Do you like looking at the Google search (default homepage) every time you open your Firefox or do want Firefox to open all your favorites visited website when its start?.

Learn how to set Firefox to open multiple homepage on start-up with this few simple step.

1. Open Firefox goto Tools » Options (for *nix try Edit » Preferences )

   

2. Select the “Main” tab

3. On the Homepage option add your favorite website URL or Keywords. Separate the URLs with the pipe | characters like the below example ↓

    http://google.com|digg|delicious

   

4. Ok you are done the next time Firefox start it will load all the website.

Where do I add the keywords?

Keywords are special tag for URL shortcut, bookmarks manager (ctrl+b).

Might be interest

• Mozilla KB - Options Window

After 6 months waiting Firebug 1.2 is out.

Firebug 1.2x stable release support all major Firefox version (Firefox 2.0.0.14 > Firefox 3 RC but not recommended for Firefox 3.0b5) . Compatible with Latest Firefox 3 RC 1.

Download Firebug 1.2x

• Firebug 1.2x

Whats new in Firebug 1.2x

Latest version is more friendly and all suppose to be disabled behaviour is turn off by default. This new change will make sure that you wont have problem with high Ajax framework website (i.e., Google Gmail, Msn Live).

• Improve performance - most of the automate HTTP reporting is disabled by default ( for all site).
• Firebug Script and Net panels disabled by default.
• More accurate Net reporting and Faster Javascript Debugging.

Check out firebug 1.2 release notes,screenshot, bug fixes & improvement.

Firebug Screenshot

Firebug 1.2 on Firefox 3 RC1.

Firebug Console

Firebug Net Panel Disabled by Default

Firebug Net Panel Enabled

Firebug JIT Script Debugger

Firebug CSS Panel

Firebug HTML Panel

Firebug 1.2x Bug Fixes & Improvements

1. Issue 1: Reload external Firebug window while its tab is hidden closes the window
2. Issue 2: Can’t set breakpoints in code called by unload event
3. Issue 4: Visiting error page causes external Firebug window to close itself
4. Issue 7 Long URLs in XHR spy rows should be cropped
5. Issue 14: Programatically disable firebug log from Javascript
6. Issue 38: console.group should allow optional collapse
7. Issue 43: Edit CSS behaviour - appending styles to the dom is unexpected. Contribution by tonygentilcore
8. Issue 65 show HTTP Status code on NET response
9. Issue 183: Configurable maximum output size
10. Issue 186 Only one line in net monitor for multiple xhr post requests
11. Issue 202 Clicking status bar error warning closes firebug
12. Issue 215 Display total page load time
13. Issue 216 Improve network monitor to include server-side processing time
14. Issue 266 PUT & DELETE requests appear as POST requests in firebug
15. Issue 316 Show HTTP request method and request content in Firebugs “Net” tab
16. Issue 325 PUT operations do not show contained entity in Net tab
17. Issue 327 “Net” tab: lowercase b for bytes (instead of B)
18. Issue 331 XHR resolves relative URIs to resource:// protocol
19. Issue 346 Fix Net Panel timings
20. Issue 349 Local file XHR events not listed in console
21. Issue 359 No entry in the Net tab for XHR when response content length is 0
22. Issue 361: Edit button gets stuck when reloading page whilst editing CSS. Contribution by tonygentilcore
23. Issue 393: Text overlayed on text in script editor window.
24. Issue 401 Net tab does not consider “application/javascript” a JS MIME type
25. Issue 402 Net tab tries to show previews of non-images with image file extensions
26. Issue 404 UI change to help users activate expensive debugging features only when they need them.
27. Issue 405 The Net panel consumes a lot of memory if there is a lot of XHR activity without page reload.
28. Issue 414 XHR Breaks When Using Firebug 1.1 beta when > 1 HTTP 302 Redirect Is Returned
29. Issue 421 onLoad of XHRSpyListener does not fire correctly
30. Issue 430 about:blank pages always show firebug as enabled
31. Issue 468 [feature request] fast [enable -> inspect element -> disable] ergonomy
32. Issue 474: base href applied to scripts
33. Issue 475 Show Return Code (HTTP HEADER-Response)
34. Issue 503 disable doesn’t work properly
35. Issue 567: Slow script warning in debugger.js on some pages
36. Issue 573: setting css background-color affects layout inspector. Contribution by tonygentilcore
37. Issue 583 Javascript console cannot work with Firefox 3 beta5
38. issue 599, Firebug Inspect Outline Does Not Show Up Over Web Page Elements
39. Issue 601 XHR in console shows stale/cached output
40. Issue 618: HTML: tab order, fixed by setting order properties on side panels.
41. Issue 619: Reopening firebug results in grey DOM, Layout or Style Pane, fixed by forceUpdate on syncSidePanel.
42. Issue 634 XHR request details not showing up
43. Issue 637 $ FireBug function overwrites existing $ function
44. Issue 659: firebug.js:1473 - “this.context.browser is undefined”
45. Issue 676 Exception in firebug-cache.js when visiting http://www.takebacktheweb.org/CaE.html
46. Issue 679 Firebug 1.2.0a27X blocking most AJAX calls
47. Issue 690 New zh-CN local file for Firebug 1.2

External Links

• Firebug 1.2x Release Notes
• Firebug at Google Code
• Official Firebug Website
• YslowYSlow analyzes web pages and tells you why they’re slow based on the rules for high performance web sites. YSlow is a Firefox add-on integrated with the popular Firebug web development too

Firefox 2.0.0.12 Security Update fixes 7 Vulnerability & 3 critical patch (memory corruption, JavaScript Engine Crashes).

Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.11)

MFSA 2008-11

Web forgery overwrite with div overlay

Descriptions

Security researchers Emil Ljungdahl and Lars-Olof Moilanen demonstrated that, in cases where the entire contents of a page are enclosed in a <div> with absolute positioning, a web forgery warning dialog won’t be displayed unless the user switches tabs away-from then back-to the forgery page.

References

• Web forgery warning not shown until tab switch
• National Vulnerability Database (NVD) - CVE-2008-0594

MFSA 2008-10

URL token stealing via stylesheet redirect

Descriptions

Security researcher Martin Straka reported that Gecko-based browsers update the .href property of stylesheet DOM nodes to reflect the final URI of the stylesheet after following any 302 redirects (much as the document.location property is updated). This differs from other browsers and could potentially reveal sensitive URL parameters, such as those used by Single-signon sytems, to scripts on the page.

References

• Stylesheet href property shows redirected URL unlike other browsers
• National Vulnerability Database (NVD) - CVE-2008-0593

MFSA 2008-09

Mishandling of locally-saved plain text files

Descriptions

Mozilla contributor oo.rio.oo demonstrated that once a file with Content-Disposition: attachment and (improper) Content-Type: plain/text is saved locally, the browser would no longer open local files with .txt extensions for viewing, but would rather prompt the user to save the file.

References

• plain text txt file viewing capability lost after having downloaded a txt file with content-disposition: attachment and content-type: plain/text
• National Vulnerability Database (NVD) - CVE-2008-0592

MFSA 2008-08

File action dialog tampering

Descriptions

Security researcher Michal Zalewski demonstrated that timer-enabled security dialogs can be subverted by attackers using JavaScript to change the window focus. Zalewski showed that a user could be tricked into confirming a security dialog of this type by bringing the dialog back into focus right before a user clicked in a predictable time and place.

References

• file action dialog controls vulnerable to refocus race
• National Vulnerability Database (NVD) - CVE-2008-0591

MFSA 2008-06

Web browsing history and forward navigation stealing

Descriptions

Mozilla contributor David Bloom reported a vulnerability in the way images are treated by the browser when a user leaves a page which utilizes designMode frames. The reported issue can be used to steal a user’s navigation history, forward navigation information, and crash the user’s browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.

References

• Vulnerability allows script to see where user is headed, sniff history, and crash [@ nsDocShell::Destroy()] the browser too
• National Vulnerability Database (NVD) - CVE-2008-0419

MFSA 2008-05

Directory traversal via chrome: URI

Descriptions

Gerry Eisenhaur reported the chrome: URI scheme improperly allowed directory traversal that could be used to load JavaScript, images, and stylesheets from local files in known locations. This traversal was possible only when the browser had installed add-ons which used “flat” packaging rather than the more popular .jar packaging, and the attacker would need to target that specific add-on.

Mozilla researcher moz_bug_r_a4 reported that this vulnerability could be used to steal the contents of the browser’s sessionstore.js file, which contains session cookie data and information about currently open web pages.

References

• Allows to steal data from sessionstore.js
• chrome directory traversal (local disk access via “flat” addons)
• list of “flat” packaged add-ons
• National Vulnerability Database (NVD) - CVE-2008-0418

MFSA 2008-04

Stored password corruption

Descriptions

Mozilla developer Justin Dolske discovered that malicious sites, upon a user saving his or her password, could inject newlines into Firefox’s password store and corrupt saved passwords for other sites.

References

• Content can corrupt stored passwords by injecting line breaks
• National Vulnerability Database (NVD) - CVE-2008-0417

MFSA 2008-03

Privilege escalation, XSS, Remote Code Execution

Descriptions

Mozilla contributors moz_bug_r_a4 and Boris Zbarsky submitted a series of vulnerabilities which allow scripts from page content to escape from its sandboxed context and/or run with chrome privileges. An additional vulnerability reported by moz_bug_r_a4 demonstrated that the XMLDocument.load() function can be used to inject script into another site, violating the browser’s same-origin policy.

References

• List of JavaScript privilege escalation bugs
• National Vulnerability Database (NVD) - CVE-2008-0415

MFSA 2008-02

Multiple file input focus stealing vulnerabilities

Descriptions

Security researchers hong and Gregory Fleisher each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside <label> tags to take advantage of automatic focus shifting into the file input field noted on the Hacker WebZine. As with the earlier reported issues this issue could be used to force a user to upload arbitrary files assuming the attacker knows the full path and name of the file.

These bugs are variations on earlier problems reported by Charles McAuley and Michal Zalewski which were fixed in Firefox 2.0.0.4, as well as an issue reported by hong which was fixed in Firefox 2.0.0.8.
Gregory Fleisher also submitted a series of demonstrations of different ways to lure a user to place focus into the file input control manually. These demonstrations included “focus spoofing” by selectively capturing keystrokes and placing the captured characters where the user thinks the focus should be.

References

• List of Focus shifting bugs
• National Vulnerability Database (NVD) - CVE-2008-0414

MFSA 2008-01

Crashes with evidence of memory corruption (rv:1.8.1.12)

Descriptions

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox 2.0.0.12 and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.

References

• List of JavaScript Engine Crashes
• National Vulnerability Database (NVD) - CVE-2008-0413
• List of Browser Crashes Bugs
• National Vulnerability Database (NVD) - CVE-2008-0412

Thunderbird Security Release

Thunderbird 2.0.0.12 is schedule to be release on February 28.

External Links

• Download Firefox 2.0.0.12

Firefox 3 (beta) is amazing and much-much better than its earlier versions. But there is some minor caveat that I think is a bit annoying (In my opinion) the Autocompletion. The autocomplete max results is set to 25 by default, if there is similar results when you type in any URL in the address bar, it will stretch down quite far (and disappeared within few seconds).

This is not something that I can’t live with, but it’s really straining my eyes every now and then. So here’s a quick guide on how you can manage the auto-complete results with your own preferences, complete with visual guide.

Firefox About Config

1. First, open Firefox Browser type about:config in address bar. (optionally you may uncheck the “show this warning next time” and proceed with clicking “I’ll be careful, I promise!”. :)

Setup Firefox Advanced Preferences

2.on about:config ‘filter’ input bar, type in browser.urlbar.maxRichResults.

3. Click on browser.urlbar.maxRichResults. On the Input Prompt Window type in your prefer value. For this guide I set it to 5 (recommended settings is around 5 - 10 ).

4. Result should be similar like the below example.

5. Finished, restart your Firefox browser and test the auto-complete.

Thanks for reading, merci

Related Posts

• Firefox 2.0.0.12 Urgent Security Release

External Links

• Mozilla Firefox Help: Tips & Trick
• Google Firefox3 Autocomplete

I really lost without Firebug. Googling around I found this Firebug 1.1.0b10. Its compatible with Firefox 3.0b1, 3.0b2, 3.0b3, 3.0b4 & Latest 3.0b5 (beta 5) . Until Joe Hewitt release Firebug 1.1 (probably for firefox 3 release) You can try this Firebug 1.1 beta, download it at fireclipse. It working hu ho.

Excerpt from fireclipse

Firebug 1.1 is Firebug 1.05 by Joe Hewitt with enhancements and bug fixes by John J. Barton (IBM Almaden) and Max Stepanov (aptana)

The file is an XPI file that will add-on to Firefox as Firebug v1.1. Firefox’s updater will allow you to get new experimental versions until Firebug 1.1 is official.

Download

• Firebug Release Archive

Related Posts

• Firefox 2.0.0.12 Urgent Security Release

External Links

• Firebug 1.10b Overview
• Official Firebug
• Firebug Google Group

Apple QuickTime contains a stack buffer overflow vulnerability in the way it handles the RTSP Content-Type header. This vulnerability may be exploited by specially crafted RTSP stream protocol

Live Example

• GNUcitizen- Backdooring QuickTime Movies
• Apple QuickTime redirection to the RTSP exploit

Elia Florio (Symantec) wrap a good introduction post regarding QuickTime 0 day Exploit.

Known Vulnerabilities Proof of concept (milw0rm).

• Apple QuickTime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow exploit
• Apple QuickTime Remote stack rewrite exploit for Internet Explorer 6 & 7
• Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)
• Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit

Workarounds

You may try the following workarounds, as there is no complete patch for this this vulnerability.

• Block TCP port 554 (optionaly 7070) and UDP 6970 through 6999 in your firewall
• Update Quicktime
• Disabled Apple Quicktime ActiveX control running in Internet Explorer (Windows registry file)
• For Firefox - Noscripts addons

Related Links

• RTSP - rfc2326 & RTP - rfc1889
• Apple Security Update on Safari 3 Beta Update 3.0.4
• NVD Database - Buffer overflow in Apple QuickTime
• Microsoft KB240797 - How to stop an ActiveX control from running in Internet Explorer

Recent update on Gmail has to many “Remote call” (AJAX) running (every 10secs) in the background. It will get really slow if you has a large numbers of email and spam. I’m suffering the dreaded “firefox freeze over” syndrome.

Below is a list of addons that will cause “firefox to freezeeeeeeeee”.

• Firebug
• Noscripts.

Its advice to disabled both of this addons or revert gmail back to older versions.

uri code to revert gmail to older versions
http://mail.google.com/mail/?ui=1.

As gmail is getting more crappy with “overload features”. I think I should start using thunderbird more often.

p/s: At this time of writing Google Aps Gmail is still with older version so you wont have this issue.

Related Posts

• Firefox 2.0.0.12 Urgent Security Release