Firefox 3.0 will have several new security features baked in, according to Mozilla's chief of security.
The browser will likely have a tool for automatically blocking sites suspected of harbouring malware. It will also offer support for the extended validation Secure Sockets Layer (EV SSL) certificates, said Window Snyder, Mozilla's chief security officer.
The malware blocker, which relies on blacklists generated by Google, has been publicly debated by Mozilla and Google developers, with mock-ups of the on-screen warnings surfacing in early June.
"We wanted to make sure that it's obviously not a security notification that they can ignore," Snyder said, describing how the warnings will work. "The [user interface] makes it clear that this [site] is dangerous. And it does not give the user a click-through," Snyder said. In other words, users will be able to back away from the potentially malicious site but won't be able to simply accept the warning and continue on.
"Nothing's ever done until it ships," Snyder cautioned, hinting that changes are still possible, or if necessary, the tool might still be ditched.
The other feature set for Firefox 3.0 offers support for the new EV certificates now used by a few of the largest online retailers, banks and financial institutions. Those certificates, which in Internet Explorer turn the address bar green, require more extensive background checks of the buyer by the issuing authority to guarantee that they're given only to trustworthy sites. One of the first sites to use EV certificates was that of PayPal.