"There is a lot of code that has changed, but I don’t think there is a lot more code,
" Mike Schroepfer, vice president of engineering for the group, told SecurityFocus.
“We have actually excised old code, and there are couple of areas were we dug out the component
and rewrote the whole thing.”
Web sites have become an increasingly important vector for malicious and fraudulent software.
Earlier this month, attackers defaced hundreds of Web sites – and thousands of pages –
see: http://www.securityfocus.com/brief/623
embedding hidden iframe code to redirect visitors to malicious download sites.
Yet, while such techniques can affect Firefox as well as Internet Explorer,
attackers have generally left the open-source browser alone,
despite it having a greater number of flaws, see: http://www.securityfocus.com/brief/578
Security features have become a point of competition between Mozilla and Microsoft.
A year ago, when both organizations launched their latest browsers,
they both claimed to have a better – albeit, very similar – anti-phishing solution.
See: http://www.securityfocus.com/brief/356
Mozilla has included several user interface improvements
to help users understand the risks of a particular Internet site.
Clicking on the favicon, the small icon for the site at the left of the URL
(uniform resource locator), will drop down a box containing identity information about the site.
The group also rewrote the Password Manager in JavaScript from C++ to eliminate memory errors,
Schroepfer said.
The Mozilla Foundation has not given a release date for the final version of the Firefox 3 browser.
We are now at FF 3.0 RC1 and the final will be out soon this month,