RealTime IT News

Mozilla, Opera Unite to Standardize Web

The Mozilla Foundation Wednesday announced a cooperative effort to standardize plug-in functionality, ushering in a new era of multimedia accommodation on today's Web browsers.

Together with Apple , Macromedia , Sun Microsystems and Opera, officials at the open source organization said they are expanding the scope of its Netscape Plugin Application Interface (NPAPI) to create an open source, secure and scriptable plug-in model.

The five companies have a vested interest in creating an open standard on the Internet: Opera (Opera), Mozilla (Firefox) and Apple (Safari) are all browser makers; and Macromedia and Sun, through Flash and Java, respectively, own the software used to create many of the plug-ins used today.

Mitchell Baker, Mozilla Foundation president, said plug-ins are critical components of the Web that require constant improvements and enhancements.

"This has been an issue that's needed to be resolved for quite some time," she said. "Once the Mozilla Foundation was formed, we had a venue to provide leadership and make things happen. It became clear that all the various browser vendors and plug-in vendors were all very eager to do something like this; [now] was right time to get things going."

The NPAPI was once the standard among vendors for getting plug-ins to communicate with computers. That vendor list included Microsoft and its Internet Explorer. That is until Redmond officials stopped supporting the NPAPI to create ActiveX , its own standard. The technology is currently the centerpiece of a patent infringement battle between Microsoft and Eolas Technology, who claim they invented the technology.

Mozilla and Opera have been jointly waving the standards flag for some time now to jumpstart the Web-browsing experience into something more dynamic.

In May, the two browser developers submitted a specification called Web Forms 2.0 to the World Wide Web Consortium (W3C). The spec calls for a standard method for developing Web applications and compound documents.

The intended target of these specifications is Internet Explorer, though none of the companies comes out and says so. According to W3Schools.com, IE owns more than 81 percent of the browser market as of June. Mozilla and Opera follow with 11.4 percent and 2.3 percent, respectively.

The Web Forms spec and the alliance's charter seek to avoid the pitfalls of a single, dominant browser presenting its own specifications and having them accepted as de facto standards because of their widespread use.

Another fear is that a dominant browser might lead to complacency by its vendor to improve its product, as in the case of IE, which hasn't had a significant update in a couple years. Recent events seem to bear that out.

IE is experiencing a critical security meltdown that Microsoft has yet to resolve. The flaw, which allows crackers to install spyware software onto Web servers, has remained unpatched since its discovery two weeks ago. Microsoft officials said they might consider releasing a patch out of its normal monthly schedule if customer demand warrants it.

On Tuesday, the U.S. government's Computer Emergency Readiness Team (US-CERT) warned Web users to stop using IE, because of the "significant vulnerabilities" found in domain/zone security model, DHTML object model, MIME-type determination and ActiveX.

Mozilla's Baker said one of the biggest advantages of an open source project is its ability to point out security vulnerabilities sooner than in proprietary software.

"You do find you've got many eyes looking for security issues, and that runs through our development cycle, not just plug-ins," she said. "The thing about plug-ins is that once you decide to put it on your machine, you need it to execute, otherwise it can't do anything. So the security model in these cases is very complex.

"As we've seen in recent days, the combination of IE and the Windows OS, integrated tightly, is a rich ground for malicious actors. That's unrelated to plug-ins, [but] one of the things that Mozilla browsers do is provide extra layers of protection there."

Officials expect Web browsers with the new interoperability features to start appearing in future releases sometime this fall.

For the time being, however, Mozilla is hosting the alliance's efforts on its NPAPI Web page and features plug-in SDKs , test builds and scripting examples. In a couple weeks, it will start including the expanded NPAPI in nightly builds of its Firefox browser before its release.