Mozilla's open source Firefox browser has made a significant dent in Internet Explorer's dominant market share. Much of its popularity is due to the wide availability of third-party add-ons that significantly extend Firefox's functionality -- allowing Firefox to disable Java or JavaScript on the fly, perform JavaScript whitelisting, even host ActiveX controls, for example. Firefox has always pushed the boundary in terms of features and functionality, and it can boast both growing enterprise support and the ability to run on Windows, Mac, and Linux. One claim Firefox can't make is a high granularity of security control.
Firefox does not automatically ask for elevation when installing, so be sure to run as administrator beforehand if you want it to install the browser into the normal Program Files folder in Windows Vista or another user-securable location. If installed on Vista, Firefox runs as a single process (Firefox.exe) with medium integrity, DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) enabled, and file system and registry virtualization disabled. The latter is a feature in Vista that allows users to run applications without having administrative privileges.
[ See also "How secure is Google Chrome?" and "How secure is Opera?" Tomorrow: "How secure is Internet Explorer?" For more on browser security and protection against Web-borne threats, see Security Adviser and "Test Center: Browser security tools versus the evil Web." ]
Like Google Chrome, Firefox has a JavaScript engine that converts JavaScript source code into native machine code; Firefox uses an open source engine called TraceMonkey. Unlike Chrome, in which the V8 JavaScript engine is always on, Firefox's JavaScript support can be enabled or disabled across the browser. By using the NoScript add-on, you can enable JavaScript (and Java and Flash) on a per-site basis.
Although add-ons such as NoScript, and plug-ins such as Adobe Flash, bring many useful capabilities to Firefox, at the same time they come with problems and security issues of their own. Firefox has a built-in add-on manager that allows you to browse available extensions, install and uninstall them, and enable and disable them, but again, they can't be enabled or disabled with per-site granularity.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
38 Recommendations
