Slashdot Mirror

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

That's where you quote above is from, and, Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel after that quoted rant of yours above that opens this posting of mine in reply?

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

----

"It's called using apostrophes and proper capitalization. Stop being lazy and learn to use correct grammar." - by clone53421 (1310749)
on Friday April 16, @03:27PM (#31875770)

Ahem:

Get "hooked on phonics" & learn to READ, moron. Your information quoted above WAS OUT OF DATE THE DAY YOU POSTED IT, lol...

Additionally, before you tell others how to write, moron, produce proof of your PHD in English AND LEARN TO READ, because you skimmed over the fact FireFox turned up YET ANOTHER SECURITY BUG, lol, after FireFox 3.6.2 which you ranted above about & are caught in being out of date on no less.

Without a PHD in English to your name though? Well, who the hell are you to tell others how to write, clown? Nobody. Just like you are nobody in the field of computing and your outright mistake and big mouth above got you shut right up for mistakes you made there.

"Back it up or shut up." - by clone53421 (1310749)

Learn to read idiot, and speak for yourself: Per your quote at the top of this reply?

Well - it appears that FireFox 3.6 had a bug when you raved on it, lol, right where Germany said to stay away from it, as they did for IE before that (but never for Opera) AND, 3.6.2 had one as well, lmao....

Then, you noted FireFox 3.6.2 issued as a patch on 04/05/2010, but again - Guess what?

FireFox 3.6.2 also had a bug in it, forcing the issue of YET ANOTHER PATCH to FireFox, lol! Buggy crap being recommended by a no mind like Clown? No thank you.

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

That's where you quote above is from, and, Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel after that quoted rant of yours above that opens this posting of mine in reply?

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

That's where you quote above is from, and, Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel after that quoted rant of yours above that opens this posting of mine in reply?

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

See subject above, and you can't even get computer security facts right:

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

That's where you quote above is from, and, Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel after that rant above?

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

That's where you quote above is from, and, Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel after that rant above?

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

The only person that hung himself was your STUPID LIBELLOUS ASS, by doing it to yourself no less. Don't try to "play smart" or lawyer online dimwit. You don't have the intelligence, schooling, or know how to do so. The above is evidence enough of that.

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

Clone - How stupid do you feel? FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel?

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

Clone - How stupid do you feel? FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above, taken from here:

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

Where Germany advised its peoples to stay away from FireFox, as they had for IE before that (but, never for Opera).

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel?

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

http://slashdot.org/comments.pl?sid=1591778&cid=31755996

"But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/ Firefox 3.6.2 update now available as free download Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL! - by clone53421 (1310749) on Monday April 05, @01:36PM (#31736454) Journal

Clone - How stupid do you feel? FireFox turned up YET ANOTHER SECURITY BUG & right when you shot your big libellous mouth off in that quote above on 04/05/2010 above

(Thus, yet another security bug surfaced in FireFox 3.6.2 in that time frame, yet again, 2x that week it appears (LOL!)).

Clone - How stupid do you feel?

----

Mozilla Firefox DOM Node Moving Use-After-Free Vulnerability:

http://secunia.com/advisories/39175/

Release Date 2010-04-02
Last Update 2010-04-06

----

Now everyone here will see how stupid you are, repeatedly, in all of your posts... lol!

Clone - tell us, what came out the next day after you posted your crap I quoted above, Clone the CLOWN, you utter dimwit?

FireFox 3.6.3!

Why?? Because YET ANOTHER SECURITY VULNERABILITY SURFACED THAT DAY OR THE NEXT DAY in FIREFOX, YET AGAIN, lmao...

"too, Too, TOO EASY!"

Obviously clone the clown, you lost yet again, and you obviously have done nothing with your wasted life, based on such a stupid mistake on your part above CLOWN. Obviously, You're too stupid to exist CLOWN, and it's no small wonder that all you do is post on slashdot all day, as you don't have enough skills or degrees necessary to your name in computing to actually have or hold a job in the sciences of computing.

This one works: UntinyFox.
Reading the source, it appears to use this website to convert the URLs.

I crash Firefox several times a day right now. I leave it running all day and when I come back to the machine it's toast 9 times out of 10. I think it's a combination of Flash! and Java but other things seem to take it out too. I finally got pissed and found out more about how to look at the Firefox bug reports and am slowly trying to add more info to the ones that plague me! this one https://bugzilla.mozilla.org/show_bug.cgi?id=537630 is a bitch for instance. If you want to see yours put this in the address bar -> about:crashes and it will show you what it has and hasn't submitted successfully. I've loaded this new code up and will take it for a spin on sites that normally trash me - so far so good though and it is handling session saver etc. just fine! Painless "upgrade"...

They used to use the system spell checker. It was disabled due to dictionary issues. More information in bug 422760 if you're interested.

This is a HUGE problem because the FF updater runs at whatever level the user that launched it runs. There is not currently the ability to have one admin update FF on 100 computers without going around to each and every computer and personally updating it. Contrast this with IE where the updates are rolled in with OS updates and can be easily be scheduled to run by the admin without a case by case access.

Well, I've kludged together a batch file sent through psexec that copies the .mar file from an open SMB share, and does the updates manually like this: https://wiki.mozilla.org/Software_Update:Manually_Installing_a_MAR_file#Steps_for_Windows

But it's a kludge, and I'm kludge averse these days.

https://developer.mozilla.org/devnews/index.php/2010/04/08/firefox-lorentz-beta-available-for-download-and-testing/

'Lorentz' - a beta version combining FF 3.6.3 with the out of process plugin feature, became available yesterday. This shoves the plugins into their own process, which is where the vast majority of problems occur. Give it a shot and report them bugs!

https://addons.mozilla.org/en-US/seamonkey/addon/10909

2) If you want to use some of the IE-only features, just install this extension, and add Sharepoint to your IE-only whitelist, and you can use the "IE-only" features from within Firefox.

The problem with IE Tab (and it's variants) is that it just embeds the IE rendering engine inside a Firefox tab. You might as well just launch IE, since, indirectly, that's what you are doing anyway. This extension really just saves you from copying and pasting the URL.

Most importantly, this doesn't actually help anybody that's not using Windows.

Urgh. Can they not at least categorize their add-ons? Like, maybe, this?

Funny you should mention NoScript. The daily builds for Chrome just got regexp support in the per-site preferences for JavaScript, cookie and pop-up permissions.

In other words: You can now run with scripting and cookies off, and turn them on for all servers at the specific domains you trust. So CookieSafe and NoScript are built in to Chrome, or will be next time the code from the daily builds makes it into a full release. All it needs is for someone to write the friendly front-end to stick it in a button on the UI now, instead of your having to go to the options.

As someone else already pointed out, AdBlock equivalents are available too.

I suggested to the Firefox devs that this core functionality was needed in Firefox, but they weren't interested. Too busy implementing useless crap like address books. Same story with calling the OS for video rendering; that would have allowed me to play MPEG-4/h.264 video like every other browser. Far too sensible, so they refused to implement it and shoved Ogg Theora into the browser instead.

In addition, I was tired of the bloat, tired of the daily crashes, tired of the refusal to build basic browser functionality into the browser. So I'm one of the people who just ditched Firefox. (I'm really enjoying the Chrome developer tools, which work much better than Firebug ever did.)

1) Sharepoint works in FireFox. Quite well in fact.

2) If you want to use some of the IE-only features, just install this extension, and add Sharepoint to your IE-only whitelist, and you can use the "IE-only" features from within Firefox.

3) Microsoft's official recommendation for Web UIs is now to use JQuery (and they're also contributing code to the project!). Assuming they eat their own dog food, Microsoft webapps should start being a lot more friendly toward non-IE browsers.

It looks like it's theoretically possible to build firefox with Qt widgets thanks to Nokia, but it's difficult and unstable.

And yes obviously you can just load both Qt and GTK libraries but it's ugly and memory-inefficient.

https://addons.mozilla.org/addon/2109

FEBE makes this a quick backup and restore process. It will back up just about everything for you.

Useful for portable versions of firefox as well.

What they call "layers" (which is what they wrote for this hardware acceleration) does support OpenGL as well as DirectX.

They've explained (sorry, can't find the link) that the Intel drivers for a lot of cards don't ship OpenGL 2.0 drivers. So they need to use DirectX for Windows. They also explained that they're using Direct2D for the layers backend, which needs DirectX 10.

What they call "layers" (which is what they wrote for this hardware acceleration) does support OpenGL as well as DirectX.

They've explained (sorry, can't find the link) that the Intel drivers for a lot of cards don't ship OpenGL 2.0 drivers. So they need to use DirectX for Windows. They also explained that they're using Direct2D for the layers backend, which needs DirectX 10.

Tabloid rags? WSJ? Geez, I'm as non-Republican as they come but you sound like an idiot saying that.

He does sound like an idiot, until you read some of what the WSJ has become under Murdoch. Once you have the context, his comments don't sound stupid at all. Sure, the WSJ still has plenty of decent business news, but now it is laced with editorials and "business" news stories that are laced with Murdoch's political agenda ... the days of an unbiased, factual WSJ are long gone, more's the pity.

Unfortunately, our perception of the rag lags well behind the change, and will probably do so for quite some time.

Thankfully, for those of us still investing and engaged with the markets, there are better alternatives:

http://www.ft.com/

with various localizations, and without the Murdoch poison:

http://www.ft.com/home/us
http://www.ft.com/home/uk

So let them ringfence Murdoch's tripe (even the formerly great WSJ he is wrecking). Please.

Or don't wait for Rupert to take both barrels to his own feet and do it for him: filter his tripe out of Google News yourself (I use both approaches: "take off, nuke 'em from orbit. It's the only way to be sure"):

1) Bespoke AdBlock Rules

Open FireFox, go here and install AdblockPlus:
http://adblockplus.org/en/installation

You should have a ABP stop sign looking thing to the right of your FireFox search box. Click the little arrow to the right of it. Click preferences. Click Add Filter. Paste in:

news.google.com##*[href*=".foxnews.com"]

Murdoch ( http://en.wikipedia.org/wiki/List_of_assets_owned_by_News_Corporation ) also owns The Wall Street Journal. Add Filter again, and paste in:

news.google.com##*[href*=".wsj.com"]

2) Greasemoneky Script

Get Greasemonkey:
https://addons.mozilla.org/en-US/firefox/addon/748

Get Sterc's script:
http://userscripts.org/scripts/show/61397

"Laugh it up" :-)

[ Source: http://www.google.com/support/forum/p/news/thread?tid=10c7469adda1fdac&hl=en ]

More lies from the spyware author, LOL!! Read your own quote, I’ll repeat it for you:

Posted by timothy on Tuesday March 23, @02:51AM

But the 3.6.2 update was ALREADY released WELL BEFORE the story was posted (Tuesday March 23, @02:51AM Eastern): https://developer.mozilla.org/devnews/index.php/2010/03/22/firefox-3-6-2-update-now-available-as-free-download/

Firefox 3.6.2 update now available as free download

This entry was posted by beltzner on Monday, March 22nd, 2010 at 8:34 pm

Version 3.6.2 was released THE DAY BEFORE this story even posted! Once again you are caught in your BOLD-FACED LIES, LOL!

Mozilla regularly fuzzes its JavaScript engine: https://bugzilla.mozilla.org/show_bug.cgi?id=jsfunfuzz

Brings up a interesting point, is there an addon/other way to make Firefox not use arial even if its installed and the page explicitly requests it?

Stylish will allow you to customize any website using custom css. There are many pre-configured themes for popular websites that you can download and install... including slashdot.

I love my mouse gestures, too!

(There are loads of mouse gesture addons that one can find with a simple search. I just like this particular one better.)

Okay I admit it - The videos were funny at first, but now I'd like to be able to turn them off, and nobody seems to have included that ability.

What web browser are you using? I have my Mozilla Firefox set up so that whenever I reload a page, the SWFs turn off until I click them.

Tried it on my Mac running Snow Leopard. Using Preview, nothing happened. Same thing with the Firefox PDF Plugin.
Using Adobe Reader, I got a warning that the pdf "...may contain programs, macros, or viruses that could potentially harm [my] computer." In the dialog was a list of files/programs (i.e. Calculator.app) that the pdf wanted to open. Clicking "open" launched Calculator.app, clicking "do not open" just opened the pdf without launching any external programs.
In sum, yes this is a security problem, especially if someone clicks the "do not warn again" check box to disable warnings. But it isn't so critical that I'm rushing to remove Reader from my own computer. Now, for the average user that clicks OK blindly without reading the dialog box....

> But wiretapping at the ISP level doesn't help if their victims use HTTPS or SSL IMAP/POP like pretty much all Gmail (and Yahoo?) users do.

1) Yahoo mail is not encrypted. Only the login is. So it is possible to sniff the session credentials (cookies etc) and do stuff like change the passwords.

And it's not just Yahoo. None of them (Yahoo, Hotmail, Google) allowed you to use https for the entire email session, including Gmail, until the recent Google hack incident.

The banks I use don't even allow you to access their main pages via https. Which does make it hard to get a known trusted login page to log in to the bank.

Yes their login forms submit stuff via https, but how does that help if you've already got a tampered login form?

2) The browser makers put in lots of CA certs but do nothing to help you realize that the server's cert has changed[1], or the server's CA has changed, or the server CA country has changed...

As a result doing stuff securely is hard - the service providers and browser makers aren't helping.

[1] See the discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=286107

The real bug is Mozilla doesn't _help_ you realize and figure out that a cert has been changed for no good reason.

Yes the way to do it won't work 100% for the average person. But the average person will get pwned anyway.

So in this case, Mozilla should help the ones who care about security - warning people that the server cert has been changed rather early, or worse the CA has changed, or even worse the CA has changed AND the new CA is in a different country.

But no, the Mozilla developers still haven't lifted a finger to help. Not even after 5 years.

See this:
https://bugzilla.mozilla.org/show_bug.cgi?id=286107

And comment #5 and rest of discussion.

Quote:
Ian Grigg 2005-03-15 12:14:26 PST

#4. I'd agree with that.

The critical change is when a new cert comes in signed by a *different* CA. In
the event that this is a bad situation, both CAs can disclaim by pointing the
finger at each other. The bad CA just shrugs and says "I followed my
established and audited procedures...." In practice, even a little finger
pointing will break any semblance of CAs backing up their words.

https is very easy to MITM if you can inject bogus signed certificates. For that you need to control a CA. Like, for example, CNNIC whose root certificate is included in MSIE and Firefox.

Please to vote on the bug report to remove this security hole.

BetterPrivacy by NettiCat
https://addons.mozilla.org/en-US/firefox/addon/6623

But that's after NoScript has allowed the Flash content to run.

Cheers.

easy fixed.

Mozilla support for a GStreamer backend is being written. Doesn't that solve the issue of H.264 support?

The Certlock thing should help (assuming they do it right and the software itself can be trusted), but the problem could have been fixed by the browser makers long ago if they took security seriously. If I remember right, the problem was discussed years ago in a firefox bug report.

Basically the browser should have features to allow you to be warned if:
1) The CA has changed (still vulnerable to "Gov can forge SSL certs with CA's help")
2) The cert has changed (paranoid mode- the Gov can eavesdrop only if they have the private key of the server - IIRC in the old days for some strange reason certain CAs actually made you send them everything, go figure why ;) ).

Now in paranoid mode, some load balancing sites might cause warnings because the certs could be different. For example different certs were installed on the servers serving up the same sites. This could be because they are in the middle of rolling out new certs. However this is not a huge problem, if the sites with the correct certs provide suitable warning in advance the user would realize that and accept the new certs.

FWIW, I'm wondering if this addon actually is OK: https://addons.mozilla.org/en-US/firefox/addon/6415 :).

Yeah, I think advertisers are the real reason why the Mozilla devs are adamantly against making NoScript functionality a core part of Firefox.

However, Google's added the functionality to the recent nightly builds of Chrome, so as soon as it stabilizes I'm just going to switch. Mozilla can pull their heads out of their asses and start serving users rather than advertisers, or lose their market share.

[Opinions mine, not my employer's.]

Yes, but NoScript functionality really needs to be part of the core Firefox product. Security shouldn't be something that you have to download plugins to get.

(Meanwhile, Mozilla devs are working on adding address books to the browser. Yeah, nice sense of priorities there.)

Two pieces:

Ad blocking hosts file

Flashblock

Web browsing just got a whole lot faster.

1) Flash-based Banner Ad
2) JRE Exploit (CVE-2008-5353)
3) Adobe Reader Exploit
4) Profit?

From what I saw when this happened to me:

1) Javascript-based banner ad
2) MFSA2010-01 (or something similar that was present in Firefox 3.5.7)
3) Mozilla extension to redirect links from google, yahoo and bing to a site of your choice
4) Site that serves large numbers of per-impression banners for dubious porn sites
5) Profit.

Heh. From what I read, that’s correct... Firefox is currently the only browser that supports WOFF. But there were some interesting things I figured I’d quote:

The WOFF format originated from a collabaration between the font designers Erik van Blokland and Tal Leming with help from Mozilla’s Jonathan Kew. Each had proposed their own format and WOFF represents a melding of these different proposals. The format itself is intended to be a simple repackaging of OpenType or TrueType font data, it doesn’t introduce any new behavior, alter the @font-face linking mechanism or affect the way fonts are rendered. Many font vendors have expressed support for this new format so the hope is this will open up a wider range of font options for web designers.

The compression format is lossless, the uncompressed font data will match that of the original OpenType or TrueType font, so the way the font renders will be the same as the original. Similar compression can be achieved using general HTTP compression but because compression is part of the WOFF format, it’s simpler for authors to use, especially in situations where access to server configuration is not possible.

Second, the format includes optional metadata so that a font vendor can tag their fonts with information related to font usage. This metadata doesn’t affect how fonts are loaded but tools can use this information to identify the source of a given font, so that those interested in the design of a given page can track down the fonts used on that page. Fonts in WOFF format are compressed but are not encrypted, the format should not be viewed as a “secure” format by those looking for a mechanism to strictly regulate and control font use.

Firefox 3.6 will be the first shipping browser to support the WOFF format so it’s important to construct @font-face rules that work with browsers lacking WOFF support.

More, and examples, here: http://hacks.mozilla.org/2009/10/woff/

A WOFF font is a Web Open Font Format font.

http://hacks.mozilla.org/2009/10/woff/

It's basically an extension of the @font-face rule with it's own compression and meta tagging. Please don't tell my designers about it.

Or just stay with the 3.5.x series. Problem is, I don't see where they even link to it on their website. Even the 3.5.8 release notes page seems to link to 3.6 for downloads...

3.6.2 is out.

First of all I think you need a timeline to help you understand how this vulnerability was handled:

Feb 1st, 2010: VulnDisco is updated with a zero day exploit for Firefox 3.6. No details on how the exploit works are provided. The exploit is only available in binary form when you buy a copy of VulnDisco. Some people buy VulnDisco and have difficulty in making the exploit work. https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

March 16th, 2010: First 3.6.2 nightly builds that contain a fix are made available: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.2-candidates/build3/

March 18th, 2010: Mozilla announces that the original discoverer of the problem provided them sufficient details to find and fix the vulnerability. They also link to the nightlies linked to above on the March 16th entry. http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/

March 30th, 2010: Scheduled release date.

Assuming that they got the details on the 16th and actually came up with the fix the same day (which is probable), that's a 2 week turnaround. Given that there have been no further nightlies posted for 3.6.2 since the March 16th it seems pretty clear they're in the release stages of getting 3.6.2 out of the door.

I'm not really sure how you expect them to get it out sooner. The largest delay here is them getting the information they needed to fix it. Which accounted for a month and a half worth of time.

Should they work at reducing the lag between having the fix done and putting out releases. Yes and based on my interview there serveral years ago they were committed to doing just that. But there's still an awful lot of work that has to go into actually doing those releases. They don't just magically appear.

https://bugzilla.mozilla.org/show_bug.cgi?id=552350 Please see this bug if you are running FF 3.6. I have a sneaking suspicion that it's the culprit. I wouldn't mind anyone reproducing it, it's sitting unconfirmed as I reported it.

They are thinking of integrating Ubiquity into the app itself. It has previously been done with Personas and there is also similar thinking for Prism and Jetpack.

That is the public wiki, so you need to be careful and check who wrote those pages instead of assuming it's all in the plans, but the particular examples given are real.

They are thinking of integrating Ubiquity into the app itself. It has previously been done with Personas and there is also similar thinking for Prism and Jetpack.

That is the public wiki, so you need to be careful and check who wrote those pages instead of assuming it's all in the plans, but the particular examples given are real.

They are thinking of integrating Ubiquity into the app itself. It has previously been done with Personas and there is also similar thinking for Prism and Jetpack.

That is the public wiki, so you need to be careful and check who wrote those pages instead of assuming it's all in the plans, but the particular examples given are real.

They are thinking of integrating Ubiquity into the app itself. It has previously been done with Personas and there is also similar thinking for Prism and Jetpack.

That is the public wiki, so you need to be careful and check who wrote those pages instead of assuming it's all in the plans, but the particular examples given are real.