Webkit=1st Browser to Fully Pass Acid3

27 09 2008

Maciej Stachowiak of the WebKit team has announced that the browser engine behind Safari is the first to fully pass the Acid3 test, including the test’s condition of smooth animation rendering.

Acid3 is a test page from the Web Standards Project that scores how well a rendering engine follows defined web standards, particularly DOM and JavaScript. The test provided a metric for standards compliance that has resulted in rapid advancement among various rendering engines as each works to earn the top score.

In March, both Safari’s WebKit and Opera’s Presto announced earning a 100% score in developer builds of their browser. In addition to the numbered score, the test also requires the browser render a test page with pixel perfect accuracy using its default settings and that it render a smooth test animation.

Today, the development build of WebKit passed that last hurdle, which Stachowiak reported was due to “recent speedups in JavaScript, DOM and rendering.”

Actual shipping builds of the world’s various web browsers haven’t yet reached 100%. According to figures in Wikipedia, the latest Safari 3.1.2 has a score of 75, while Firefox 3.0.2 has reached 71, Opera 9.52 has reached 84, and Internet Explorer 7 is at 14.

In internal builds, the Safari 4.0 Developer Preview has reached 100, while the latest build of Firefox Gecko engine has reached 87, the latest build of Opera earns 99, Google’s new Chrome beta has reached 79, and the Internet Explorer 8 Beta 2 scores 21.

Among mobile browsers, the shipping version of Safari in iPhone 2.1 reaches 74, while the Netfront browser hits 11, Opera Mobile reaches 2, Opera Mini has hit 79. Pocket Internet Explorer can’t run the test due to a lack of JavaScript support- You know a browser should be illegal when you can’t even run the tests on it.





Firefox Bug Patches

24 09 2008

Mozilla late Tuesday patched 11 vulnerabilities in Firefox 3.0, more than half of them labeled “critical,” and fixed 14 flaws in the older Firefox 2.0.

Firefox 3.0.2 quashes six critical bugs, four marked “high,” and one pegged as “low” in Mozilla’s four-step threat ranking system. Among the most serious were four stability bugs in the browser’s graphics rendering, layout and JavaScript engines that can crash the program and might be exploitable with malicious code.

“Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” said Mozilla in the accompanying advisory .

Mozilla also updated the older Firefox to 2.0.0.17, patching all but one of the bugs fixed in 3.0.2, but also addressing several issues specific to the aging browser.

It’s unclear how many more updates Mozilla will release for Firefox 2.0 — it doesn’t produce them on a set schedule — because it has already announced it will drop the browser this December. Yesterday, Mozilla continued to urge users to upgrade to Firefox 3.0.

One of the bugs in both Firefox 2.0 and 3.0, although rated only low, was described by Mozilla as a variant of a “click-hijacking” vulnerability first reported in Microsoft’s Internet Explorer by Liu Die Yu, a researcher noted for finding flaws in IE. Microsoft first patched the bug in 2003, then patched it again the following year.

A Mozilla developer, Paul Nickerson, was credited with uncovering the Firefox variant, which could be used to force a user to download a file.

Mozilla also addressed several other issues in Firefox with 3.0.2, including several stability problems and a bug that caused browsers with customized toolbars to delete the back and forward buttons.

Because the update was delayed to take into account some last-minute fixes, Mozilla also modified the licensing language in Linux versions to eliminate an end-user licensing agreement (EULA) that open-source advocates and users had objected to. Last week, Mitchell Baker, chairman of the Mozilla Foundation and Mozilla Corp., admitted that prompting Linux users to accept the EULA had been a “giant mistake.”

Users can download the update for Windows, Mac OS X and Linux from the Mozilla site, call up their browser’s built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.





Untitled

17 07 2008

Mozilla has released the first Firefox 3 update, which bring the browser up to 3.0.1 and fixes and number of small bugs, a few crashers and some security holes.  However, Firefox 3.1, the next significant upgrade, is already very much underway.  Firefox 3.1 is slated for the end of 2008, so expect a few more updates between now and then!





Firefox 3 Already In Murky Waters?

20 06 2008

Only hours after Mozilla launched the final of Firefox 3.0, a researcher sold a critical vulnerability in the browser to TippingPoint’s bug bounty program, the security company acknowledged Wednesday.

However, on Thursday, Mozilla downplayed the threat, telling users that the risk is “minimal.”

“There is no public exploit, the details are private, and so the risk to users is minimal,” Window Snyder, Mozilla’s chief security officer, said in an entry to a company blog.

The bug has been reported to Mozilla, TippingPoint announced in a post to a company blog. “While Mozilla is working on a fix, we won’t be divulging anything else until a patch is available,” said TippingPoint, citing policy. “Once the issue is patched, we’ll be publishing an advisory.”

This is shocking, as some have dubbed Firefox 3 as  “rounder version of Safari”, which is, from an aesthetic point of view, correct.  However, the inner workings are what make it so unique and new to the web browser market





Mozilla Firefox 3 Download Day

17 06 2008

Today is Download Day!!!








Follow

Get every new post delivered to your Inbox.