About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Firefox 2.0 First Impressions

I've been using Firefox 2.0 for most of the day, and so far, I like it. The biggest disappointment is that it doesn't support HttpOnly cookies. Also, a few of my favorite extensions (del.icio.us, Foxylicious, and LiveHTTPHeaders) aren't compatible, but that's a temporary problem.

The button to close a tab is now on the tab itself, and to help address the increased likelihood that you'll accidentally close a tab (because the close buttons move as the tabs resize), there's an "Undo Close Tab" option:

Microsummaries are pretty cool, and I might implement them on my blog. They're basically little summaries that are small enough to fit in a bookmark label.

If you spend a lot of time commenting on blogs and other sites, you might find the new spell checker useful. It's both intuitive and unobtrusive:

There's also some phishing prevention (which I haven't experimented with yet) and a few other security features, such as support for RFC 3546, which (among other things) extends TLS to allow for host identification, alleviating the shared host problem where the Host header is necessary to figure out which SSL certificate to present, but it's not available until the SSL handshake has completed.

For PHP developers, there is a section for web site and application developers with some useful information.

What are your first impressions? Have you tried IE 7.0?

Note: For the cynics among us, Jeremiah Grossman is soliciting guesses for the first Firefox 2.0 vulnerability.

About This Post

Firefox 2.0 First Impressions was posted on Tue, 24 Oct 2006 at 01:58:22 GMT.

22 Comments

1. Chris Shiflett's GravatarChris Shiflett said:

I should mention that if you download Firefox before the official 2.0 announcement, you're going to be testing a release candidate. (I'm using RC 3.) If you want the official 2.0 release, wait a few hours for the official announcement.

Also:

http://weblogs.mozillazine.org/pree...ntirelease.html

Tue, 24 Oct 2006 at 03:19:53 GMT Link

2. Chris Shiflett's GravatarChris Shiflett said:

A reader pointed me to another (more thorough) review:

http://mozillalinks.org/wp/2006/10/firefox-2-review/

Tue, 24 Oct 2006 at 03:28:26 GMT Link

3. Troels's GravatarTroels said:

Actually those extensions are compatible - they just don't know it. It's a simple matter of :

download extension and save to disk

rename from .xpi to .zip

unzip

open install.rdf

edit the tag <em:maxVersion> to suit your needs

zip the folder

rename from .xpi to .zip

smile

Tue, 24 Oct 2006 at 09:04:27 GMT Link

4. David Salisbury's GravatarDavid Salisbury said:

Chris, have a look at this:

http://users.blueprintit.co.uk/~dav...firefox/nightly

I've been using it throughout the Firefox 2 beta/RC releases to enable the various extensions I use regularly to work.

Tue, 24 Oct 2006 at 09:10:46 GMT Link

5. Chris Shiflett's GravatarChris Shiflett said:

Thanks, Troels and David, for the very helpful comments.

Tue, 24 Oct 2006 at 13:03:04 GMT Link

6. Rafa T's GravatarRafa T said:

The final version seems to be already on the web server, although they did not do the announcement yet.

http://releases.mozilla.org/pub/moz...x/releases/2.0/

Tue, 24 Oct 2006 at 13:09:38 GMT Link

7. Chris Shiflett's GravatarChris Shiflett said:

Hi Rafa,

I could be wrong, but I'm pretty sure that's RC 3. I've heard that today's release may just be RC 3 being renamed to 2.0, but we won't know until it happens.

Tue, 24 Oct 2006 at 13:15:41 GMT Link

8. Rafa T's GravatarRafa T said:

I installed it this morning and in the about screen it says "version 2.0"

But maybe you are right they only change the name... who knows...

Tue, 24 Oct 2006 at 13:31:41 GMT Link

9. Nate Klaiber's GravatarNate Klaiber said:

I downloaded it yesterday and I like the new features. For me, I like that you can move the tabs around (and that the close button is ON the button). This is convenient when I need things next to each other, or I group my tabs accordingly. The spell checker is a nice feature from many different perspectives.

I also have played with IE7. I think its crap. I'm not just saying that to vent, but functionally it's still large steps behind. The interface is horrbile compared to the consistency you can get with other browsers.

That being said, I do like that they are taking steps to help prevent phishing attacks and to better protect the novice user. These will come in handy.

I haven't looked too deep into the browsers support for different methods - that's something for next week. he.

Tue, 24 Oct 2006 at 13:37:58 GMT Link

10. Chris Shiflett's GravatarChris Shiflett said:

I did the same thing yesterday and wondered if I was really just running a release candidate, so I downloaded RC 3 from their web site and compared the install images. They were identical.

I didn't try any of the other release candidates to know whether they said "version 2.0" as well, but it does seem like making that "version 2.0 RC 3" would have put an end to a lot of speculation. :-)

Tue, 24 Oct 2006 at 13:39:08 GMT Link

11. Adrian Dvergsdal's GravatarAdrian Dvergsdal said:

Now, a lot of the new stuff in FF2 is already available in Opera. But one thing that is not the same is the phishing prevention. I've heard that Opera is using a whitelist and FF2 is using a blacklist. What are the major differences?

Tue, 24 Oct 2006 at 14:11:20 GMT Link

12. David Salisbury's GravatarDavid Salisbury said:

@Rafa T

Read this: http://weblogs.mozillazine.org/preed/2006/10/the_antirelease.html

Tue, 24 Oct 2006 at 14:14:38 GMT Link

13. Chris Shiflett's GravatarChris Shiflett said:

Stefan Esser has released an extension that mimics HttpOnly:

http://www.hardened-php.net/httpOnly/httponly.xpi

I haven't used it yet, but I like his approach.

Tue, 24 Oct 2006 at 14:56:01 GMT Link

14. Rasmus's GravatarRasmus said:

The del.icio.us FF2.0 compatible extension is here:

https://addons.mozilla.org/firefox/3615/

Wed, 25 Oct 2006 at 02:42:29 GMT Link

15. Chris Shiflett's GravatarChris Shiflett said:

Thanks, Rasmus.

For those who haven't tried it, the Delicious Bookmarks extension is basically the original del.icio.us extension and Foxylicious combined and "done right."

Wed, 25 Oct 2006 at 03:07:19 GMT Link

16. Matthom's GravatarMatthom said:

I was also concerned about the "close tab" X that appears on each tab, in 2.0. Sometimes I have 15-20 tabs open, and that means each tab's width is really narrow. The X, however, probably doesn't get smaller, so that makes it more likely to accidently hit an X, when all you meant to do was just hit the TAB itself.

The Undo Close Tab feature will certainly be helpful.

Fri, 27 Oct 2006 at 18:34:20 GMT Link

17. Chris Shiflett's GravatarChris Shiflett said:

Hi Matthom,

If you visit about:config, you can change this behavior. See here for more information:

http://kb.mozillazine.org/Browser.tabs.closeButtons

I currently have mine set to 0, so I only have a close button on the active tab. You can disable it completely by changing this value to 2.

Hope that helps!

Fri, 27 Oct 2006 at 18:39:22 GMT Link

18. Matthom's GravatarMatthom said:

Yes that does, thanks. That makes sense I guess. Only the active tab should have a close-tab X on it... Cool.

Fri, 27 Oct 2006 at 18:52:47 GMT Link

19. T@nya's GravatarT@nya said:

I also use Firefox Version 2.0 now (before I used Internet Explorer). I think Firefox is more reliable browser but I can't find the option I had in IE about saving file by right button clicking and choosing "Save object as". For some sites it's ok because file is downloaded automatically there but for other sites I couldn't solve this problem yet and still use IE for them. I'm not a big specialist in this so maybe somebody can help me?

Sat, 09 Dec 2006 at 12:39:25 GMT Link

20. Chris Shiflett's GravatarChris Shiflett said:

Try "Save Link As..." when you right-click.

Sat, 09 Dec 2006 at 14:26:43 GMT Link

21. T@nya's GravatarT@nya said:

Thank you very much for your answer Chris but this option still doesn't help. Well...I think I will continue using IE for some sites then

Sat, 09 Dec 2006 at 20:51:00 GMT Link

22. Michael's GravatarMichael said:

I've used Firefox 2.0 and i think it`s nice, especially i like a spell checker feature. Comparing with IE7 it`s much better, but i still use opera.

Sun, 10 Dec 2006 at 16:56:07 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

PHP Appalachia

11 - 14 Oct 2008

At Big Bear Lodge, Gatlinburg, Tennessee.

php|works / PyWorks

12 - 14 Nov 2008

At Sheraton Gateway Hotel Atlanta Airport, Atlanta, Georgia.

New Comments

Chris Shiflett wrote:

Miguel, read the post again. PHP 4.4.9 is the final release of PHP 4.

Posted in End of Life for PHP 4
Miguel Palazzo wrote:

I think you're wrong. PHP 4.4 is DEAD, that's so right, because they just released 4.4.9, and you...

Posted in End of Life for PHP 4
alikim wrote:

Hi, Thanks for the article! Tell me please if it's enough to use just session_start(); se...

Posted in
Wayne wrote:

Hi ZX, When taking in data, you should always check to see if magic_quotes is enabled. If it i...

Posted in addslashes() Versus mysql_real_escape_string()
Chris Shiflett wrote:

Thanks, Brandon. I'm glad you liked the talk. Maybe some parts of it would be interesting to some...

Posted in ZendCon

Browse Comments