Mozilla Firefox 1.0 Reviewer’s Guide
PR Contact:Rafael Ebron– (510) 220-6800 Table of Contents
1. INTRODUCING MOZILLA FIREFOX 1.0 ...... 3 2. FIREFOX - THE BROWSER YOU CAN TRUST ...... 4 3. SECURITY AND PRIVACY FEATURES ...... 7 4. FASTER IN EVERY WAY ...... 8 5. BETTER BROWSER EXPERIENCE ...... 11 6. SUMMARY OF FEATURES...... 14 7. APPENDIX...... 15
Firefox Reviewer’s Guide Page 2 1. Introducing Mozilla Firefox 1.0
Rediscover the Web The new Firefox 1.0 is fast, free, and fun to use – helping users rediscover the Web.
Firefox is the simple but powerful Web browser from the Mozilla Foundation that is designed to showcase the Web without all of today’s nuisances like pop-ups and spyware. Innovative new features include: enhanced privacy controls, live bookmarks, pop-up blocking, tabbed browsing, integrated Google search, and over 100 different extensions to make Firefox even more powerful. Firefox sits on top of the Gecko rendering engine – the browser engine that leads the industry in support of Web standards. A simplified user-interface, cross-platform support, open source collaboration, and developer extensions, make Firefox the perfect canvas for today and next generation’s web site and web applications. Firefox is available for Windows, Mac OS X, Linux and many different languages.
Firefox 1.0 Key Features:
High grade security Integrated search
Anti-spoofing protection Live Bookmarks
Privacy controls Download manager
Tabbed browsing Themes and extensions
Pop-up blocker Streamlined interface
Download Firefox 1.0 now at http://GetFirefox.com.
Firefox Reviewer’s Guide Page 3 2. Firefox - The browser you can trust
Security Overview
In the Mozilla project, we understand the importance of privacy and security. The importance of good computer security is demonstrated by the series of recent security exploits (known as "download.ject "or "scob"), in which vulnerabilities in Internet Explorer were used to allow malicious computer programs to be secretly installed and executed on machines running Internet Explorer.
Browser software must include both good security design and good security practices to maximize the amount of protection available. No piece of browser software can provide 100% protection, just as no set of locks and keys for our homes can be 100% effective. But browser design and implementation can make an enormous difference in the level of protection available to users. In addition, management practices in the way software problems are addressed can also dramatically affect the level of protection consumers enjoy. Recent security failings in Internet Explorer have caused experts (Including the United States Department of Homeland Security's Computer Emergency Readiness Team) to recommend that consumers stop using Internet Explorer and switch to other browsers. Firefox and other Mozilla browsers use fundamentally different security architecture than does Internet Explorer. As a result, Mozilla browsers are not affected by a range of security problems that compromise Internet Explorer. For more detail on exploits leading to the suggestion to switch see: http://www.kb.cert.org/vuls/id/713878 http://secunia.com/advisories/12048/
The Mozilla design approach is to provide multiple layers of defense so that if one protection mechanism performs imperfectly, another protection mechanism (or two or three) will act as a safety net, thus strengthening the system's ability to defeat attacks.
Security benefits of Mozilla browsers include:
1. Firefox and other Mozilla browsers do not allow a website to download onto, install onto, or execute code on a user's computer without the user's agreement.
2. Firefox and Mozilla browsers do not designate content as "local." An architecture that includes the concept of "local" content and then gives such content upgraded security permissions and allows it greater access to the user's machines, means that content which is mistakenly treated as local has vastly more potential to do damage. Indeed we saw this type of problem in the recent Internet Explorer vulnerabilities, in which malicious content was secretly sent to users machines, managed to falsely identify itself as "local" content to Internet Explorer, was then granted enhanced access to Firefox Reviewer’s Guide Page 4 machines running Internet Explorer, and used that access to install a program which logged keystrokes, including credit card numbers. Mozilla users were not affected. A more detailed description can be found at: http://www.kb.cert.org/vuls/id/713878
It should be noted that these security policies can result in some loss of convenience to the user. We all make these trade-offs in many areas of life. For example, needing a key to open the front door of our homes means we all have to get keys, find them in the morning and make sure not to lose them during the day, which is far less convenient than leaving the door unlocked. Most of us choose to trade the inconvenience of locks on our front door for the greater security this provides. For users who want increased security, Mozilla browsers are a great choice.
3. Internet Explorer uses a technology known as ActiveX. ActiveX, particularly in combination with the "local" concept described above, has been very fertile ground for those designing security exploits. Here's how Slate summarized the problem with Active X (see http://slate.msn.com/id/2103152 for the complete article): “The problem is that hackers continue to find and exploit security holes in Explorer. Many of them take advantage of Explorer's ActiveX system, which lets Web sites download and install software onto visitors' computers, sometimes without users' knowledge. ActiveX was meant to make it easy to add the latest interactive multimedia and other features to sites, but instead it's become a tool for sneaking spyware onto unsuspecting PCs.”
4. Mozilla browsers maintain a separation between the application and the operating system. IE browsing functionality is becoming increasingly integrated into Windows; a security problem in browsing functionality may therefore affect services which are shared with, or relied on by, other parts of the operating system. This makes a multi- layered defensive strategy complex to design and implement effectively. The convergence of Internet Explorer and the Windows operating system has provided fertile ground for malicious programmers.
Switching to Mozilla -- Managing the Project for Consumer Security
As noted above, it's virtually impossible to provide a web browser that is absolutely secure against all possible attacks. Effective security also requires focused attention to early identification and effective resolution of potential problems. Complacency or a "business as usual" attitude regarding security issues does not serve the consumer well.
Finding potential security holes is tricky and requires people with expertise and focus. The Mozilla project has developed a community of people who are passionate about computer security and put the protection of consumers and their data above business and revenue considerations. We value this community highly and actively encourage their involvement. We provide a "bounty" to those who find and report potentially serious security flaws, to encourage security experts to help improve Mozilla products. This community promotes the Firefox Reviewer’s Guide Page 5 identification of potential problems before exploits are developed and before consumers suffer.
Once a security hole has been identified and verified, it is often possible to develop a fix for Mozilla products very quickly. It's a bit counter-intuitive, but fixing the problem in Mozilla browsers is often easier than finding it in the first place. Developing fixes may be more complex for browsers which are deeply integrated into, and thus share services with, the operating system because fixing the problem could affect aspects of the operation system that rely on the browser. After a fix is created it needs to be tested. Then the new version of the software needs to be distributed to the public, and the public encouraged to upgrade to the new software.
These activities can be very inconvenient to the software developer. They are time- consuming and disruptive. They require software vendors to place user protection above business convenience and predetermined release cycles.
The Mozilla project has shown strength in this regard. For example, we recently completed the entire process in just under 36 hours in order to make sure that we had a fix ready and updated products available as soon as the exploit became known to the public. We proactively informed our users of the problem and provided a choice of mechanisms to encourage users to upgrade immediately.
We take these actions because we do not believe that a "business as usual" attitude about security is appropriate. We have also created a system of checks and balances to guard against complacency.
The set of experts who care about security are not all employees of the Mozilla Foundation. They participate in the open source Mozilla project because they care passionately about security, and because they want a browser that meets their security standards. These participants aren't very concerned about the inconvenience or difficulties involved in releasing improved software. This group represents the voice of the consumer very effectively, and helps ensure that the Mozilla project continues to make protection for our users a high priority.
Firefox Reviewer’s Guide Page 6 3. Security and Privacy Features
Firefox introduces new security features to protect users from spoofs (phishing scams), and also makes managing privacy easy to do. Anti-Spoofing User Interface New in Firefox are several new ways for you to check the validity of a web site. Secure sites (https:) are now highlighted with a yellow background and lock key in the Location bar. Clicking on the lock icon in the location bar will display the web site’s security information. The bottom right of each window of a secured site will always display the domain name e.g. login.fidelity.com. If a hacker attempts to trick you via the url in the location bar, you will always know the true domain of the web site that you are visiting.
One Place to Manage Privacy Privacy is managed all in one place in the Options or Preferences > Privacy dialog. You can ‘Clear All’ information with just one click or clear individual items such as brower history, cache, and form information individually. Firefox allows you to save passwords. It also autofills form information from previously typed forms, and allows you to manage how cookies are stored in the browser.
Protected from Spyware Firefox will not allow a website to download onto, install onto, or execute code on your computer without your agreement. You will be notified via the information bar or via alert dialog when downloading or installing software.
Firefox Reviewer’s Guide Page 7 4. Faster in Every Way
Firefox is built for speed –search is integrated with Google, users can access search with one click, tabbed browsing makes it easy to view multiple pages, and no pop-ups get in the way. Searching Faster with Firefox Integrated Search Going to the Web site you intended can’t get any faster. In the Location bar, type in “Williams Sonoma”, “New York Times”, or “Yahoo Mail” and hit enter. Using Google’s “I’m Feeling LuckyTM” search, you’re at the site you’re supposed to be instantly --without having to type in http, “.com” or having to go to a search engine.
Search is Just One Click Away On the Navigation toolbar, your favorite search engine is just a Ctrl+K or a mouse click away. You can add as many search engines you like with over 1000+ to choose from, ranging from eBay search, to the Internet Movie Database, to the Urban Dictionary. Firefox is pre-loaded with Google, Yahoo, Amazon, eBay, Dictionary.com, and Creative Commons seach.
Smart Keywords Firefox’s Smart Keywords makes it easy to look up special information like definitions and stock quotes. Just type in a keyword like “dict” or “quot” and the word or stock symbol, and hit enter. You can also quickly create a Smart Keyword for any search engine. For example, book lovers can right click on Amazon’s search field and click “Add a Keyword for this Search.” Choose a keyword for Amazon, i.e. “amzn” and soon finding a book is as easy as typing “amzn
Firefox Reviewer’s Guide Page 8 Find in Page Once you’ve found the page you’re looking for, we also help you find what you need on that page. With the new Find toolbar, select Ctrl+F, start typing the word or phrase you’re looking for and you can quickly navigate all instances of that word or phrase and even highlight all occurrences. The Find toolbar shows up just when you need it, and goes away when you don’t.
Quick Search Finding things fast is a core theme of Firefox. That’s why we’ve also included Quick Search in the Bookmark Manager and History. Quick Search help you find sites that are important to you and sites that you recently visited, much faster.
Tabbed Browsing Firefox’s tabbed browsing changes the way you use the Web. You can open links on a page and watch as they download in the background in new “tabs”. When you’re ready to view that page, click on the tab. Tabbed browsing is great for multi-tasking, reading news articles, comparing several web sites side-by-side, and sifting through search results. You can set you homepage as a group of tabs or open new tabs from your bookmarks or history.
Popup Blocker Firefox’s pop-up blocker notifies you when pop- ups are blocked via the information bar or icon on the lower right of the screen. It gives you the option to view the blocked pop-ups. It also gives you the option to add sites that use pop-ups in a valid way to an allow list. You no longer have to spend any time with these unwanted distractions closing pop-up or pop-under windows.
Firefox Reviewer’s Guide Page 9 More features for faster browsing
Saving Passwords Firefox also saves passwords to speed up signing in to websites for sites that you visit often. When signing-in to the website for the first time, Firefox will ask you if you want to save your password. On your next visit, Firefox will pre-fill your username and password.
Saving Form information When filling in forms for the first time, Firefox will save that data for later use. Queries from prior searches on a web page are also saved.
Keyboard and Mouse Shortcuts Firefox share many of the same shortcut keys with Internet Explorer. Firefox menus and dialogs are fully accessible through the keyboard for fast access to the most common tasks. Firefox also enables mouse shortcuts to speed up tasks. Middle-clicking on a link, for example, opens up a link in a new tab.
Firefox Reviewer’s Guide Page 10 5. Better Browser Experience
Convenience, powerful extensions, and simplicity make Firefox the better browsing experience. Firefox introduces Live Bookmarks, provides over 100 extensions, and delivers with a download manager, a new plug-in finder service, and a browser update service.
Live Bookmarks Live Bookmarks is a new technology in Firefox that lets you view RSS news and blog headlines in the bookmarks toolbar or bookmarks menu. With one glance, quickly see the latest headlines from your favorite sites. Go directly to the articles that interest you -- saving you time. The web site determines the number of headlines displayed and how often the headlines are updated.
Extensions Firefox’s extension capability allows you to add as many features to the browser as you want. Over 100 extensions are available including a Google toolbar, ad blockers, and web developer tools. Extensions are easy to install and uninstall, and they’re easy for developers to create. Visit http://update.mozilla.org to view a directory of available extensions.
Firefox Reviewer’s Guide Page 11 Themes Browsing the web should be fun, and so should the browser. Firefox lets you choose from dozens of themes to change the browser’s appearance.
Download Manager Firefox’s download manager gives you a list of previous downloads and shows you the status of current downloads. You can even pause and resume downloads. Finally, you are also able to find exactly where you downloaded that file. You can also open or launch files directly from the download manager.
Firefox Reviewer’s Guide Page 12 Plug-in Finder & Software Update Service Getting plug-ins couldn’t be easier with the new plug-in finder service. When you visit a page that requires a plug-in, you will be taken through a wizard to download the plug-in you need. Once the plug-in is installed, the page refreshes and you are able to view the content without ever having to leave the page. Firefox also comes with a software update service. When there is a new Firefox version available, you will be prompted to download the latest version. The software update service also notifies users of updates to new themes and extensions.
Easy to Switch from Internet Explorer It’s easy to switch from Internet Explorer to Firefox. Firefox imports existing settings from Internet Explorer, as well as Mozilla 1.x and Netscape 4.x and higher. An import wizard will run when you first install Firefox (and is also available later through the File menu, File > import), and it imports your Favorites, options, cookies, stored passwords, and a variety of other data. This saves you time customizing Firefox to fit your needs.
Powered by Gecko Gecko is the embeddable cross-platform browser engine at the heart of Firefox. Gecko controls how a Web page appears on the screen and provides content rendering and support for Web standards such as HTML, XML, Cascading Style Sheets (CSS), the Document Object Model (DOM), JavaScript, Simple Object Access Protocol (SOAP), and Web Services Description Language (WSDL). To ease the creation of desktop applications and devices that embed Gecko, it also features a cross-platform, cross-device architecture and powerful technologies such as the XML-based User interface Language (XUL).
Firefox Reviewer’s Guide Page 13 6. Summary of Features
Key Features in Firefox 1.0: High grade Support for SSL 2.0, 3.0 and TLS 1.0. Includes a certificate security manager, and CRL manager. Anti-spoofing User interface displays domain name of web site in status protection bar. Yellow background in location bar for secure sites. Privacy controls One click ability to clear all stored information. One interface to manage stored information such as cookies and downloads. Integrated search Integrated with Google’s I’m Feeling LuckyTM search. One click access to multiple search engines through search bar. Live bookmarks View RSS news and blog feeds from bookmarks toolbar, sidebar, or bookmarks menu. Tabbed browsing Speeds up browsing Themes & Over 100 themes and extensions available at Extensions http://update.mozilla.org to enhance the browsing experience. Import wizard Imports from Internet Explorer, Netscape Communicator 4.x, Netscape 6.x and higher, and Mozilla 1.x. Saved forms & Store forms and password information for filling forms passwords faster and logging-in to sites much easier. Plug-in finder & Checks for updates, provides notification and easy install software update of plug-ins, new versions of Firefox and extensions. service Standards support HTML 4.0, CSS 1 & 2, DOM 1 &2 (Core and HTML), RDF, XML 1.0, XML Namespaces 1.0, SOAP 1.1, XSLT, XPath 1.0, XHTML 1.0, JavaScript 1.5 and more. Support for Catalan, Simplified Chinese, Traditional Chinese, Czech, multiple French, German, Greek, Hebrew, Hungarian, Italian, languages Japanese, Korean, Lithuanian, Polish, Portuguese, Russian, Slovak, Slovenian, Sorbian, Spanish, Turkish, and more. Platform support Windows (even Windows 95), Mac OS X, and Linux. Other platforms are community supported.
Firefox Reviewer’s Guide Page 14 7. Appendix
I. Press Articles “IE has become the hackers’ No. 1 playground…That’s why more than a few corporations, not to mention individual users, are looking at alternatives.” Don Jones, Time to Dump IE?, Microsoft Certified Professional Magazine, October 2004.
“For the first time in more than seven years, Microsoft is losing Web browser market share. And it's not just a blip.” Steve Hamm, A Firefox in IE's Henhouse, Business Week, Sept 17, 2004.
“I suggest dumping Microsoft's Internet Explorer Web browser, which has a history of security breaches. I recommend instead Mozilla Firefox.” Walt Mossberg, How to Protect Yourself From Vandals, Viruses If You Use Windows, Wall Street Journal, Sept 16, 2004.
“If you can, use the Mozilla Firefox browser.” Byron Acohido and Jon Swartz, Signs your PC's under siege, and what you can do, USA Today, Sept 8, 2004.
“[Microsoft] issued a warning for one vulnerability, but then waited as long as 10 months to respond to several other reported bugs. The flaws that were used together to create June's "Download.ject" worm seemed too insignificant on their own to fix immediately, say members of the Internet Explorer team.” Robert Guth and David Bank, Tech's Unlikely Comebacks, Wall Street Journal, Aug 30, 2004.
“For Katherine Sandlin, a barrage of pop-up ads was the proverbial straw that broke the camel's back ... One software switch later, Ms. Sandlin is reveling in a pop-up-free existence and spreading the word about Firefox.” Juliet Chung, In Search of a Browser That Banishes Clutter, The New York Times, Aug 12, 2004.
"Scob didn't get me, but it was enough to make me ditch Explorer in favor of the much less vulnerable Firefox browser." Paul Boutin, Are the Browser Wars Back? , MSN Slate, June 30, 2004.
Firefox Reviewer’s Guide Page 15 II. System Requirements Operating Windows 98, 98SE, Windows Systems Windows ME, Windows NT 4.0, Windows 2000, Windows XP, XP SP2
Minimum 233 MHz Hardware 64 MB RAM 52 MB hard drive space Mac Operating Mac OS X 10.1.x Systems Mac OS X 10.2 and later Minimum PowerPC 604e 266 MHz or faster Hardware processor, G3, or G4 64 MB RAM 52 MB hard drive space Linux Operating Linux kernel-2.2.14 or greater, with Systems the following libraries or package minimums: glibc - 2.2.4 gtk+ - 1.2.0 (1.2.5 or greater preferred) XFree86-3.3.6 Supported Platforms: Firefox has been certified and is supported on RedHat Linux 9.0 and greater. Minimum 233 MHz Hardware 64 MB RAM 52 MB hard drive space
Firefox Reviewer’s Guide Page 16