Coach Wei writes "An industry wishlist for future browsers has been collected and developed by OpenAjax Alliance. Using wiki as an open collaboration tool, the feature list now lists 37 separate feature requests, covering a wide range of technology areas, such as security, Comet, multimedia, CSS, interactivity, and performance. The goal is to inform the browser vendors about what the Ajax developer community feels are most important for the next round of browsers (i.e., FF4, IE9, Safari4, and Opera10) and to provide supplemental details relative to the feature requests. Currently, the top three voted features are: 2D Drawing/Vector Graphics, The Two HTTP Connection Limit Issue, and HTML DOM Operation Performance In General . OpenAjax Alliance is calling for everyone to vote for his/her favorite features. The alliance also strongly encourages people to comment on the wiki pages for each of the existing features and to add any important new features that are not yet on the list."

An anonymous reader writes "Using data generated by the Mozilla Firefox download pledge page, the map on this blog post ranks countries, not by absolute number of pledges made, but rather on a per capita basis. This analysis yields some interesting conclusions about where open source is strongest and weakest." Anonymous Warthog writes "That didn't take long. In a blog posting from the TippingPoint DVLabs security team (of Kraken and CanSecWest hacking contest fame), they confirmed that they reported a vulnerability in Firefox 3.0 to Mozilla a mere five hours after it was released. Additionally, there was a posting on the Full Disclosure security mailing list from someone that purports to have another vulnerability in the works as well. In the grand scheme of things, this probably means nothing to the general security of Firefox, but you can be sure the browser zealots on all sides will be watching carefully." Finally, from reader Toreo asesino: "Microsoft have congratulated the Mozilla team by sending them their second cake (minus recipe) to Mozilla's Mountain View headquarters to congratulate them on shipping FireFox 3, which went live right on time last night." Congratulations are indeed due on both the browser and the release process — looks like the Firefox fever (despite some seriously taxed servers) resulted in more than 8 million downloads in 24 hours.

snydeq writes "A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers. The source code can be used to run unauthorized software on a victim's machine, and could be used by criminals in Web-based computer attacks, security experts say. The public example of the attack code allows attackers to litter a victim's desktop with executable files, an attack known as 'carpet bombing.' In combination with bugs in Windows and Internet Explorer, attackers can run unauthorized software on a victim's computer."

An anonymous reader recommends a story about the upcoming beta 2 release of Internet Explorer 8. InternetNews expects that the standards-compliant default mode will push many developers to update their sites. We've previously discussed IE8's standards compliance and other features. Quoting: "Over the years of IE's dominance as the leading browser, designers regularly tweaked their sites to get the best possible accuracy in rendering pages in IE -- most recently, the current commercial release, IE7. Now those pages will need to be changed. Microsoft originally planned for IE8 to default to rendering similarly to IE7, while super standards mode would have been an option. The outcry from critics helped convince Microsoft officials to instead default to super standards. That, unfortunately, will mean work for site administrators."

SecureThroughObscure writes "Security blogger and researcher Nate McFeters blogged about a 0-day exploit affecting IE7 and IE8 beta on XP that was released by noted security researcher Aviv Raff. The flaw is a 'cross-zone scripting' flaw that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone. Quoting McFeters's post: 'This is currently unpatched and in all of its 0-day glory, so for the time being, beware printing using the "print table of links" option when printing web pages.' McFeters and others will be presenting at Black Hat on the link between cross-site scripting and cross-zone. Rob Carter has been hitting this hard over at his blog, pointing out cross-zone weaknesses in Azureus, uTorrent, and the Eclipse platform."

thevirtualcat found some inconsistencies in IE8's Acid2 results that made him wonder what's going on. Can anyone replicate these results or, better yet, explain them?
Update: 03/22 23:54 GMT by KD : Several readers pointed out this has to do with cross-site scripting prevention, as described here.

Edy52285 writes "Ars Technica has an article showing benchmarks pitting Firefox 3 Beta 4 against other browsers. Contenders include IE7, Firefox 2, Opera 9.5 Beta, and Safari 3.0.4 Beta. The piece includes a graph depicting FF3's memory usage well below that of the other browsers. The in-testing browser even trumps Opera, which has long been regarded as the fastest browser around."

Steven Noonan sends us to a page where he is collecting and updating results for various browsers on the newly released Acid 3 test. No browser yet scores 100 on this test. (We discussed Acid 3 when it came out.) He writes, "It's not surprising that Internet Explorer is losing to every other modern browser, but how did IE 5.5 beat IE 6.0 and 7.0?" All of the IE versions score below 20 on Acid 3.

Admodieus writes "It seems as though the veil has been lifted on the Internet Explorer 8 beta. Microsoft has revealed a list of the new features in IE8, including two interesting new additions called Activities and WebSlices. From the site: 'Activities are contextual services to quickly access a service from any webpage. Users typically copy and paste from one webpage to another. Internet Explorer 8 Activities make this common pattern easier to do ... WebSlices is a new feature for websites to connect to their users by subscribing to content directly within a webpage. WebSlices behave just like feeds where clients can subscribe to get updates and notify the user of changes.' Also aboard the upgrade train is automatic crash recovery, a favorites toolbar, and improved phishing filter protection. Microsoft has also posted links to download the beta, but none of them are working right now."

A number of readers wrote in to make sure we know about Microsoft's change of heart regarding IE8. The new version of the dominant browser will render in full standards mode by default. Developers wishing to use quirks mode for IE6- and IE7-compatible rendering will have to opt in explicitly. We've previously discussed IE8's render mode a few times. Perhaps Opera's complaint to the EU or the EU's record antitrust fine had something to do with Redmond's about-face.

An anonymous reader writes "According to the Washington Post's Security Fix blog, cyber criminals are populating the Internet with Web sites designed to exploit several recently-discovered security holes in a half-dozen widely used ActiveX plug-ins for IE 6 and 7, most notably the one offered by Facebook and MySpace to help users upload photos. The sites, advertised via links in email and instant message spam, also 'probe for other vulnerable IE plug-ins, including two recently discovered from Yahoo! and one for QuickTime (this one attacks a vulnerability Apple patched just last month). The sites also throw in an exploit against a six-month-old IE flaw.' The article notes that the SANS Internet Storm Center has released a GUI tool to help users safely deactivate the vulnerable plug-ins in the Windows registry."

Stony Stevenson writes to point out that Netscape has finally reached end of line with the release of version 9.0.0.6. A pop-up will offer users the choice of switching to Firefox, Flock, or remaining with the dead browser, but no new updates will be released. "Nearly 14 years after the once mighty browser made its first desktop appearance as Mosaic Netscape 0.9, its disappearance comes as little surprise. Although Netscape accounted for more than 80 per cent of the browser market in 1995, the arrival of Microsoft's Internet Explorer in the same year brought stiff competition and surpassed Netscape within three years."

dotne writes "CNET has published an article called Acid2, Acid3 and the power of default. The article predicts that IE8 will not pass the Acid2 test after all: '[Another] scenario could be that Microsoft requires Web pages to change the default settings by flagging that they really, really want to be rendered correctly. Web pages already have a way to say this (called doctype switching, which is supported by all browsers), but Microsoft has all but announced that IE8 will support yet another scheme. If the company decides to implement the new scheme, the Acid2 test — and all the other pages that use doctype switching — will not be rendered correctly.' Microsoft's IE8 render modes have been discussed here previously, and they've caused an uproar in the web development community. According to the scheme, authors must put Microsoft-specific <meta> tags into their pages in order for them to be rendered correctly. I doubt Acid2, nor Acid3 will have Microsoft extensions in them."

Dak RIT writes "In a blog post this week, Microsoft's IE Platform Architect, Chris Wilson, confirmed that IE8 will use three distinct modes to render web pages. The first two modes will render pages the same as IE7, depending on whether or not a DOCTYPE is provided ('Quirks Mode' and 'Standards Mode'). However, in order to take advantage of the improved standards compliance in IE8, Web developers will have to opt-in by adding an additional meta tag to their web pages. This improved standards mode is the same that was recently reported to pass the Acid 2 test, as was discussed here."

Z80xxc! writes "InfoWorld is reporting that on February 12th, Microsoft will roll out Internet Explorer 7 through Windows Server Update Services to all systems - regardless of whether or not the update had been requested previously. The piece also mentions ways to prevent the update from occurring, for sysadmins who do not want to use IE7 on their systems. Microsoft claims that the decision was made due to 'security concerns'."

kastababy writes "In yet another instance of up-and-coming browser developers fighting back against the Microsoft behemoth, the makers of Opera have filed a complaint with the European Union against Microsoft. In their complaint, they allege that IE's 77% market share abuses its dominant position by tying IE to Windows and its refusal to accept Web standards, causing significant interoperability issues. The complaint also requests that the EU's Antitrust Division force Microsoft to separate IE from Windows and accept several different standards, thereby resolving major interoperability issues and providing consumers more choice in the browser market." Update: 12/14 19:47 GMT by Z : We also discussed this yesterday.

A number of readers have sent word about Opera Software ASA's antitrust complaint against Microsoft filed with the EU. Here is Opera's press release on the filing. The company wants the EU to "obligate Microsoft to unbundle Internet Explorer from Windows and/or carry alternative browsers pre-installed on the desktop" and to "require Microsoft to follow fundamental and open Web standards accepted by the Web-authoring communities." The latter request makes this a case to watch. Will the Commissioner take the Acid2 test using IE7?

eldavojohn writes "Shortly following the frustrations of IE7, Gates claims that he is unaware that IE8 Secrecy has been alienating developers. Ten influential bloggers met with Bill on Tuesday and asked Gates questions about why they are no longer receiving information on IE. From Molly Holzschlag's blog: 'Something seems to have changed, where there is no messaging now for the last six months to a year going out on the IE team. They seem to have lost the transparency that they had. This conversation [between Web developers and the IE team] seems to have been pretty much shut down, and I'm very concerned as to why that is.' To which Bill replied: 'I'll have to ask [IE general manager] Dean [Hachamovitch] what the hell is going on, I mean, we're not, there's not like some deep secret about what we're doing with IE.'"

SkiifGeek writes "Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code. Whose responsibility is it to fix this behavior? Both the antivirus / anti-malware companies and Microsoft's IE team have something to answer for."

openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."