In the beginning of the web era, the web browser gave developers the ‘view source’ option enabling developers to see code and learn from others. Browser vendor Mozilla is now going far beyond ‘view source’ with a series of built-in developer tools in the new Firefox 10 release.
Instead of digging through source, Firefox 10 has something called the ‘Inspect Tool’. With the Inspect Tool any Firefox 10 users can right click on any item on a web page and get a menu item that will provide visibility into the code and style structure for an element on a page.
Firefox goes a step further than just visibility by also helping to educate as well. CSS has expanded in recent years with new properties that aren’t well known to everyone yet. In Firefox 10’s Inspect Tool there is also a helper icon that will link users to a Mozilla Developer Network (MDN) page that explains what a given property is all about and how it is used.
From a new specification support perspective, Firefox 10 enables developers to use the new CSS 3D-Transforms property. According to the official W3C draft specification, “CSS 3D Transforms extends CSS Transforms to allow elements rendered by CSS to be transformed in three-dimensional space.” Firefox 10 also supports anti-aliasing for the WebGL graphics library.
While the browser usually confines applications inside of its frame of navigation and buttons, Firefox 10 introduces a full-screen API for developers.
“This feature should allow any app to create a full screen HTML-based experience,” Mozilla’s platform wiki states. “This means that an app should be able to create a full screen context of an element. That element can contain HTML, video, canvas or even flash. This should be useful for games, presentations or video experiences.”
In addition to providing new capabilities to developers, Firefox 10 also fixes at least nine sets of security issues for both users and developers. Five of those vulnerability sets are rated as critical, two as high, one as moderate and one comes in at low.
The critical flaws include memory safety hazards and a potential memory corruption issue when decoding Ogg Vorbis media files. There is also a critical fix for an interesting cross-site-scripting (XSS) issue, titled, “Frame scripts calling into untrusted objects bypass security checks.”
“Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects,” Mozilla states in its security advisory. “This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts.”
Frame mis-use is also the subject of a High impact vulnerability fixed in Firefox 10 titled, ” [ iframe ] element exposed across domains via name attribute.”
“Alex Dvorov reported that an attacker could replace a sub-frame in another domain’s document by using the name attribute of the sub-frame as a form submission target,” Mozilla warned in its advisory. “This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.”