Upgrade to Opera 9.64

A minor upgrade of the Opera browser for the desktop got released this week which addresses several security issues and few minor improvements. If you are an user of Opera you should consider updating your release to Opera 9.64.

Starting with this release, Opera on Windows supports the security measures Data Execution Prevention (DEP) (available in Windows XP SP2 and newer) and Address Space Layout Randomization (ASLR) (available in Vista and newer). These security measures are a kind of second line of defence once an application runs into a serious fault, which would normally cause it to crash sooner or later.

Quote: Opera Watch in Opera 9.64 update

Update your FF to Firefox 3.0.7 today

If you are a Mozilla Firefox you are strongly advised to upgrade to Firefox 3.0.7 as soon as possible. Several security issues were discovered in previous releases up to Firefox 3.0.6. The newest version is also more stable.

See the release notes on how to upgrade, uninstall and for troubleshooting and other frequently asked questions.

Firefox 3.0.7 fixes several issues found in Firefox 3.0.6:

• Fixed several security issues.
• Fixed several stability issues.
• Official releases for the Estonian, Kannada and Telugu languages are now available.
• Items in the “File” menu show as inactive after using the “Print” item from that menu – switching to a new tab restores them (bug 425844). This issue has been fixed.
• For some users, cookies would appear to go “missing” after a few days (bug 444600).
• Mac users of the Flashblock add-on, experienced an issue where sound from the Flash plug-in would continue to play for a short time after closing a tab or window (bug 474022).
• Fixed several issues related to accessibility features.

If you like it more technically this is scraped directly from the bug reports:

• URL spoofing with invisible control characters
• Upgrade PNG library to fix memory safety hazards
• XML data theft via RDFXMLDataSource and cross-domain redirect
• Mozilla Firefox XUL Linked Clones Double Free Vulnerability
• Crashes with evidence of memory corruption (rv:1.9.0.7)

Prototype implementation of Gazelle Web Browser

Researchers Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury and Herman Venter of Microsoft Research published a paper on The Multi-Principal OS Construction of the Gazelle Web Browser.

They see a need for a new kind of web browsers as the way people use the web and web browsers has changed over the past years.

Web browsers originated as applications that people used to view static web sites sequentially. As web sites evolved into dynamic web applications composing content from various web sites, browsers have become multi-principal operating environments with resources shared among mutually distrusting web site. Nevertheless, no existing browsers, including new architectures like IE 8, Google Chrome, and OP, have a multi-principal operating system construction that gives a browser-based OS the exclusive control to manage the protection of all system resources among web site principals.

Their solution is a web browser with its own kernel for a mini operating system named Gazelle.

… we introduce Gazelle, a secure web browser constructed as a multi-principal OS. Gazelle’s Browser Kernel is an operating system that exclusively manages resource protection and sharing across web site principals. This construction exposes intricate design issues that no previous work has identified, such as legacy protection of cross-origin script source, and cross-principal, cross-process display and events protection. We elaborate on these issues and provide comprehensive solutions.

Gazelle might not only what we might see as Internet Explorer 9 some time in the future but Gazelle might be a solution for existing browsers.

Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance and backward compatibility.

You find a link to the research paper (PDF) at the bottom of the blog post The Multi-Principal OS Construction of the Gazelle Web Browser.

BOLT Browser – a new mobile browser

What is BOLT?

BOLT is a fast mobile browser that offers an uncompromised browsing experience on even entry-level mobile phones. It is compatible with virtually any handset with Mobile Information Device Profile (MIDP) 2.0 support. In non-geekspeak, this means “it works on lots of phones, even basic ones.”

Rather than offering a simplified, mini version of the Internet, BOLT provides users with an efficient, feature-rich way to enjoy full PC-style Web pages and rich media applications on all levels of mobile devices.

Source: Bolt FAQ

UNCOMPROMISED MOBILE BROWSING

• Full PC-style browsing on all types of mobile phones
• Web content is never reformatted, repurposed or removed

LIGHTNING FAST

• Loads pages faster than competing mobile browsers
• Patented navigation and display technologies get you where you’re going faster

SUPER EFFICIENT

• 23:1 over the air data reduction speeds delivery of pages to your phone
• Consumes 1/3 of the battery power of other mobile browsers

You can download the Bolt Browser for free over at BoltBrowser.com. You need an email to start the download.

User Agent Switcher as Mozilla Firefox Addon

If you do web development or cannot access a page because it asks for a certain user agent you might want to test how a site reacts to a user agent string other than which your default browser sends a little add-on called User Agent Switcher comes in handy.

If you are using Mozilla’s Firefox as a user agent most likely you are almost aware of its capability to add features through its add-ons. One of the available add-ons is the User Agent Switcher by Chris Pederick. With the add-on which is available for free (donations are welcome!) you can switch the identifier your browser sends on the fly. That way you can pretend you are surfing a site with a mobile user agent if you are still using your regular desktop browser.

Firefox 3.0.6 available for Windows, Mac, Linux

A new minor release of Firefox has been published today. You can download Firefox 3.0.6 from Mozilla Europe.

Fixed in Firefox 3.0.6

• MFSA 2009-06 Directives to not cache pages ignored
• MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
• MFSA 2009-04 Chrome privilege escalation via local .desktop files
• MFSA 2009-03 Local file stealing with SessionStore
• MFSA 2009-02 XSS using a chrome XBL method and window.eval
• MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

Internet Explorer 8 Release Candidate 1

Announced by the end of December 08 for the first quarter 09 the first release candidate of the new Internet Explorer is now available.

The user experience managers over at Microsoft might have had a closer look at the competitors when fine-tuning the last beta version. They improved the Search box which now reminds me of search done on Mac OS X. The Smart Address bar and the Favorites bar is similar to what can be found in newer Firefox releases. The pron modus InPrivate is now split up into two main functionalities: InPrivate Browsing and InPrivate Blocking. Among the other revised functions are Tab Groups, New Tab Page, Find on Page, Accelerators, SmartScreen Filter and Web Slices.

Find out more about the Internet Explorer 8 RC 1 in the article User Experience Changes since Beta 2 over at the IEBlog.

Release of Firefox 3.1 beta 3 postponed

The release of Firefox 3.1 is delayed because there are too many open bugs. The new release date is February 2nd.

The release of Firefox 3.1 is still planned for the end of the first quarter of 2009.

Mobile Browser User-Agent strings

On some research for mobile clients I stumpled upon this comprehensive list on mobile browser user-agent strings.

Howto for a custom user-agent in Konqueror

See the article How to add a custom user-agent string to Konqueror on Linux Showroom.