For a survey of Firefox 3.0 new security features see: http://securitylabs.websense.com/content/Blogs/3108.aspx
Where malware is concerned the browser has an improved filter using Google Safe Browsing Service/API. Actually this is a malicious sites blacklist. For every request Firefox look if the URL is not on the blacklist.
“This form of protection is as good as the blacklist is, and while some phisingsites were being blocked, other phising sites were not being blocked,” according to Websense’s researcher, Joren McReynolds.
“Firefox 3 is the only browser with the ‘Prevention of Global Object Redeclaration’ feature and the only one to use JavaScript v1.8.” This will prevent that an attacker can get to private data through a malicious JavaScript. Another option is handling Cross-Site XMLHttpRequest Objects. This was a way to trespass Same Origin Policy, a potential security risk. Mozilla took that function out, it can only be used through add-ons.
Despite of these new security features, I would rely on real time protection like finjan, and DrWeb’s av link-checker plug-in, BetterPrivacy (that just warned my settings had been altered), SafeHistory and SafeCache, CookieManager, Stealther and NoScript,
To see the anti-phishing filter malfunction go to this clean site: http://www.staatsbosbeheer.nl/
It is reported as Attack Site, which is a false positive,
Yes, they are very slow of the mark on getting this compatible. I tried to get an old version I was going to hack the maxversion value to 3.0 to see if I could get it to work.
Well I have DrWeb link checker working fine with 3.0 with just extending the maxversion in the instal.rdf file inside the .xpi installation file.
This extension adds a few extras useful to those that regularly test nightly builds of Firefox, Thunderbird and the Application Suite.
I prefer not to do it this way as the nightly tester tools are essentially for those using the nightly builds of firefox and that would make changes to firefox to ensure compatibility of old versions.
I only want to hack to actual add-on and not firefox. So when there is an update to the add-on I have modified the maxversion it will replace the modified version and that wouldn’t be so for the Nightly Tester Tools add-on modified firefox. Sorry but this just isn’t for me.
Not for you, because you think it is hacking Fx. So you won’t have the crash reports either, if something goes wrong, and the Fx developers are left out in the cold. For you there is also the lite version of Night Tester Tools, I have been enforcing incompatible add-ons also on regular versions of Fx 3.0, because some developers don’t upgrade. A very small number of add-ons cannot be enforced, because they interfere with the browser (you cannot use "Go back one page"for instance), they need additional dll’s in Windows/system : for instance Firekeeper alpha), and because of violations the functionality cannot be build inside the extension (same reason some parts of JavaScript could not be brought into open source), some add-ons have leakage or other buggy problems that are a reason to let our hands from them.
But even without having Nightly Tester Tools installed you can have incompatibility problems, for instance if you do not use the right version of Locationbar2 it will make you cannot handle your address bar. When you use the right version of Locationbar2 you can enhance the new URL bar of Fx 3.0 and adding Fission you will have Safari style effect: https://addons.mozilla.org/en-US/firefox/addon/1951
Fission combines address bar and progress bar (Safari style). This makes the progress bar more visible and allows for a nice visual effect. But as it always is “The proof is in the pudding”, “Curiosity killed the cat” and for me “Never ventured never learned anything new”, I want to know these things, I see (“NS_ERROR_FAILURE” xStringBundle), wanna know what caused that. And I read about all the xStringBundle requests, and if I do not find it I file a bug report at Mozilla’s. And so I learned a bit more about browser security, and hope that helps,
The Fx developers won’t be left out in the cold if I’m not using Experimental add-ons. If I’m using an old version that I hack around to work with 3.0, any crash information is totally irrelevant to those developers as it is unrelated to the work that they are doing.
I did download the nightly add-on and had a look at it and it lasted less than five minutes on my system whilst I looked at the interface, it is too complex and I hadn’t got a clue what it was attempting to do.
I don’t use locationbar add-on of any version, I don’t think the current firefox (or 2.0) needed any improvement for me, I only use it to type in addresses ;D