Mozilla Rewriting A Lot Of Code For Upcoming Firefox V3 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Mozilla Rewriting A Lot Of Code For Upcoming Firefox V3

Mozilla programmers are touching most of the software components to increase performance, make the code base more modular and deal with new security threats.

Mozilla programmers are rewriting a lot of the Firefox code for the upcoming version release of the open-source browser, according to the head of product security at Mozilla.

Most of the components in the current version of Firefox are being touched, said Window Snyder, "chief security something-or-other" at Mozilla. She added that programmers are replacing a lot of older code to increase performance, make the code base more modular and handle new security threats, like phishing and malicious Web sites.

"As we're doing this, we're considering security features and trying to minimize security issues," said Snyder in an interview with InformationWeek. "The Web browser has always been an entry point into the system, so it's been considered a critical application. The environment changes so we need to adapt."

Snyder noted that some components that are written in native code are being rewritten in managed code to reduce memory management flaws, like buffer overflow vulnerabilities. Managed code executes in a virtual machine, so there is less space for memory management issues to occur.

Firefox programmers also are working on technology to help users fend off the growing number of malicious Web sites.

In recent months, malware writers began shifting their focus from spreading their malicious code via e-mail to embedding it in Web sites where it lies in wait for unsuspecting users. Researchers at security company Sophos noted that the percentage of infected e-mail has dropped from 1.3%, or one in 77 e-mails in the first three months of 2006, to one in 256, or just 0.4% in this year's first quarter. In the same time period, Sophos identified an average of 5,000 new infected Web pages every day.

However, this month, Sophos has greatly upped that number to 9,500 new infected Web pages every day.

Snyder said Mozilla technicians are working on technology to deal with this advancing threat in Firefox 3, which is due out later this year. "It's in design, sure. All browsers are trying to figure out how to protect users from malicious sites," she said, adding that they're also looking at adding security features to specifically deal with phishing attacks.

In another interview this past March, Snyder said the technology -- and the technologists behind it all -- aren't giving users the right information to make intelligent decisions. Users also are being asked to make too many decisions when all they really want to do is get their work done, send their e-mails or play a game.

Applications, specifically browsers, give users too many pop-up questions to deal with and the questions often aren't very clear. Out of frustration, many users just begin pressing 'OK' to any security question that pops up.

"All of this information, which is not being presented well, is the biggest security risk," said Snyder in the previous interview. "How do you convey security information to the user so they know what to do? How do you empower the computer to make reasonable decisions and still let the power user do different things?"

Snyder reiterated this week that Mozilla's technicians are working to make that security user interface more useful in the upcoming version of Firefox. Mozilla has hired extra people just to work on the security UI.

The woman in charge of product security at Mozilla also boasted about some new upgrade numbers.

She pointed out that in August of 2006 when users upgraded from Firefox 1.5.0.5 to 1.5.0.6, it took eight days to move 90% of the code base over. This May, when it was time for users to upgrade from Firefox 2.0.0.3 to 2.0.0.4, it took only six days for 90% to make the move. That's a 25% improvement.

Snyder said she gives some of the credit to users being more aware of the security updates, but she also gives a lot of credit to a beefed up infrastructure that has more capacity to handle the rush. "When all the Firefox users are downloading these patches, it takes a pretty significant infrastructure to handle that," she added.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll