• Mejoras en el uso de memoria: Es algo que se puede sentir sin la necesidad de usar algun tipo de benchmarks. Esta clase de progreso ayuda especialmente a escritorios como Gnome, que para ser sinceros es algo mas exigente con respecto al hardware que otras alternativas libres, pero aun asi, es (y probablemente seguira siendo) uno de los Desktop Environments mas usados. Y pone a Firefox a competir directamente con otros como Opera, y Safari.
• Interfaz grafica integrada con el Sistema operativo: Me gusta especialmente el trabajo que se ha hecho en la version de Linux, en la cual, Firefox utilizara los iconos del tema de nativo de GTK, para sus barras de herramientas y menues.
• Estandares W3: La prueba Acid2 pasada completamente y el resultado de la Acid3 mejora considerablemente con respecto a Firefox 2.
• Barra de direcciones inteligente.

Según informacion entregada por Mozilla, la version final estaría disponible para el mes de junio. Jugueteando con el navegador, me di cuenta que existe un problema de seguridad en todas las versiones del Firefox 3, es una regresion de un bug reportado hace mas de 3 años por Michael Krax, el cual afecta las plataformas Windows, personalmente no considero que sea peligroso. Lo reporte a Mozilla, y ya tienen disponible un patch en trunk, el proximo release ya deberia venir con este problema corregido. Un detalle que no me gusta de Firefox 3, es el hecho que la barra de direcciones ahora muestra la URL despues de haberla 'urldecodeado', y si somos de los que jugamos con las URLs manualmente, esto puede ser un inconveniente.

Text2SQLChar Converts an string into a CHAR() mysql, usefull when magic_quotes is on.
SQLIncrement Increments automatically the number of columns of the injected select query.
SQLDecrement Decrements automatically the number of columns of the injected select query.
Increment Allows you to navigate up html files or images that have a number in them.
Decrement Allows you to navigate down html files or images that have a number in them.
base64 Firefox only, base64 with no padding

I wrote the first 3 of them, I'm not javascript god, so they need to get improved, I'll try to make them shorter, and follow a couple of suggestion from bookmarklets.com. The two others come from RSnake' bookmarklet collection, where I fixed a detail, it was not decoding the URL before using it, so if the url contained an escaped value at the end of the url like %20, it would modify it and change it to %21. I'll keep this post updated whenever I find or write a new security-related bookmarklet. As another issue, I noticed that the site looks ugly on low resolution systems, so I'll try to get a new theme to fix that on a couple of days and update the wordpress version.

Update: Let's make that, Firefox 2.0.0.11, which also fixes some regressions.

According to pdp, this issue makes vulnerable to Cross-site scripting applications that allow users uploading compressed ZIP, and JAR files. After a couple of minutes messing around the poc's, I figured out that sites with open redirect issues are vulnerable too. I've created this poc that attacks Gmail, it's based on my previous post and it will only show your contacts list, it's not being logged server side or anything (as some people thought that my previous poc did. Credit to tx for discovering the open redirect issue used to exploit Google / Firefox):

http://beford.org/stuff/jarjarbinks.htm

Who's fault? Both, Google for having open redirect issues and not fixing them, and Mozilla Corporation for failing to address this problem.

What can I do to protect myself? Giorgio Maone have already added protection against this flaw to NoScript development version.

Update: NoScript released stable version with Jar protection. A new bugzilla (#403331) entry was created to fix the inappropiate redirect on jar protocol, according to the lastest comments and bug keyword, there seems to be a patch and will be availible with Firefox 2.0.0.10.