Mozilla is still wrestling with adding a security feature to Firefox that its browser rival, Microsoft's Internet Explorer 7, uses on Windows Vista to keep malware from hijacking computers.
In Vista, IE7 uses a technique Microsoft calls Protected Mode – another name for "low rights" - that blocks disk access to all but a temporary-files folder. The idea is that if an exploit - a drive-by download, for instance - attacks IE7 through a browser vulnerability, it can't install code on the PC's drive.
Last October, after Firefox developers had spent several days at Microsoft's headquarters with the Vista team, a Mozilla engineer said they had come away with thoughts on how Firefox might take advantage of Vista's low-rights features.
"We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," Vladimir Vukiæeviæ wrote at the time in a blog entry.
Now, however, Mozilla seems uncertain about whether that security strategy is smart.
"We're still trying to figure out the mechanics of what we can do and we can't do," acknowledged Mike Conner, director of Firefox development.
"And there are two sides to this idea of Protected Mode. Microsoft said it's not a complete security sandbox, and some people are saying if [attackers] can work around it, it's not worth doing. The big thing for me is where we draw the convenience vs. security line," he added.
Conner argued that some of Vista's security provisions, including User Account Control (UAC) and low-rights modes, can be sidestepped to one degree or another and only get in the user's way.
Last month, for instance, a Symantec researcher published a paper detailing how Vista's UAC could be spoofed by attackers.
"There's a lot of academic research coming out now that [some of these things] don't work," said Conner. "We may end up taking the 'safe enough' approach and implement that."
Firefox 3.0, due out in the second half of this year will have additional password protection and anti-fraud security measures, as well as enhancements to the user interface to make it easier for Web surfers to tell the browser's security status or the validity of a site's certificate.