Mozilla Corp. updated the preview of Firefox 3.0 to alpha 8 Thursday, unveiling for the first time to users several security features it's talked up for months.
Among the security provisions debuting in the new alpha of "Gran Paradiso," the code name for Firefox 3.0, are built-in anti-malware warnings and protection against rogue extension updates, according to documentation Mozilla posted to its Web site.
The malware blocker, which was first mocked up in June, will block Web sites thought to contain malicious downloads. The feature, a companion to the phishing site alert system in the current Firefox 2.0, will use information provided by Google Inc. to flag potentially-dangerous sites, warn anyone trying to reach those URLs with Firefox and automatically block access to the site.
Mozilla also pointed to a URL that demonstrates the new malware blocker for alpha 8 users.
Also taking a bow is a check meant to prevent plug-ins' automatic updates from sending users to malicious sites where they might be infected by attack code or drive-by downloads.
To stymie attacks through a compromised extension update, Mozilla will require updates-- both the actual update package and the much smaller "manifest," or notification of an update-- to be delivered over an SSL-secured connection. Or the update must be digitally signed.
The change doesn't affect the initial installation of an extension, something Mozilla recognized. "[This] has no impact on the security of initial add-on installs," it told developers in the online guide.
This newest preview, which can be downloaded in versions for Windows, Mac OS X and Linux from the Mozilla site, still comes with a warning to end users. "Alpha 8 is intended for Web application developers and our testing community. Current users of Mozilla Firefox should not use Gran Paradiso Alpha 8," the browser's release notes.
Mozilla has not officially committed to a release date for the final version of Firefox 3.0.