Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mozilla Strategizes With Microsoft On Security

Mozilla developers who spent several days this week with the Windows Vista team at Microsoft's Redmond, Wash. campus said that they're considering implementing a security feature in the upcoming OS to better protect future versions of Firefox from attack.

Vladimir Vukievi, who was one of the Mozilla team to take up Microsoft's August offer of Vista assistance, said that Vista's "Low Integrity Mode" might make Firefox less susceptible to exploits.

Low Integrity Mode, which is part of the Vista User Account Control (UAC) technologies that are meant to make it more difficult for attackers to install their code on PCs, is similar to "sandbox" techniques that wall off an application from the rest of the operating system. By reducing the browser's rights, Low Integrity Mode prevents a compromised or vulnerable application from making changes to the OS or other apps. Internet Explorer 7 in Vista will make use of Low Integrity Mode as part of what Microsoft calls "Protected Mode."

"We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," wrote Vukievi on his blog. "I have some ideas on how we could do this in a cross-platform way, taking advantage of UAC on Vista, and dropping privileges on Linux/Mac OS."

Vukievi said that Mozilla's developers will consider if this is possible for the next major version of Firefox, v. 3.0, which is currently on the planning board for a 2007 release. "I think that it would force us to evaluate exactly where the browser touches the rest of the system, and to figure out how to tighten the security around those interactions," he added.

Even before the three-day confab in Redmond, Mozilla was talking about beefing up Firefox security. In an interview last month, Window Snyder, the new head of security at Mozilla, said that the company would look for Firefox to "have fewer entry points into the system."

  • 1