Thursday, June 19, 2008

Foxy First Impressions

OK, so I was one of the 8.5 million people who downloaded Firefox 3.0 (and one of eight people that actually got an uncorrupted archive that would install).

First impression: Better than 2.0, that's for sure.

It's memory usage is finally back to the realm of reasonable from being way, way, too much of a pig. I have 9 tabs open and it's (only!) consuming 140MB of RAM. In 2.0, just opening the thing would take that much RAM.

They've slightly changed the UI at the top of the screen but I don't find it all that huge of a change. There are others who have raged an all out jihad over their opinion that the new graphics at the top are tantamount to heresy and that nothing should change. But then again, there are always those people who love to live in the past (they probably still wear bell bottom jeans and live at home as well).

The one thing I do miss is the fact that when you go to a SSL site - only the little expanded favicon (to the left of the URL address) is colored - rather than the whole address area. I liked the old way better - it was much easier to see when you were on a HTTPS site and when you weren't.

I do like the expanded favicon, though. Rather than it being just an icon next to the address (the position is the same but it's now a clickable button that turns colors) - it will show warnings when you're on a suspected phishing or malware site.

You can click it at any time to get more information about the site your on (changes in context) - but you still have to know that you can click it. You can also rollover it and it will show a tooltip with the basic information as well.

I've heard people bitching about that as well - "You have to KNOW to click it..." one guy complained. Huh. It's that tough? Once you know to click it (or rollover it) - you know forever. It's a training issue - so suck it up and get over it.

I also noticed that the browsing experience tends to be a bit faster in general - although in my two days of browsing, I haven't been "floored" by the performance - it just "feels" faster than 2.x.

Of course - when you have such a new version, download by so many in such a short time - there's some miscreant out there somewhere that will find some kind of security hole in it.

And they did. Today. Less than 48 hours after launch. It seems that an "unnamed researcher" found the thing and sold it - SOLD IT - to the highest bidder. According to a note from TippingPoint’s Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

All the gory Technical details are being kept under wraps (thankfully!) until Mozilla’s security team ships a patch.

According to ZDI’s alert, it should be considered a high-severity risk:

"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker. TippingPoint researchers continue to see these types of “user-interaction required ” browser-based vulnerabilities - such as clicking on a link in email or inadvertently visiting a malicious web page."

No comments:

Web Analytics