With the release Firefox 3.0 alpha 8, the Mozilla Corporation has finally unveiled several security features it's talked up for months. Among the security provisions debuting in the new alpha of "Gran Paradiso," the code name for Firefox 3.0, are built-in anti-malware warnings and protection against rogue extension updates. The malware blocker, which was first mocked up in June, will block Web sites thought to contain malicious downloads. The feature will use information provided by Google Incorporated to flag potentially-dangerous sites, warn anyone trying to reach those URLs with Firefox and automatically block access to the site.
Another new feature prevents automatic updates of extensions from sending users to malicious sites where they might be infected by attack code or drive-by downloads. Most extensions are hosted on Mozilla's own servers but the company wants to lock down the ones that are not. Mozilla will require both the actual update package and the much smaller "manifest," or notification of an update, to be delivered over an SSL-secured connection. Alternatively, the update can be digitally signed. Mozilla noted that the change doesn't affect the initial installation of an extension.
Mozilla has not officially committed to a release date for the final version of Firefox 3.0.
News source: ComputerWorld