hard to keep the users that have migrated to Firefox from IE over the last few years.

What Google would now like is that Chrome improves to the point that full fledged browser based applications start replacing desktop based apps. Apps, which are not dependant on the OS or browser that they are running on. Apps, which result in revenue to Microsoft.

Firefox 2.0.0.8 released

I wonder why I have to post about every new update to Firefox. Maybe I’m just lazy.

Oh well, in case you haven’t done so already, stop using Internet Explorer, start using Firefox today! Go get the latest version (2.0.0.8) at http://www.getfirefox.com/.

Do try out the excellent addons as well. My favourite is Ad Block Plus. FoxMarks seems useful. And FireBug is awesome if you are developer working with browser based apps.

Try using some of the keyboard shortcuts like Ctrl+T for new tab, Ctrl+W for closing a tab and Ctrl+Shift+T for reopening the last closed window. They are real time savers!

Update : Seems like 2.0.0.8 was a major update and caused some regression problems which have been fixed with 2.0.0.9 which came along rather quickly.

Firefox 2.0.0.7 released

Firefox 2.0.0.7 is out. It fixes a security flaw in dealing with QuickTime files.

Go on, update.

Firefox updates released (2.0.0.5,1.5.0.12)

Update : Firefox 2.0.0.6 has also been released. A rather quick update! 

Better safe than sorry, eh?

Your web browser is what is your gate way to the Big Bad Web. Better get it upgraded to the latest. Firefox 2.0.0.5/1.5.0.12 is out. It should automatically update soon. If it doesn’t, you better do so manually.

Yet again, a bunch of bugs and leaks have been fixed. So get updated and ensure safety for all those banking transactions you do from your PC. Here is a quick list of what they fixed:

MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escallation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption

Yes. I love good, free, open source software. Don’t you too?

Firefox updates released (2.0.0.3,1.5.0.11)

The best browser out there just became better.

Versions 2.0.0.3 for the Firefox 2 branch and 1.5.0.11 for the Firefox 1.5 branch are out. Update now!

And some news floating around says that 2.0.0.4 and 1.5.0.12 won’t be long either.

You may find a way to update Firefox manually using a .Mar file to be of use.

Official Download Site [getfirefox.com]

Firefox updates released (2.0.0.2,1.5.0.10)

What!

You are not running the latest release of your browser?!!!

Mozilla has finally released fixes for several newly discovered security flaws in Firefox. Upgrade to the latest version right away. The latest versions are 2.0.0.2 for the Firefox 2 branch and 1.5.0.10 for the Firefox 1.5 branch.

Infact, I hear that more flaws have been discovered after the update was released so expect another update soon.

I first realized that an update must have been released when I saw that the number of people searching for a way to update Firefox manually using a .Mar file had jumped up quite a bit in the last couple of days (I can see the search terms people used to get to my blog). So I guess I can expect a jump in traffic everytime Mozilla releases a new update now.

Fixed in Firefox 2.0.0.2
MFSA 2007-08 onUnload + document.write() memory corruption
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

Official Download Site [getfirefox.com]

Updating Firefox 2 manually using a MAR file when auto-update fails

Remember that using anything but the latest version of your browser leaves you open to a whole bunch of vulnerabilities for which exploits are easily available. So going the extra mile to ensure that your browser is updated should be well worth the trouble. Mozilla recently released updates for Firefox.

In some cases, Firefox may inform the user that an update is available but the update procedure itself fails giving an error message like “Failed to verify integrity” or “Software Update Failed”.

This may happen when your connection to the net is being filtered by a proxy. A typical proxy may not block the .xml file which contains information about the update being available but may block access to the update file itself which is a .mar file (Mozilla ARchive). This is how a typical proxy in most workplaces will behave.

One way to update Firefox in such a situation is to obtain the complete setup of the new version which is not a very bandwidth efficient way to do things. The other way that the auto-updater uses is to offer an incremental update which is a much smaller file compared to the full download.

Eg. Firefox 2.0.0.1 complete setup is about 6 MB while the incremental update from 2.0.0.0 is only 800KB in size.

So how does one get the incremental update? Once Firefox reports that a new update is available, a file named updates.xml gets created in the Firefox installation directory. The file when opened in a text editor shows the two types of updates available, full and partial. The URL for the partial update is the link to the .mar file that can be used to update Firefox. You’ll need to obtain this file through some other route if you can’t directly download it such as through email or by making a request to the IT support staff at your organization.

In my case, the URL to the partial update was (http://download.mozilla.org/?product=firefox-2.0.0.1-partial-2.0&os=win&lang=en-US). Once this file is available, do the following to update your Firefox installation. Close the browser before attempting to update it.

1. Make a “firefox-update” directory alongside your Firefox install directory. (Eg. If Firefox is installed in C:\Program Files\Mozilla Firefox make C:\Program Files\firefox-update)
2. Rename the .mar file you downloaded to update.mar and place it inside the fire-fox-update directory
3. Copy updater.exe to the firefox-update directory
4. Open a command console and enter the following

• cd c:\Program Files\Mozilla Firefox
• ..\firefox-update\updater.exe ..\firefox-update 0
  (that’s a space after the .exe and also before the zero at the end of the command)

If all goes well, the update.status file will contain “Succeeded” which will mean that the update has been performed successfully. Congratulatons! You just fixed several critical security vulnerabilities and memory leaks in Firefox! Good going! You can now delete the firefox-update directory if you wish. Enjoy the safer, secure browsing experience.

Related link : Manually installing a MAR file [wiki.mozilla.org]

Do leave a comment if this (worked) / (didn’t work) for you or if you have any tips on how make things work.

Firefox updates released (1.5.0.9,2.0.0.1)

Mozilla has just released security update for Firefox. The latest version is now 1.5.0.9 for the Firefox 1.5 branch and 2.0.0.1 for the Firefox 2 branch.

Make sure you have the latest version to stay secure and for a better browsing experience. Auto-update should take care of the updates by default. You can check the version you have manually by “Help->About Mozilla firefox…“.

Fixed in Firefox 2.0.0.1
MFSA 2006-76  XSS using outer window’s Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escalation using watch point
MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

Official Download Site [getfirefox.com]

A Simple Firefox 2 XML Hack

Here’s something I did recently and want to share with other Firefox fans out there.

Firefox 2 has a little Search Box built into the browser into which one can type in ones search queries without going to the search engine website. Usually, the default behaviour for the Search Box is to send its query to google.com. When a person does so from a PC in India, the google.com servers automatically redirect the search request to a google.co.in server for localized results.

Now that’s where our problem is. This redirection causes a noticeable and irritating lag which is entirely useless (and unacceptable!). I would be quite fine with results from google.com instead. So is there a way to make the Search Box send its query directly to the google.co.in servers ? Turns out there is !

The Search Box is not very configurable from within the browser itself. The only thing one can do is to add or remove more search engines or change the default serach engine.

However, if you take a moment to navigate to the Firefox 2 installation directory (probably C:\Program Files\Mozilla Firefox\) you’ll see a directory “searchplugins” in there with a file corresponding to each of the installed search engines.

In Firefox 2, the files are .XML files. Google.xml is what seems to be interesting for us at the moment. Open it ! But if you open it with Notepad, the line breaks will not show up properly. So use either Wordpad or Editplus or something similar if you are on Windows.

In case you are using an older version of Firefox, you’ll see an image file which contains the icon for the Search Engine and a .SRC file. Open Google.src in this case.

I’ll proceed assuming that you have the ‘latest and greatest’ version of Firefox, Firefox 2. But the same idea is easily applied to older versions.

Now there are many things in Goolge.xml, but just look at the line with the URL tag,

<Url type=”text/html” method=”GET” template =”http://www.google.com/search”>

Aha ! Change “google.com” in that line to “google.co.in” ! Save the file. And it’s done !

Restart Firefox. Type in a query into the Search Box and feel elated at the reduced latency of your searches. No more redirection is involved from the google.com servers. Yay !

Now for some bonus info. We saw that older versions of Firefox had an image file for the icon and a .SRC file for configuration info. But in the newer version, there is a single .XML file. So where did the icon go ?

The icon is now embedded in the .XML file. But mixing binary image information with textual configuration information can be problematic. So how does one store the icon along with the rest of the configuration data ?

Base64 Encoding can be used for doing that. This kind of encoding is often used to convert binary information into a form that can be stored and transferred in a manner that is compatible with normal text. If you see the contents of the .XML file, you’ll see an <Image> tag which contains the Base64 encoded icon.

Ok. So this does seems a little too easy to be labelled a “hack” at all. But nice enough for majority of the people out there. Maybe I’ll put in something more l33t for all you h4X0rs out there…but that’s for another day.

Until then, enjoy the faster search results !

Did this work for you ?
Got any other Firefox tips and experiences ?
Leave a comment !