Mozilla has released the first beta version of Firefox 4.The striking differences are in the user interface; for instance, tabs default to the top of the window, a la Google Chrome. But security improvements have, for now, taken a back seat.

Mozilla has released the first beta version of Firefox 4

The striking differences are in the user interface; for instance, tabs default to the top of the window, a la Google Chrome.

In fact, security changes seem almost nonexistent in this version. The "What's New in Firefox 4 Beta (revision 1)" in the release notes doesn't mention a single security feature. This Features page has one: new privacy controls.

There seem to be two themes to the new privacy features: one is the claim that version 4:

Makes it easier to know what info websites are gathering about you, what they can do to your computer and what they're allowed to know about you.

Unfortunately, from what I can see, the privacy and history user interfaces are almost exactly the same as in version 3.6. Perhaps these features are not yet implemented in beta 1.

The second is about how version 4 attempts to plug a privacy hole in the CSS :visited selector which, in combination with the JavaScript getComputedStyle() function, can allow a malicious site to examine your browsing history.

Mozilla's strategy for blocking abuse is somewhat incredible:

getComputedStyle (and similar functions like querySelector) will lie. They will always return values as if a user has never visited a site.

There will also be limits to the styles and some other features that can be used for visited links. It's not clear to me if this has been implemented in beta 1.

This entry on hacks.mozilla.org explains the matter in more detail.

Originally posted to the PCMag.com security blog, Security Watch.