firefoxMozilla has released Firefox version 3.6, with increased security, faster display of web pages and Javascript, and some new features for add-ins and themes. Here’s a description of the new release and a video demonstrating some of the new features.

If you are running Firefox, you can get the new version by clicking on Help / Check for updates. Presumably it will soon be offered automatically when you launch Firefox.

Switching from IE is easy: start at this page and you’ll be given lots of information about what to expect. Firefox imports favorites and passwords from IE automatically. If you’re using LastPass, you can separately install the Firefox add-in and all of your passwords will begin working immediately.

You’ll see advice to switch to Firefox everywhere: from Microsoft-haters; from security experts who suggest that Firefox is less vulnerable to security exploits that IE; from feature junkies who find a rich environment for add-ins and tweaks; and from speed freaks who perceive a noticeable increase when they compare the two browsers.

I use Firefox occasionally and mostly it seems like a browser – a second way to accomplish something I could have done just as easily with Internet Explorer. I use it occasionally when I run into an IE hiccup; ironically, for example, Firefox would log into Windows Live sites that were inaccessible with Internet Explorer. I’m not a big fan of duplicative software but it’s been nice to have it available.

If you want to use Firefox, you should use it. Firefox is a mature, stable and full-featured program. There are two related things to keep in mind about security.

  • Like any program today, installing Firefox carries with it the obligation to keep it up to date. Firefox is regularly updated with fixes for security vulnerabilities. It will only be a safe program if you install those updates when prompted by the program.
  • Installing Firefox or Google Chrome does not significantly increase your security against malware spread through poisoned web sites, despite what you read in articles bashing Internet Explorer. This has been mentioned frequently in articles about the Chinese attacks on Google and other companies, since Internet Explorer 6 on Windows XP was used as one of the vectors for those attacks. (The fix for that vulnerability was distributed on Thursday – that’s why your computer restarted on Thursday night.)

Google has quietly diverted attention from the Chinese attacks by allowing everyone to focus on the Internet Explorer exploit and blame Microsoft. Not much information has been disclosed about the attacks but the McAfee report made it clear that other exploits could have been used by the hackers:

While we have identified the Internet Explorer vulnerability as one of the vectors of attack in this incident, many of these targeted attacks often involve a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios. So there very well may be other attack vectors that are not known to us at this time.

You’re familiar with the updates from Microsoft but you need to understand that Mozilla issued 34 “Critical” security advisories in 2009, defining Critical as those that “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” Google regularly issues similar updates for Chrome. Don’t install Firefox or Chrome and then relax! All the rules for safe computing still apply!