View Full Version : Firefox 4 released

March 23, 2011, 08:30 PM
How do you guys find it?

I like everything except:

1) The missing progress bar at bottom right corner. Maybe they still have it but I don't know how to get it back.

2) The small button to add a new tab next to the tab rows. With tabs, they sort of went back to FF2.


March 23, 2011, 08:37 PM
It sucks. Chrome is way better.


March 23, 2011, 08:38 PM
I have been using FF4 for a while. I didn't even notice that i am using the final release until i tried to update it. I installed beta one when it got released.

March 23, 2011, 08:40 PM
They have a new add-on bar (not turrned on by default) that has replaced the status bar. As for new tab icon, double click on the empty space to the right of existing tabs. I am not sure why designers have to futz with perfectly fine UI elements.
<br />Posted via BC Mobile Edition

March 23, 2011, 09:02 PM
I'm not big on browser usability (I'll literally use anything that let's me connect to the WWW), but more interested in the security features.

Like no other release before it, Firefox 4 includes a number of significant security features. These features are addressing attacks that are in particularly hard to avoid by developers and in which the browser is more so the victim then the server.
These attacks, Cross Site Scripting (XSS), redirects to HTTP pages from HTTPS and Clickjacking use vulnerable web applications more as a mirror to bounce attacks into the browser. The browser can provide meaningful protection against these attacks, unlike for more server centric attacks like sql injection, for which the attacker is in full control of the client.
XSS and Content Security Policy (CSP)

We have seen a couple of prior attempts to assist browsers to detect XSS attacks. All of these attempts, (the NoScript plugin or the IE 8 "X-XSS-Protection:" header had the same problem: They had no idea what kind of script to expect on a particular page. In some cases, they could prevent reflected XSS just by comparing strings sent by the browser to strings being returned by the server. Neither NoSpring nor IE 8 did a sufficient job in preventing XSS and many users or web developers turned it off due to high false positive rates.
CSP takes a different approach: It uses server headers to tell the browser what kind of content to expect. That way, the browser can make a more intelligent decision as to how to block content that does not match the policy communicated by the server. I will probably discuss this feature in more detail in the future, but if you are interested, last months Monthly Threat Update webcast covered the main points. [1]
One CSP feature I would like to point out: The server may communicate as part of its policy a "Report-URI" which the browser can use to report any violations of the CSP. This is not only great to detect attacks, but even more so to detect legitimate features on your site that are not sufficiently covered by your policy.
If you would like to experiment: Just add "?csp=Y" to any isc.sans.edu URL. It will enable our test CSP. Right now, it is not very restrictive as I am still refining some of our content. We do also have a little CSP test page at http://isc.sans.edu/tools/csptest.html which highlights some of the features.

Another neat feature to tell the browser more about how to connect to a given site. If the "Strict-Transport-Security" header is set, the browser will refuse any attempt to connect to the site via HTTP. The threat model here is that an attacker will inject a redirect to the HTTP version of the site while the user is browser a non HTTPS site (any site, not just the target). This could lead to the disclosure of confidential information like authentication cookies. Sure. This attack can be mitigated in part by setting the "secure" option of your session cookie. But it may not be so easy if the injection of the redirect happens during the login process.
This header has two parameters: A "max-age" indicating for how long this rule should be obeyed and a "includeSubdomain" parameter that will extend the rule to all subdomains. This header should be used on all HTTPS only sites.
Other changes

A few other changes:
- X-FRAME-OPTIONS Header: it can be used to prevent a site from being included in a frame. This option exists in other browsers as well (IE, Safari, Chrome). Some of the recent 3.6 versions of Firefox already included it and NoScript implemented it. CSP implements a more fine grained restriction on framing.
- User-Agent Header: Firefox 4 uses a less verbose user agent header which makes it a bit harder to track users
- Do-Not-Track Features: More about this later. It does signal sites if you don't want to be tracked.


The newer versions of IE and other browsers have also incorporated/are incorporating some of these features.

March 24, 2011, 01:15 AM
I prefer IE9 on Windows 7.

March 24, 2011, 06:45 AM
I prefer IE9 on Windows 7.

u must like getting bombarded with ads...

March 24, 2011, 10:30 AM
u must like getting bombarded with ads...

No, there are several ways to block ads on IE9 like using the built-in tracking protection feature, using Simple-adblock, or using Ad Muncher.

March 24, 2011, 10:13 PM
i dont like FF4. I also think IE 9 actually feels better to use unlike ff3 vs ie8.

Bnalgcricket forum on IE 9 is FAST!! And here I thought it was the internet connection that makes speed.. apparently not.

March 25, 2011, 12:03 PM
Liking it so far. Think the home button is too far though.

March 25, 2011, 12:45 PM
I love Chrome and have been using it since 2008. Its much cleaner, lighter and is truly cross-platform (pc, netbook, tablet). But after Chrome I would go with Firefox 3+. Haven't tried FF4 yet.

bujhee kom
March 25, 2011, 12:51 PM
I don't understand this news...why and when were these 4 arrested in the first place? Now they are released on bond?

March 25, 2011, 01:18 PM
I don't understand this news...why and when were these 4 arrested in the first place? Now they are released on bond?

They are coming for your mentaloos.

March 29, 2011, 06:54 AM
bangla not working :(

March 29, 2011, 07:04 AM
bangla not working :(

আমি ফায়ার ফক্স ৪ ব্যবহার করছি

April 15, 2011, 04:11 PM
আমি ফায়ার ফক্স ৪ ব্যবহার করছি

And i see this


How do i fix this?

April 17, 2011, 08:33 AM
Working pretty good so far, although I prefer opera. But Firefox's security is second to none.

July 30, 2011, 03:09 AM
A recent study links intelligence test results with browser usage — and the results don’t look good for users
of Microsoft’s Internet Explorer (http://mashable.com/follow/topics/internet-explorer), especially its older versions.

The study, titled “Intelligence Quotient (IQ) and Browser Usage” by Canadian company AptiQuant (http://www.aptiquant.com/news/is-internet-explorer-for-the-dumb-a-new-study-suggests-exactly-that/), compiled
IQ test scores of 101,326 individuals older than the age of 16 and divided them into groups according to the
browser they use.

The results are fascinating. Users of Internet Explorer 6 have an average IQ score barely more than 80;
Firefox and Chrome users fare much better, with average IQ scores of around 110, while Opera and Camino
users have an average IQ score more than 120.

It’s also interesting to note that average IQ scores of IE6 users were significantly higher in 2006, and that the
IQ scores get better with newer versions of IE.

Internet Explorer 6 (http://mashable.com/2009/07/16/ie6-must-die/) has long been a thorn in the side of developers who hated it for its non-compliance with web
standards, while users struggled with its many security flaws. This new study will probably induce more mockery
of the ancient (but still sometimes found on older computers) browser and its users, but it’s probably not telling us
that much about the browser itself — it’s about unwillingness to upgrade to a new version of any software.

The study concludes that “individuals on the lower side of the IQ scale tend to resist a change/upgrade of their
browsers.” It’s only logical that users with a higher IQ are more likely to experiment, choose a different software
version or variant (notice that users of IE with Chrome frame score very high on IQ tests) or listen to upgrade
suggestions and security advice.

In March, Microsoft started a campaign to get users to stop using Internet Explorer 6 (http://mashable.com/2011/03/04/ie6-countdown/). But did it take into account
the fact that many IE6 users tend to have lower than average IQ scores? Maybe that’s the key to finally getting
rid of the world’s most hated web browser.

“Individuals on the lower side of the IQ scale tend to resist a change/upgrade of their browsers. … Now that we
have a statistical pattern on the continuous usage of incompatible browsers, better steps can be taken to eradicate
this nuisance,” the study concludes.

Source >> (http://mashable.com/2011/07/29/internet-explorer-iq/)

bujhee kom
July 30, 2011, 04:43 AM
Hello reverse dada, apni dekhechen Gopal je apnakey nie Thread rochona korse...