The features of Mozilla Firefox distinguish it from other web browsers
such as Internet Explorer, and are subject to both rave reviews and harsh
criticisms. It lacks many features found in other browsers, in an effort to
combat interface bloat and to allow the browser to be shipped as a small,
pared-down core easily customizable to meet individual users' needs. Instead of
providing all features in the standard distribution, Firefox relies on the
extension system to allow users to modify the browser according to their
Firefox supports tabbed browsing, which allows users to open multiple pages
in the same window. This feature was carried over from the Mozilla Application
Suite, which in turn had borrowed the feature from the popular MultiZilla
extension for SeaMonkey. Until version 1.0, Firefox did not support automatic
single window mode, in which all links that would normally open in a new window
were instead opened in a new tab. This feature was introduced in 1.0 after
complaints from users migrating from other browsers such as Opera, Avant Browser
or Maxthon. However, there were a number of problems with this policy, and as a
result it has been disabled by default. Before 1.0, most users who preferred
single window mode used extensions such as Tabbrowser Preferences or Tabbrowser
Extensions to solve their quandary.
Firefox also permits the "homepage" to be a list of URLs delimited with
vertical bars (|), which are automatically opened in separate tabs, rather than
a single page. This can be a mixed blessing, since clicking the home page opens
another set of tabs, instead of resetting the current set (though the proper way
to solve this isn't entirely clear), and since it is slightly more difficult to
open a browser quickly for a single web page retrieval when this is necessary.
Firefox also includes integrated customizable pop-up blocking. Firefox was
given this feature early in beta development, and it was a major comparative
selling point of the browser until Internet Explorer gained the capability in
the Windows XP Service Pack 2 beta. This blocks pop-ups from all web sites by
default, but can be configured to allow individual sites to show pop-ups. It can
also be turned off entirely to allow pop-ups from all sites. Firefox's pop-up
opening a new window while a page is loading unless the site is added to a "safe
list" found in the options menu.
In many cases it is possible to view the pop-up's URL by clicking the
dialogue that appears when one is blocked. This makes it easier to decide if the
pop-up should be displayed.
An integrated customizable download manager is also included. Downloads can
be opened automatically depending on the file type, or saved directly to disk.
By default, Firefox downloads all files to a user's desktop on Windows or to the
user's home directory on Linux, but it can be configured to prompt for a
specific download location. The download manager currently does not support
cross-session resuming (stopping a download and resuming it after closing the
browser). Another issue with the download manager is that it fails to close if
small files or files already in the cache are downloaded. One advantage of the
Firefox download manager is that the user can view the full source URL and
destination path of the file being downloaded via the Properties box; Internet
Explorer only shows the file name and source domain name.
When the download manager was first introduced around version 0.8, there was
an uproar among users who preferred the old style of individual windows for
downloads, akin to that used by Internet Explorer. Initially there was a great
demand for an extension to address the issue but this desire quickly diminished.
Powered by RSS or Atom feeds, "Live Bookmarks", another feature of Firefox,
allow users to dynamically monitor changes to their favorite news sources. When
this feature was first introduced in version 1.0 PR, there were a few worries
that Firefox was beginning to include non-essential features and that it was
beginning to bloat the browser much like the Mozilla Suite. However, these
worries have largely abated.
Live Bookmarks have surprised many users with their simplicity. Instead of
treating RSS-feeds as HTML pages like most news aggregators do, they are treated
as bookmarks that are updated in real-time with a link to the appropriate
Page Information Box
The Firefox browser also includes the Page Info dialog (accessible via the
right-click context menu) which displays various information on the current web
page, such as:
- Page encoding method, referrer, MIME type and metadata
- Form input methods and fields for the current page
- Links on the page - link text, target and type
- Media elements and their properties, such as images and the Favicon
- Security and encryption details
Firefox allows users to force web pages to render in a certain font and size,
even if the web site themselves set the font sizes in pixels. This can be useful
for viewing sites with small fonts.
There are 3 types of add-ons in Firefox: extensions (for additional
browser functionality), themes (modified browser appearance), and
plugins (to view additional web content). Firefox add-ons may be obtained
from the official Mozilla Add-ons web site or from other sources.
The extensibility of Firefox allows users to add features and functionality
through the installation of XPInstall modules, while keeping the core program as
small and bloat-free as possible. This means that the user interface is clean
and uncluttered upon initial installation of the browser. Most extensions are
under 50 kilobytes in size, making them easily accessible to anyone regardless
of connection speed.
Many features of the Mozilla Application Suite, such as IRC chat (ChatZilla)
and calendar have been recreated as Firefox extensions. Other extensions allow
the user to use mouse gestures, block advertisements, or improve tabbed
A new feature that can be integrated in Firefox via extensions in the ability
to share files using p2p clients. AllPeers, is an extension that combines the
strength of Firefox and the efficiency of BitTorrent to create a media sharing
powerhouse. The extension is still not available, but will be released soon.
The extension system can be viewed as a ground for experiment where new
functionalities are being tested. From time to time an extension would be pulled
back into the project and made part of the product. An example is MultiZilla, an
extension which provided tabbed browsing when Mozilla lacked that feature. The
first implementation of tabbed browsing for Mozilla was a complete rewrite of a
stripped version of MultiZilla, but the author of MultiZilla (H.J. van Rantwijk)
agreed that it was better to use the new <tabbrowser> widget written for
Mozilla, for support and compatibility reasons only. Note that MultiZilla is
still being worked on, even today.
There has been some concern about extension security, as it is possible to
install a malicious extension that may gather information about the user, or
worse, compromise his or her computer's security. The developers responded by
letting users whitelist the sites they trust to download extensions from, and by
providing a preference to disable extension installation altogether. In
addition, Firefox prevents users from clicking the button to install the
extension for three seconds to ensure that users are not tricked into clicking
it accidentally. Blogger Jesse Ruderman filed the bug report that explained why
the last measure is necessary, giving examples of how users could be manipulated
into installing extensions without knowing it in versions without the
Firefox must be restarted before extensions are fully installed, uninstalled
or disabled. This is one of the criticisms of Firefox themes and extensions
although the Firefox development team plan for functionability to allow
extensions and themes to be installed without restarting in version 1.5.
Note that MultiZilla introduced a color scheme (for protection) and a context
menu that can be used to download the XPI file (instead of installing it) It can
also be used to bookmark or copy the URI of the XPI file to the clipboard for
later use. Another feature that might end in Mozilla Firefox one day.
Firefox also supports a variety of themes/skins for changing its appearance.
Themes are simply packages of CSS and image files. Many themes can be downloaded
from the Mozilla Update web site.
The change of default theme from Qute to Winstripe in Firefox 0.9 was subject
to vocal debate. The Winstripe theme was created by heavily modifying Pinstripe,
a theme designed with Mac OS X in mind. Prior to that, Firefox and its
predecessors had used the Qute theme, designed by Arvid Axelsson. Due to
licensing issues, the theme was prevented from being released under the Mozilla
Public License. Axelsson was upset about being notified about the theme change
only a few days before it took place, and posted the transcript of his dialogue
with Ben Goodger, who had informed him of the change, on the MozillaZine forums,
breaking the news before it was formally announced. Although many people
criticized the new theme when it was rolled out, eventually the tension
subsided. Axelsson continues to produce Qute privately. Axelsson still makes
Mozilla Thunderbird's default theme.
Firefox supports plugins based on Netscape Plugin Application Program
Interface (NPAPI), i.e. Netscape-style plugins. As a side note, Opera and
Internet Explorer 3.0 to 5.0 also support NPAPI.
On June 30, 2004, the Mozilla Foundation, in partnership with Adobe, Apple,
Macromedia, Opera, and Sun Microsystems, announced a series of changes to web
browser plugins. The new API will allow web developers to offer richer web
browsing experiences, helping to maintain innovation and standards. The new
plugin technologies are expected to be implemented in the future versions of the
Preferences and privacy
Firefox's toolbars and interface are customizable; users can move and
manipulate the various buttons, fields, and menus on the toolbars, and also add
new toolbars or delete existing ones.
The feature of password manager and form manager that save login and form
information can be helpful to user, especially home users. Firefox offers a
one-click system for deleting trails of activity on the Web. Cookies, history,
saved passwords, cache, saved form information, and download manager history can
all be cleared with one button or individually.
Using the built-in software security device, users can set a master password
to encrypt all saved password and personal certificates, preventing an intruder
from easily compromising sensitive information. Users will then be prompted for
this password when a saved password or personal certificate would be required.
The user can set how often they will be asked this password in the browser
Additionally, Firefox stores many hidden preferences that are accessed by
typing about:config in the address bar. This is used to enable features
such as single-window mode and error-pages, or to speed up page rendering by
various tweaks. Experimental features like HTTP pipelining are often hidden in
the about:config menu.
The Mozilla Foundation takes pride in Firefox's compliance with W3C web
standards. Firefox has extensive support for most basic Web standards including
2005, however, Firefox's latest stable release, Firefox 1.5, does not pass the
rigorous Acid2 standards-compliance test, which has been passed so far only by
the browsers Safari, Konqueror, iCab and Opera.
It also supports PNG images and variable transparency, something Internet
Explorer does not do fully. Indeed, Firefox's support of PNG images has caused
much debate around Internet Explorer's standards compliance, as it is a standard
that web developers want to use instead of the old GIF format, which does not
have the same capabilities. GIF was also patent-encumbered until recently.
Mozilla contributors are constantly improving Firefox's support for existing
standards. Most of CSS Level 2 and some of the not-yet-completed CSS Level 3
standard have been implemented in Firefox. Work is also being done on
implementing standards that are currently missing, including SVG, APNG, and
Firefox and other Mozilla applications are built with XPToolkit, which reuses
collection of proprietary standards (XUL, XBL, and XTF). Some of the Mozilla
standards like XBL is also making its way to open standards (via WHATWG).
Mozilla Firefox runs on a wide variety of platforms. Releases available on
the primary distribution site support the following operating systems:
- Various versions of Microsoft Windows, including 98, 98SE, Me, NT 4.0, 2000,
XP, and Server 2003
- Mac OS X
- Linux-based operating systems using X.Org Server or XFree86
Mozilla Firefox installation on Windows 95 requires a few additional steps.
Since the source code is available, it can also be compiled and run on a
variety of other architectures and operating systems. Thus, Firefox is also
available for many other systems. This includes Solaris (x86 and SPARC), OS/2,
AIX, and FreeBSD. Builds for Windows XP Professional x64 Edition are also
Firefox uses the same profile format on the different platforms, so a profile
may be used on multiple platforms, if all of the platforms can access the same
profile (e.g., profile stored on a FAT32 partition accessible from both Windows
and Linux). This is useful for users who dual-boot their machines. However, it
may cause a few problems, especially with extensions.
Firefox also has an incremental find feature known as "find as you type",
invoked by the slash (/) key. When a user types a word while on a web page,
Firefox will automatically search for it in the page and highlight the first
There is also a built-in Mycroft Web search function with extensible search
engine listing; by default, Firefox includes plugins for Google and Yahoo!, and
also includes plugins for looking up a word on dictionary.com and browsing
through Amazon.com listings. Other popular Mycroft search engines include
Wikipedia, eBay, and IMDb. Mycroft is named after Mycroft Holmes, the fictional
older and smarter brother of Sherlock Holmes. The Macintosh OS's built-in search
system is named after Sherlock Holmes.
It should be noted that most of the aforementioned features are not unique to
Firefox. Opera, for example, also supports many of these features, but lacks
similar extensibility; also, until recently it was supported by advertisements —
users had to pay a fee to remove the advertisements.
Secured by design
Firefox was designed with security in mind. Some of the key features include
the use of the sandbox security model, same origin policy and external protocol
One key characteristic of Firefox security is based on the fact that it is
open source software, and thus, its source code is visible to everyone. Proposed
software changes are reviewed by at least one other person, and typically
"super-reviewed" by yet another, and once placed in the software is visible for
anyone else to consider or protest.
Security bug bounty
In addition, Mozilla (including Firefox) has a security "bug bounty" system:
people who report a valid critical security bug receive a $500 (US) cash reward
(for each report) and a Mozilla T-shirt. The purpose of this "bug bounty" system
is, according to the Mozilla Foundation, to "encourage more people to find and
report security bugs in our products, so that we can make our products even more
secure than they already are." Note that these reporters can be anyone in the
world, and that these potential reporters have access to the source code of
Mozilla Firefox, internal design documentation, forum discussions, and other
materials they can use to aid them in finding security flaws.
However, the bug bounty does not always succeed in maintaining the secrecy of
Firefox vulnerabilities. On May 8, 2005, two serious security issues (and their
proofs of concept) that allow arbitrary code execution had been leaked onto the
Internet. The vulnerability was originally discovered by Paul of Greyhats
Security Group and Michael "mikx" Krax. Paul and mikx reported the vulnerability
to the Mozilla Foundation and bug 292691 was filed on Monday (May 2, 2005).
However, somebody else found out and leaked the details of the exploit. This was
against the security bugs policy and the will of both the reporters and the
community. An official security advisory was published, includes various
workarounds to the vulnerabilities. This was fixed in 1.0.4, which was released
on May 11, 2005 (9 days after the initial bug report).
As of July 2006, the security firm Secunia reports 4 security flaws not yet
fixed for Mozilla Firefox, as opposed to 21 security flaws not yet fixed for
Microsoft Internet Explorer. In addition, according to Secunia, Firefox's
vulnerabilities tend to be less critical than Internet Explorer's. While
Internet Explorer users who have installed Windows XP Service Pack 2 are only
affected by seven of these vulnerabilities, users of older versions of Windows
are potentially affected by all of them as Service Pack 2 is only available for
On the whole, Firefox security vulnerabilities have been patched relatively
quickly. Most occurred during the beta phase of the project. One notable
exception is the XUL spoofing vulnerability that was found in 1999, marked
confidential in the Mozilla bugtracker until July 21, 2004, and fixed finally
before the first official release of the product for end-users (the 1.0
release). In late February 2005 a security update, Firefox 1.0.1, was released
which addresses several more security issues found since the release of 1.0, in
particular preventing a new class of internationalized domain name spoofing
A line of reasoning used by critics to explain Firefox's low number of
security vulnerabilities is that since Firefox's market share is quite low,
attackers may have less incentive to develop and release exploit code, and so
vulnerabilities of the same kind may be less likely to be exploited. However, it
was argued that this is not the full story; the Apache HTTP Server has a much
larger market share than Microsoft IIS, yet Apache has had fewer (and generally
less serious) security vulnerabilities than IIS.
A list of fixed security vulnerabilities can also be found in Mozilla
Foundation's security advisories.
The count of pro-Firefox security reports and press articles took a notable
upswing after the Download.ject attack on Internet Explorer on June 23, 2004.
This was bolstered by numerous media reports on the subject around the same time
that representative Art Manion of the United States Computer Emergency Readiness
Team (US-CERT) suggested that using a web browser other than Internet Explorer
would mitigate security risks. On June 6, 2004, before the release of Windows XP
Service Pack 2, CERT Vulnerability Note (VU#713878) stated as one of seven
solutions that switching to an alternate browser would avoid this vulnerability,
and possibly others.
Some security experts, including Bruce Schneier and David A. Wheeler,
recommended that users should stop using Internet Explorer for normal browsing,
and switch to a different browser instead; Wheeler specifically recommended
Firefox. Several technology columnists have suggested the same, including highly
regarded Wall Street Journal columnist Walter S. Mossberg, Washington
Post columnist Rob Pegoraro, USA Today’s Byron Acohido and Jon
Swartz, Forbes’ Arik Hesseldahl, eWEEK.com Senior Editor Steven J.
Vaughan-Nichols , and Desktop Pipeline’s Scot Finnie. Microsoft’s Craig
Mundie admitted that Microsoft’s products were "less secure than they could have
been" because they were "designing with features in mind rather than security" —
even though most people didn’t use those new features.
On December 8, 2004, Pennsylvania State University Information Technology
Services suggested that students avoid using Internet Explorer and recommended a
number of alternative browsers including Firefox.
Firefox's security is usually contrasted with that of Internet Explorer,
since Internet Explorer is Firefox's primary competition.
The United States Computer Emergency Readiness Team (US-CERT) did state that
Internet Explorer's design makes it very difficult to secure. In contrast,
almost none of their concerns apply to Firefox. The US-CERT noted that:
- "There are a number of significant vulnerabilities in technologies
relating to the IE domain/zone security model, local file system (Local Machine
Zone) trust, the Dynamic HTML (DHTML) document object model (in particular,
proprietary DHTML features), the HTML Help system, MIME type determination, the
graphical user interface (GUI), and ActiveX... IE is integrated into Windows to
such an extent that vulnerabilities in IE frequently provide an attacker
significant access to the operating system."
Firefox and Internet Explorer both employ graphical user interfaces (GUIs),
and in both cases there is the risk that a user may be fooled by
misunderstanding the interface or the displayed information in a way that puts
them at risk (this is a general risk of GUI-based web browsers). However, in all
other ways Firefox is different from Internet Explorer:
- Firefox does not use a domain/zone security model or local machine zone
trust for accessing web pages (common ways to fool Internet Explorer into
granting excess privileges).
- Firefox does not support many of Microsoft's proprietary DHTML features,
which create those risks for vulnerabilities
- Firefox is not part of Microsoft's HTML Help system
- Firefox does not ignore the MIME type of a file unless it's a binary file
sent with a text/plain MIME type
- Firefox does not support ActiveX (though plugins for ActiveX exist in some
form; once an ActiveX component is run, it runs with the full privileges of the
Signed remote script that uses XPCOM (short for cross platform COM) is in some
ways similar to ActiveX. However, XPCOM cannot be used silently in this way
because every use of XPCOM components need to be confirmed by the user (with a
timeout dialog). Therefore, usually XPCOM is only used within the browser's user
- Firefox is not deeply integrated into the operating system. Thus, any
defects in Firefox are less likely to have catastrophic effects, major new
versions of Firefox can be installed without installing a new operating system,
and Firefox can be uninstalled later without difficulty. However, since Firefox
is cross-platform, any defects in the browser may affect all platforms. In
addition, defects in the browser may potentially allow a hacker access to all
the system resources made accessible by vulnerabilities in Internet Explorer.
Firefox 1.5 Features
There are several new features in Firefox 1.5 including:
- 'Clear Private Data' which automatically removes privacy information with a
keyboard shortcut or when closing firefox.
- Options Window UI Update
- New Cookie Controls per site
- Extension Manager upgrades:
- Command Line Installation/Uninstallation
- Server-Side GUID Blacklist
- Enhanced Global Registration
- Mac Profile Migrators for:
- Apple Safari
- Mozilla Camino
- Microsoft Internet Explorer 5.x
- Omniweb 5
- Searchable download actions manager (now with integrated full page plugin
- Possible Accessibilites options
- Drag-and-drop reordering of tabs
- Instant Back and forward navigation
- Native SVG Support
- Support for Always Storing Cache on Local Filesystem
- Provide utility for incremental download (Key part for patches instead of
full releases for updates)
- Reporter Tool (To report broken websites)
- Support for the <canvas> tag
Awaiting your comments