Neowin.net

The Mozilla Foundation is making available an update for a critical security flaw in Greasemonkey, an extension to the Firefox browser.

Greasemonkey is a popular add-on used to customize the design and behavior of Web pages. The flaw could let attackers read any file on a user's local hard drive and list the contents of local directories. The update, Greasemonkey 0.3.5, was released Monday, according to the download page on the Mozilla Foundation's Web site. The Mozilla Foundation coordinates Firefox development and marketing.

The flaw affects versions of Greasemonkey prior to 0.3.5, including early 0.4 alphas, according to a posting on Mozdev.org, a site where developers post applications and add-ons. People who switch to version 0.3.5, however, will find it lacks the so-called GM* APIs, which are designed to make Greasemonkey more powerful than HTML, according to Greaseblog, a blog devoted to the extension.

News source: C|Net News.com

You handle the "buggy" sides of things on the Firefox team. For those members who don't know how to correctly pinpoint bugs and to report them, what is the best way to go about doing that?

The best way to get involved is to use Firefox a lot and think about the things that aren't working for you when you use. If it's a web page that's not working, you can tell us with the new "Reporter" tool included in the Deer Park releases Help menu. If you're savvy with the languages of the web and you'd like to go a step further with reporting a problem site, you can check to see if it's already reported in Bugzilla and if it's not, file a bug with a simplified testcase that demonstrates the failure. If you find issues elsewhere in Firefox that aren't working for you, you can report those to the Mozillazine Bugs forums where a friendly community of Mozilla folks will help you determine if it's a bug or a reasonable feature request. If it belongs in Bugzilla, they'll help you get recorded there.

With the new "report a broken website" feature built into the upcoming Firefox 1.1, how will the problems be properly addressed?

I'm very excited about this tool. We haven't determined yet whether or not it will be in the final release but I think we'll definitely keep shipping it in our nightly testing builds and our alpha and beta releases. With this tool, we can aggregate data from literally hundreds of thousands of users about what sites aren't working. Then our QA team can analyze the highest visibility problems to determine if they are caused by bugs in Firefox, in which case we'll file bug reports and work to fix them, or if they're bugs in the website, in which case we'll contact the site and work with them to resolve the issue.

What kind of accessibility features does the Mozilla Foundation plan to incorporate into Firefox 1.1 and future Firefox releases?

Aaron Leventhal has been heading up the efforts to bring better accessibility support for the next Firefox release. The efforts are focused around basic keyboard accessibility as well as screen reader support. We're making great progress and I'm very much looking forward to shipping these improvements with the next release.

Where do you think the Firefox project is heading in the future?

That's such a broad question. I think Firefox is headed to the mainstream. We're going to continue to make inroads on the desktops of "regular people" all across the world. I think we're going to see increased corporate adoption as the Firefox experience,power and ease of use, trickle down from IT workers and sysadmins who are using it now to office desktops where the real numbers are. I think we're going to continue to improve on what is already an amazing web platform capable of supporting an exciting and user friendly new generation of web applications. And finally, I think that we are going to continue to improve our product so that it is more powerful and easier to deploy, and more accessible and friendly to use.

When switching over to FireFox from Netscape, what made you and the rest of the team choose the Gecko engine instead of another Browser engine such as KHTML or Presto?

We were Mozilla people and we'd been working with the Mozilla rendering engine and toolkit for years. Firefox was not just about making a better browser, it was about building a world class browser on the Mozilla platform -- one that would appeal to tens or hundreds of millions of people. Gecko was considerably more mature than KHTML, capable of rendering a much larger swath of the web, and the XUL toolkit was a powerful and easy to use platform for building the Firefox application. There was never any consideration of using one of the other, less capable, rendering engines for Firefox.

With a new update system coming to FireFox what big changes can we expect to see and when can we see expect to see them?

Well, we've already implemented the basics of this new system which include a robust notification, download, and installation mechanism for getting new releases of Firefox. I'm using this now to update Firefox each day to the latest testing build. The new system features pause and resume, background downloading, and a simpler user interface. Next in line will be the incremental update system which will allow us to deliver smaller patches to users rather than a new 4 MB download. The incremental update will make it possible for us to deliver updates much faster and more reliably than the current system. After that, we're looking at options for what we're tentatively calling "update channels". You could, for example, subscribe to "security updates only" or if you were daring, you might subscribe to "alpha and beta updates." For the Mozilla testing community, they could subscribe to "daily updates" and get the 200K patch that covers the changes between yesterday's build and today's.

The Opera browser has some nice "eye candy" to it that makes some users grasp it more, can we expect to see some new "eye candy" in Firefox in the future?

I'm not sure exactly what you mean by "eye candy" but we're certainly working hard to streamline features and make them easier for users to grasp. When you reach an audience of tens of millions, you're beyond just the power users and bleeding edge so you really have to focus on making things digestible to "regular people." It's not like the old days of the Mozilla 1.x Application Suite when we had one or two percent market share and we could pile on new features knowing that most of our audience would understand. We take a lot of care in building a powerful browser that tens or even hundreds of millions of users would be completely comfortable using.

What are your reactions to the recent comments of Opera's CEO,Jon von Tetzchner, in an interview with ZDNet UK?

"A lot of people don't like our ads, which is sad as we don't have a rich sugar daddy like the Mozilla Foundation. They [the Mozilla Firefox team] don't have to think about money as they're being funded. We're not being funded," said von Tetzchner

"Sadly the statistics are undercounting Opera and overcounting Firefox. Opera has a better caching mechanism so it doesn't access Web sites as often as other browsers. Firefox has added a pre-loading feature that Google has made use of. This inflates the numbers on the statistics," von Tetzchner said.

I'd rather not get into this kind of "he said, she said" with Jon. Opera is a fine niche browser with a very loyal user base and there's just no value in responding to remarks that I suspect he'd take back if he could. I will say, however, that I'm very, very happy to be working for an organization that puts the user first and money second. We have a product that's loved by tens of millions of users and we don't have to sacrifice our user experience in any way in order to remain a viable organization.

Can we expect to see more Firefox publicity in the near future such as, commercials and more magazine ads?

We're working on a major overhaul to the Spread Firefox community marketing platform and we certainly have plans for more community activities promoting Firefox. I think we're going to focus on more creative ways to spend money than commercials or magazine ads, though. We've got a very excited and very smart community of about 115,000 users at Spread Firefox and you can bet that they're capable of making Firefox publicity happen in novel and powerful ways :-)

And Lastly, what are your top 5 favourite FireFox extensions?

I'm, believe it or not, not a heavy extension user. I love extensions and I've tested just about every one available. In the end I disable or uninstall most of them because Firefox "just works" for me without any serious modifications. I do like the Resizable Text area extension which makes posting at my blog and in Bugzilla a bit easier. I also like Feedview which makes it easy to take a quick look at an RSS feed before I save it as a Live Bookmark or subscribe in Thunderbird. Until recently I was also using the miniT extension which lets you drag and drop reorder your tabs. Now that we've added that as a standard behavior, I don't need it any more. That's about it for what I use with any regularity.

Thank you for your time Asa.

Thank you!