Mozilla Firefox 2 Released
Tuesday October 24th, 2006
The Mozilla Corporation has officially released Mozilla Firefox 2 for Microsoft Windows, Mac OS X and Linux. Coming just days after the launch of Microsoft Internet Explorer 7, Firefox 2 offers a refreshed user interface, anti-phishing protection, improvements to the built-in search feature, tabbed browsing changes, the ability to restore an interrupted session, better support for Web feeds, inline spell-checking, support for microsummaries and a number of other enhancements.
Upon starting Firefox 2 for the first time, most users will notice the updated default theme. This refines the design and usability of the theme used since Firefox 1.0 without making any jarring or radical alterations. Design proposals were solicited from three agencies: MetaDesign, Radiant Core and Raizlabs. Radiant Core's proposal was picked and developed for the finished product.
In addition to refining the look of the buttons and other visual elements, the new design tethers the Go button to the Location Bar and adds an equivalent action button to the Search Bar. Several clickable buttons (for example, the feed icon in the Location Bar and the search engine icon in the Search Bar) have been refined to make it more obvious that they are interactive.
Firefox 2's Phishing Protection feature was developed from the Google Safe Browsing feature of the Google Toolbar for Firefox using code donated by the search giant. By default, the Phishing Protection feature checks every page you visit against a local blacklist of known phishing sites and displays a warning if the site is fraudulent. This list is periodically updated by Firefox while the feature is enabled.
For more real-time protection, users can choose (from the Security panel of the Options/Preferences window) to send details of every site they visit to a remote service for checking (currently Google is the only service provider, though other phishing data providers can be supported). With this feature enabled, the URL of every page visited is sent to Google for checking over a secure connection. In addition, details of how users respond to phishing warnings are also sent. While real-time checking can offer greater protection, there are obvious privacy implications, which is why only the local list is enabled by default.
The rapid increase in the number of phishing attacks has led most major browser vendors to implement anti-phishing technologies. Internet Explorer 7 has a Phishing Filter and the forthcoming Opera 9.1 will include a similar Suspected Site Fraud feature. According to reports, Apple Safari 3 will have anti-phishing warnings, which will be powered by Google technology like the Firefox 2 Phishing Protection.
Firefox 2 enhances the search features built into the browser. The most striking addition is support for search suggestions: as text is entered into the Search Bar, the selected search engine can optionally send back a list of suggestions to be displayed in a menu, similar to the Web-based Google Suggest technology demo but built into the browser. Several search engines distributed with Firefox 2, including Google and Yahoo!, support this feature out of the box.
In addition to Apple's ageing Sherlock search engine plugin format, Firefox 2 also supports search engines defined in the OpenSearch plugin format developed by Amazon's A9.com search engine. OpenSearch is also backed by Microsoft, so OpenSearch plugins created for Firefox 2 will also work in Internet Explorer 7.
OpenSearch defines a mechanism to allow browsers to auto-discover search engine plugins. When visiting a site that advertises an OpenSearch plugin, the Search Bar icon will 'light up' and users can install the search plugin from the search engine selection menu. Firefox 2 also adds a feature for managing installed search engines, allowing engines to be easily reordered or removed.
Tabbed browsing has also been improved in Firefox 2. In response to usability testing of Firefox's tabbed browsing, the close button has been moved from the end of the tab bar to the actual tab. By default, all tabs have a close button but if many tabs are opened the close button is just shown on the current tab to save space. Any user who has closed a tab accidentally will appreciate the new Undo Close Tab option on the tab bar context menu and the Recently Closed Tabs submenu of the new History menu (which replaces the Go menu).
Changes have also been made to the way large numbers of tabs are handled. Each individual tab still gets smaller and smaller as more tabs are introduced but there is now a minimum size after which arrows appear at each end of the tab bar, allowing users to scroll through their tabs. A menu at the far end of the tab bar allows users to quickly switch to any open tab.
The new Session Restore feature aims to reduce the frustration caused by losing work due to a crash. When Firefox is restarted after being unexpectedly closed, a dialogue offers the user the option to restore their previous session: windows, tabs, text entered into forms and in-progress downloads are all brought back. The Session Restore feature is also activated for restarts required by application or extension updates.
Firefox 1.0 and 1.5 automatically detected Web feeds and allowed users to easily create Live Bookmarks from them. In Firefox 2, when a user clicks on the feed icon in the Location Bar (or visits a Web feed manually), Firefox shows a friendly view of the RSS or Atom data, reminiscent of the feed view offered by Safari and more recently Internet Explorer 7. From this view, users can subscribe to the feed using Live Bookmarks, an installed application that supports Web feeds (such as Mozilla Thunderbird) or a Web-based service (Bloglines, My Yahoo! and Google Reader are supported by default but other Web-based feed readers can easily be added to Firefox).
Firefox 2 adds a built-in spell checker to allow text entered into Web forms to be easily checked. This works much like the similar feature in Thunderbird (itself heavily influenced by Microsoft Word): potentially misspelt words are underlined in red and can be corrected by selecting an appropriate suggestion from the context menu. By default, only spell checking for multi-line text areas is enabled but checking can also be activated on single-line text fields. Using non-standard HTML attributes, websites have some limited control over which fields are checked by default. A variety of spell checking dictionaries for a number of languages are available, with the first run page shown after upgrading to Firefox 2 offering an appropriate dictionary for the localisation of Firefox installed.
Live Titles (also known as Microsummaries) allow bookmark titles to be more dynamic and useful. For example, rather than just displaying a static title, a bookmark for a news site could display the latest headline. This data is then periodically updated, providing a useful and non-intrusive summary of the current state of a bookmarked page. A number of sites support microsummaries and microsummary generators can be installed for sites that do not.
Firefox 2 can be downloaded from the redesigned Firefox product page (now available in 27 languages). Localised versions of Firefox 2 are available for over thirty different locales. Existing users of Firefox will be offered the new version via the software update system over the next few days.
This weekend, several hundred parties will be held to celebrate the release of Firefox 2 across the globe. A gift has already arrived from an unexpected source: the Microsoft Internet Explorer 7 team sent a cake in a move that shows relations may have improved somewhat since the days of Microsoft dumping a giant IE logo on Netscape's front lawn to mark the release of IE4 in 1997.
Looking further ahead, Firefox 3 is currently scheduled for release in the second quarter of 2007. Developed under the code name Gran Paradiso, Firefox 3 will be based on Gecko 1.9 (Firefox 2 is based on Gecko 1.8.1) and will include a number of under-the-hood improvements.
Update: The text above stated that existing Firefox users would be offered Firefox 2 via the software update system within a few days of the release. This is incorrect. Users will be offered the new version some time over the next few weeks. Those wishing to upgrade are therefore advised to download and install Firefox 2 manually.
The text above also stated that the local phishing blacklist is "periodically updated by Firefox". Since this article was published, some confusion has arisen over how often these updates occur. In general, Firefox will update the local blacklist around once every thirty minutes while the user is connected to the Internet and the feature is enabled, though the period between updates can be as long as forty-five minutes in some cases. Mozilla developer Myk Melez posted more detailed information on the blacklist update schedule as a comment to a weblog post by Asa Dotzler about the anti-phishing feature (Myk's comment begins "Regarding privacy concerns..." and has a timestamp of October 27, 2006 3:18 PM).
#55 Re: Re: Re: Re: I'll have to use IE7 instead of FF
Thursday November 2nd, 2006 7:19 AM
You are replying to this message
The reasons for removing the third-party cookie setting (allow cookies from originating site only) are documented in bug 349680 here: <https://bugzilla.mozilla.…rg/show_bug.cgi?id=349680> . Note that it is marked as WONTFIX. Some interesting/worrying quotes from the comments in that bug:
"As I understand things from mconnor, this option never worked in the first place, which is why we removed it."
"mconnor points out that bug 200716 indicates that the way we currently guard from third-party cookies doesn't really work."
"As dveditz noted in Bug 324397, this option doesn't really work due to iframes/redirects, and the methods they're using can't effectively be stopped without breaking the web in general. We've been through this before, and there really isn't a good way to make this effective."
So, as I understand it, this important (to me, anyway) security feature which goes all the way back to the Netscape days, does not work and has never really worked! Therefore, setting "network. cookie. cookieBehavior" to 1 actually provides little if any real security. Of course, we have no evidence to suggest that the equivalent setting in IE works either but I am sure that Microsoft and their supporters will not hesitate to take advantage of this situation.