Firefox Tips-n-tricks

[Ashokjp 15]

Yeh it does take time to load around 5-7 seconds..

[tanveer 59]

Yahoo Releases Firefox Toolbar

here are the details

http://www.techtree.com/techtree/jsp/shows...p?storyid=57569

[Vishal Gupta 4]

VOILLA!!!!!

Finally i was able to use DAP (Download Accelerator) in Firefox.

DAP doesnt work in Firefox but works in IE properly.

I wanted to use DAP in firefox.

I searched a lot on net for extensions that can make DAP working in firefox.

But didnt get any extension.

But today i got an IDEA!

I installed ieview extension, which allows u to open any link of firefox in IE by right-clicking on it & select Open Link Target in IE.

and then i went to its properties, by Tools -> Extensions and selected ieview and clicked on Options button and changed the path of IE location to DAP path.

And thank GOD, it worked.

Now whenever i want to d/l anything using DAP, i only right-click on the link & select Open Link Target in IE and DAP starts downloading.

gr888888!!!!!!

Edited May 10, 2005 by Vishal Gupta

[emjay 0]

does anyone know how to make firefox the default browser to open hotmail from the msn messenger alert box?

[tanveer 59]

Mozilla Betters Firefox with 1.0.1

Open standard web browser developer Mozilla Foundation released the Firefox 1.0.1 version of its browser. The foundation said that the new version is more stable than the Firefox 1.0 released last month and has international domain names displayed, making domain spoofing of non-Windows browsers more difficult.

Mozilla said that it had helped reduce spoofing by adding hostname to title of pop-ups that don't have address bar, fixed a bug about a download dialog source spoofing and one about security and download dialogs spoofed by covering them partially using popup windows.

Among the bugs that it said had been removed in the latest version is the one where "Try Again" on XUL error pages reposted form data. It had fixed earlier a bug to enable error pages being stored in history and show the original URL in the address bar. It said users can enable error pages as these bugs had been now removed.

Two updated bug removals were: Plugins not scanned/detected on startup (empty plug-ins dialog in downloads, open-with dialog for PDFs) and Right-click context menu is cut off/disappearing/offscreen when it contains too many items (items added by extensions).

http://www.techtree.com/techtree/jsp/shows...p?storyid=57793

[deepu 0]

Seems like a minor release without any major features getting added upon!!

Any way Will download and try it out As soon as possible!!

[deepu 0]

Firefox is nothing new buddy!!!!

[Vishal Gupta 4]

Following is the link of INDEX of all extensions for FIREFOX:

http://mozdev.sweetooth.org/

Here u can directly d/l all extensions!

[Vishal Gupta 4]

NEW FIREFOX VERSION 1.0.2

MOZILLA FOUNDATION RELEASES SECURITY UPDATE TO FIREFOX

Proactive security update fixes bug prior to any known exploits

March 23, 2005, (Mountain View, CA). The Mozilla Foundation, a non-profit organization dedicated to preserving choice and promoting innovation on the Internet, today announced a security update for its Firefox Web browser. The update is a proactive security release to patch a bug identified by Internet Security Systems, a premier security research, products, and services company. No known exploits of the bug have been reported prior to the update's release.

"The Mozilla Foundation is deeply committed to providing its users with the safest Internet experience possible," said Chris Hofmann, director of engineering for the Mozilla Foundation. "To deliver our users the experience they deserve, we must stay ahead of the curve in patching potential vulnerabilities. For example, the bug patched in this update has no known real world exploits, and we were able to provide a quick response."

The Mozilla Foundation evaluates security issues on an ongoing basis and will issue security updates as warranted. Users are encouraged to download the software updates at www.mozilla.org.

Firefox has been widely praised for its stability, trustworthiness and innovative features including tabbed browsing, live bookmarks, built-in pop-up blocking, and hundreds of available extensions. SC Magazine, a leading security magazine, recently awarded the Mozilla Foundation with its Editor in Chief award. The browser has been downloaded more that 30 million times and is available in 28 languages.

[Vishal Gupta 4]

Some Advanced Tips for Tabbed Browsing

Home Page as tabs

Instead of just one web page as your homepage, you can make your home page several pages. Select your favorite web sites and open them in a set of tabbed windows. Go to Tools -> Options and select 'General'. Under 'Home Page', press the 'Use Current Pages' button. Now when you hit the Home button on the Navigation toolbar, your favorite web sites will load with just one click.

Bookmarking a set of tabs

You can bookmark a set of tabs when selecting 'Bookmark This Page' or Ctrl+D Check the 'Bookmark all tabs in a folder' checkbox to store all the tabs in the current window into a Bookmark Folder.

More shortcuts

While it's easy to select tabs with a mouse, you can also cycle through tabs using the keyboard: use Ctrl+PgUp (or Ctrl+Tab) and Ctrl+PgDn (or Shift+Ctrl+Tab). You can also select the first tab by pressing Ctrl+1, and so on up to the 9th tab with Ctrl+9. If you have a middle mouse button, click it on a tab to close the tab.

Two more thing that may be some of u don't know:

1. Type About:mozilla in address bar of Firefox and see the result.

2. Type About: (Yes only about:) in address bar and see the result.

[Vishal Gupta 4]

Yahoo/Firefox petition

find it here: Petition urging yahoo to support Firefox

[tanveer 59]

A German computer researcher has been awarded $2500 by the Mozilla Foundation for discovering bugs in their browser.

A German security researcher, Michael Krax has given a total of $2500 by Mozilla Foundation for discovering bugs in Mozilla's web browser. The company gave the researcher $500 for each bug he discovered.

According to Chris Hofmann, director of engineering for the Mozilla foundation the 'bug bounty programme' was designed to encourage and award community members that were able to identify bugs within the companies software, as it would aid them in developing safe and secure software for users. The bounty is paid to people who discover critical flaws in the current version of the software.

Krax happens to be the fifth person to receive the reward since the programme was formulated last year. However, the company does not encourage professionals in the security industry.

Earlier this month National Infrastructure Coordination Centre had issued alerts about a bug in the Mozilla browser, which was related to a mechanism that allows applications to change user interface details of the browser. This could be misused to alter certain buttons on the browser to download malicious programs when clicked.

[Vishal Gupta 4]

New Firefox Version 1.0.3

They say:

Firefox 1.0.3 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.

Fixed in Firefox 1.0.3

Javascript "lambda" replace exposes memory contents

java script: PLUGINSPAGE code execution

Showing blocked java script: popup uses wrong privilege context

Cross-site scripting through global scope pollution

Code execution through java script: favicons

Search plugin cross-site scripting

Arbitrary code execution from Firefox sidebar panel II

Missing Install object instance checks

Privilege escalation via DOM property overrides

Fix to improve update process.

PS: I wonder why don't they release simple updates instead of the whole setup of firefox each time?

[Vishal Gupta 4]

The Quick Links in Relianceinfo website is working now for me in my Firefox browser.

Recently it was not working in firefox but working in Internet Explorer!

Is it bcauz of new firefox version or Reliance has fixed the problem?

Did anybody notice?

[deepu 0]

Still not working for me... I am using the latest 1.0.3 version!!!

[Vishal Gupta 4]

Deepu!

hv u installed JSLib Lite extension for Java Script, that i hv already mentioned in my previous posts?

D/l JSBLit Lite

May be bcauz of this extension the Quick Links is working in Reliance site!

[rEdshiFt 1]

Critical Flaw Found in Firefox

Exploit code is already circulating online, security experts warn.

Matthew Broersma, Techworld.com

Monday, May 09, 2005

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

In recent months Firefox has gained significant market share from Mcft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser.

Two Vulnerabilities Found

The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate vulnerabilities. An attacker could create a malicious page using frames and a JavaScript history flaw to make software installations appear to be coming from a "trusted" site. By default, Firefox allows software installations from update.mozilla.org and addons.mozilla.org, but users can add their own sites to this whitelist.

The second part of the exploit triggers software installation using an input verification bug in the "IconURL" parameter in the install mechanism. The effect is that a user could click on an icon and trigger the execution of malicious JavaScript code. Because the code is executed from the browser's user interface, it has the same privileges as the user running Firefox, according to researchers.

Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, users may be vulnerable if they have added other sites to the whitelist, it warned.

"We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," Mozilla Foundation said in a statement published on Mozillazine.org.

Source :

Code:

http://www.pcworld.com/news/article/0,aid,...n050905X,00.asp

=================================================

heres another version of the same news

'Extremely Critical' Bugs Found In Firefox

and firefox exploit targets zero day vulns icon_confused.gif icon_confused.gif

Quote:

Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks.

One vulnerability enables arbitrary JavaScript code with escalated privileges to be executed via a specially crafted JavaScript URL. Successful exploitation requires that a site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org"). This would normally drastically reduce the scope for mischief - but for a second security bug, involving "IFRAME" JavaScript URLs, which creates a means to execute arbitrary HTML and script code in the context of an arbitrary site.

A combination of the two vulnerabilities can be exploited to execute arbitrary code on vulnerable systems, according to Danish security firm Secunia. Exploit code is publicly available greatly increasing the chance of attack, it warns. The vulnerabilities - described by Secunia as "extremely critical" - have been confirmed in version 1.0.3 of Firefox. Other versions may also be affected.

Users are advised to disable JavaScript and the software installation option within Firefox pending a more comprehensive fix from the Mozilla Foundation.

[rEdshiFt 1]

Sorry about the consecutive posts.... i just HAD to tell u guys...

Maybe it can be split into two threads ?

[rEdshiFt 1]

Mozilla Firefox 1.04 has been released disabling the features that cause the two recently found exploits until a fix can be developed.

ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2005-05-09-21-aviary1.0.1/firefox-1.0.4.en-US.win32.installer.exe

Yes it is a release candidate. But this is important. Already Mozilla Foundation has issued Secuirity warning. So better update the browser. When the final candidate will be released, you can redownload it.

Shields up everyone...

[tanveer 59]

hi can anyone tell me how to change the profile in firefox?

I have tried options and tools cant find it

there is no word by the name profile in help index either

also can anyone suggest me a simple tool to take screenshots of web pages/message box/ error message

[rEdshiFt 1]

Right click on the firefox shortcut on ur desktop, click properties

....in the "Target" field add the extra letters "-p" , so that the target field looks similar to this --- "F:\Program Files\Mozilla Firefox\firefox.exe" -p

now click on ur desktop shortcut to open ff with a choose_user_profile window...

should work...

[Vishal Gupta 4]

Firefox reintroduces seven-year-old security hole!

Frame feature allows attackers way in.

http://www.techworld.com/security/news/index.cfm?NewsID=3804

[Vishal Gupta 4]

About URLs

Guys! There are a few special URLs, which begin with about:, that you can type into the Location Bar of Firefox.

* about: — The same page as "Help -> About".

* about:about — Lists all these about: URLs (Mozilla Suite only).

* about:blank — A blank page. Useful for setting as your homepage.

* about:buildconfig — Reveals details about your Mozilla build options.

* about:cache — Displays cache statistics.

o about:cache?device=memory — Lists memory cache entries.

o about:cache?device=disk — Lists disk cache entries.

* about:cache-entry — Shows information about a cache entry. Used in about:cache links. Requires paramaters.

* about:config — GUI for modifying user preferences (prefs.js).

* about:credits — The list of contributors to the Mozilla projects.

* about:logo — Displays the Mozilla logo (Mozilla Suite only).

* about:license — shows the Mozilla Public License and the Netscape Public License for the piece of software. ( Only in products based on Gecko 1.8 )

* about:mozilla — The famous Book of Mozilla.

* about:plugins — Lists all your plugins as well as other useful information.

[Vishal Gupta 4]

2 more gr8 tricks!

1) We always backup our Favorites in Firefox, so that whenever we reinstall the browser we can safely restore them without ne problem. (If u don't know how to backup favorites? Goto: Bookmarks -> Manage Bookmarks..., It'll open Bookmarks Manager. Then goto: File -> Export... & save them.)

Now come to the point.

The thing is that whenever we reinstall firefox we hv to restore them by applying same process as we do 4 backing up them (use Import instead of Export). And one more thing we hv to also backup our current bookmarks when we r planning to reinstall the browser.

So the trick is that we can define our custom Bookmark path in firefox , so that we don't need to import or export them.

Type about:config in address bar of browser, right-click & create a new String value, named browser.bookmarks.file and set its value to the path where u hv backed up ur favorites. Now firefox always update it automatically whenever u add or delete ur bookmarks, so no need to continuously take backup.

2) Second trick is very useful. Many times u hv noticed that when u minimize the firefox windows & again restore it, it takes some time to restore. This trick reduces this delay.

Same thing, type about:config in the address bar of firefox, right-click & create a new Boolean value, named config.trim_on_minimize & set its value to false. It'll prevent delays when restoring the window.

So ENJOY!!!

[Vishal Gupta 4]

Its for those members, that don't want to apply the tricks due to manual editing of some files...

So here I'm giving a list of some extensions, that do the same work automatically.

Chromedit 0.1.1.1, Lets you edit the user files

Provides a means of editing the user files, i.e. userChrome.css, userContent.css, user.js without the need to find the profile directory.

D/l from here

Configuration Mania 1.05.2005021901, More advanced configuration

Configuration Mania allows you easily to configure various hidden preferences and to force the extensions and the no-longer-required chromes uninstalled which has not uninstaller.

D/l from here

Menu Editor 1.2, Customize application menus

Menu Editor is a browser extension that allows you to control application menus by rearranging items and hiding those you don't use.

Screenshot:

D/l from here

Compact Menu 1.7.2, Lets you to customise the menubar

Customiser for the menubar, which lets you cut the menubar down to the menus you use, and even reduce the space it takes up to a single menu button.

D/l from here

That's it...