Slashdot Mirror

Anonymous Cow writes "Almost a month after the release of Firefox 1.5 beta 1, the second beta of Firefox 1.5 has been released. Firefox 1.5b2 can be downloaded from Mozilla.org. A changelog outlining the changes in this release is also available. The official announcement is over at MozillaZine." From the announcement: " This release does not contain any major new features since Beta 1. Improvements to automated update system, Web site rendering and performance, along with several security fixes are included in this release. Beta 1 users that want to help test software update, should wait for the automatic update to be triggered sometime in the next few days. The incremental update from Beta 1 to Beta 2 is 700K bytes."

Juha-Matti Laurio writes "MozillaZine has a report about new Mozilla Thunderbird 1.0.7 release. Among other changes, this minor release includes fixes for the Linux command line URL parsing security flaw. Thunderbird 1.0.7 can be downloaded from the Thunderbird product page. 'Extremely Critical' Secunia advisory will be updated very soon."

Neil writes "The Mozilla Foundation has published an initial roadmap for 'Lightning', the project to integrate its calendar application Sunbird with its email application Thunderbird."

hackajar writes "Firefox 1.0.7 has been released today. From the announcement "Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. There are also other security and stability changes, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.""

An anonymous reader writes "SeaMonkey 1.0 Alpha was released last week. Users of the Mozilla Suite or Netscape should check it out - it contains numerous new features and bugfixes when compared to Mozilla 1.7, but offers the same basic look and feel. There are a few screenshots on the SeaMonkey blog showing off some of the features. For those who don't know, SeaMonkey is the continuation of the Mozilla Suite after the Mozilla Foundation ceased shipping new releases."

An anonymous reader writes "SeaMonkey 1.0 Alpha was released last week. Users of the Mozilla Suite or Netscape should check it out - it contains numerous new features and bugfixes when compared to Mozilla 1.7, but offers the same basic look and feel. There are a few screenshots on the SeaMonkey blog showing off some of the features. For those who don't know, SeaMonkey is the continuation of the Mozilla Suite after the Mozilla Foundation ceased shipping new releases."

mcc writes "Yesterday Slashdot reported on a Firefox vulnerability which could allow remote code execution. Today Firefox has a patch and a configuration workaround, both of which immunize against the bug. If you are using Firefox you should immediately go to the URL 'about:config', type 'network.enableIDN' into the box, and verify that 'network.enableIDN' is set to 'false'." Update: 09/10 18:59 GMT by Z : Removed wayward colon.

elfguygmail.com writes "Firefox 1.5 beta1 is out! It includes many new features including a new automatic update system, reworked options dialogs, faster browsing, new error pages, memory and stability updates. Get your beta at Mozilla.org."

elfguygmail.com writes "Firefox 1.5 beta1 is out! It includes many new features including a new automatic update system, reworked options dialogs, faster browsing, new error pages, memory and stability updates. Get your beta at Mozilla.org."

rbochan writes "Allegations in an article over at CNET propose that alternate browsers such as Firefox and Opera impede law enforcement and investigation efforts because they "use different structures, files and naming conventions for the data that investigators are after", which can "cause trouble for examiners.""

prostoalex writes "Between June and July of this year, Firefox lost 0.64% of the users, while Microsoft IE gained the same amount, leaving other browsers at their usual zero point something share. Could recent security problems and lack of stability, reported by some users, lead to the decline of the browser that just passed 80 million downloads?" I think the other thing to remember is that while ~8% seems a lot, there's a still a huge amount of ground to cover -- and a number change like this is statistical noise. I should point out that my issue with noise isn't the absolute numbers; it's the somewhat inadequate measurements tools for this.

asa writes "It's been nine months since the release of Firefox 1.0 and with tens of millions of users we most certainly are taking back the web. Today our Firefox web browser hit the 80,000,000 downloads mark. You can see the live counter over at SpreadFirefox.com."

OSCON 2005 was held in a convention center this year, instead of a hotel, because it just got too big (2000+ people). Too big, in fact, for pudge and myself to cover more than a fraction of the talks and the ideas flitting around the hallways. But here's some of what I found cool last week. And if you attended or presented at OSCON and want to tell us about all the neat stuff we missed, please, share your thoughts in the comments, or submit a fact-rich writeup and we'll maybe do a followup story later.

Mike Shaver's talk on writing Firefox extensions was packed to the walls. If you've been wanting to try it, Firefox 1.5 makes development easier, and should be out soon, so now's a good time. This talk and the tutorial on Ajax persuaded me to start using the DOM Inspector and debugging some JavaScript to get a better understanding of webpage manipulation.

Aaron Boodman's talk on his extension Greasemonkey was a walkthrough of writing a simple GM user script, a discussion of what's coming up, and some Q&A. Greasemonkey 0.5 ("Now With Security!") is in beta: there are multiple security changes that suggest someone really has sat down and thought the whole model through. GM works with Firefox, Seamonkey, Opera, and Windows MSIE (but not, oh please somebody correct this oversight, Safari).

Ruby on Rails is hot; if you want to develop a web app quickly you can't ignore it. It stresses "convention over configuration" with reasonable defaults. The tutorial went from installation to the "hello world" of the web, a blog (!), in a few hours. Anyone have a real-world example of Rails scaling to a large project and lots of traffic?

DarwinBuild is an open-source project from Apple that aids in building the open-source components of Darwin/Mac OS X. Given a build number of Mac OS X, it will fetch and build the software for that version, allowing you to modify the source as needed, making it easy for any developer to modify everything from the kernel to various utilities (just remember to reapply the modifications after running Software Update, if necessary). You can read more about it from, in addition to the web site, the presentation slides.

Google and O'Reilly gave out the 2005 open source awards, with $5000 attached to each. Congratulations to the winners.

Tony Baxter's Shtoom is a cross-platform VoIP client and software framework, written in Python, for writing your own phone applications.

Novell is still moving its employees from Windows to Linux, which we first heard at last year's OSCON. The migration from Microsoft Office to OpenOffice is complete, and the big step, from Windows to Linux, is 50% complete, projected to be 80% by November. Miguel de Icaza gave flashy demos of some Linux desktop applications that didn't impress this cynical observer very much.

PlaceSite is an open-source project looking to bring physical proximity awareness to Internet access at coffeeshops and other meetingplaces: think "local-only Friendster" and you're not far off. They got feedback from a monthlong trial earlier this year and are working on a new version that will be easy to deploy. Could be neat.

In a great 2-hour session on Wednesday, we got to hear from representatives of four leading open source databases about what they've been working on lately. Here are the summaries...

Ingres r3 has an impressive list of big features. Ingres was just open-sourced by Computer Associates this summer, and it's gotten a lot of attention for being a full-featured enterprise database. Ingres supports table partitioning that can be either range-based or hash-based, which can greatly improve performance in many cases. Its optimizer can now come up with parallel execution plans, which can be useful even on single-CPU machines and non-partitioned tables. There's also federated data storage (one can access data stored in another RDBMS through Ingres) and replication. And they're working on a concurrent access cluster, to allow data to be manipulated not just by multiple threads on one machine, but multiple machines.

A side note: Computer Associates was invited by O'Reilly to talk about its recently open-sourcing Ingres. Its representative, while confessing that introducing a new license was "probably the wrong thing to do," said that other licenses wouldn't have worked for them (the GPL "was seen as viral"). The one question that the audience had time to ask was "is Ingres a dump" -- is CA making it open-source to transfer the responsibility of support from the company to the community? The three-part "no" answer was that there are more CA developers working on Ingres now, that Ingres is at the core of their new releases, and that they've sponsored a "million-dollar challenge" to foster community interest. Time will tell I guess.

Firebird 2.0 has been in alpha since January and a beta is expected soon. Since 2000 much of their development has been aimed at making the product easy to install, and making the code easy for a distributed group of developers to work on. This year they're building features on that groundwork. Their design includes 2-phase commits (since the beginning), cooperative garbage collection (as a transaction encounters unneeded data, it removes it) and self-balancing indexes. Backup has been improved. When 2.0 gets to beta, I'm going to check this out, it sounds like very interesting technology (and apparently it will install with four clicks!).

MySQL 5.0 is in beta, and has been feature-frozen since April. Back in 4.1, its abstracted table-type has been put to advantage with odd engines like Archive (only insert, no update); Blackhole for fast replication; and an improvement to MyISAM for logging (allowing concurrent selects with inserts-at-table-end). Their Connector/MXJ lets you run a native MySQL server embedded inside a Java application. In 5.0 we're seeing stored procedures per the SQL:2003 standard, triggers, updatable views, XA (distribution transaction), SAP R/3 compatible server side cursors, fast precision math, a federated storage engine, a greedy optimizer for better handling of many-table joins, and an optional "strict mode" to turn some of MySQL's friendly nonstandard warnings into compliant errors. And they're working on partitioning, ODBC, and letting MySQL Cluster's non-indexed columns to be stored on disk.

PostgreSQL 8.1 is expected to be released in November or December, after a feature-freeze in July -- and it's an impressive list of new features. Their optimizer will make use of multiple indexes when appropriate, which is pretty darn exciting. The recommendation will be that in most cases it will be most efficient to have only single-column indexes and let the optimizer figure out which combination to use. They're implementing a 2-phase commit, they're bringing the automatic vacuum into the core code, and they removed a global shared buffer lock so they're now getting "almost linear" SMP performance scaling. I've never felt the need for Postgres, but I'm definitely going to look at 8.1.

OSCON 2005 was held in a convention center this year, instead of a hotel, because it just got too big (2000+ people). Too big, in fact, for pudge and myself to cover more than a fraction of the talks and the ideas flitting around the hallways. But here's some of what I found cool last week. And if you attended or presented at OSCON and want to tell us about all the neat stuff we missed, please, share your thoughts in the comments, or submit a fact-rich writeup and we'll maybe do a followup story later.

Mike Shaver's talk on writing Firefox extensions was packed to the walls. If you've been wanting to try it, Firefox 1.5 makes development easier, and should be out soon, so now's a good time. This talk and the tutorial on Ajax persuaded me to start using the DOM Inspector and debugging some JavaScript to get a better understanding of webpage manipulation.

Aaron Boodman's talk on his extension Greasemonkey was a walkthrough of writing a simple GM user script, a discussion of what's coming up, and some Q&A. Greasemonkey 0.5 ("Now With Security!") is in beta: there are multiple security changes that suggest someone really has sat down and thought the whole model through. GM works with Firefox, Seamonkey, Opera, and Windows MSIE (but not, oh please somebody correct this oversight, Safari).

Ruby on Rails is hot; if you want to develop a web app quickly you can't ignore it. It stresses "convention over configuration" with reasonable defaults. The tutorial went from installation to the "hello world" of the web, a blog (!), in a few hours. Anyone have a real-world example of Rails scaling to a large project and lots of traffic?

DarwinBuild is an open-source project from Apple that aids in building the open-source components of Darwin/Mac OS X. Given a build number of Mac OS X, it will fetch and build the software for that version, allowing you to modify the source as needed, making it easy for any developer to modify everything from the kernel to various utilities (just remember to reapply the modifications after running Software Update, if necessary). You can read more about it from, in addition to the web site, the presentation slides.

Google and O'Reilly gave out the 2005 open source awards, with $5000 attached to each. Congratulations to the winners.

Tony Baxter's Shtoom is a cross-platform VoIP client and software framework, written in Python, for writing your own phone applications.

Novell is still moving its employees from Windows to Linux, which we first heard at last year's OSCON. The migration from Microsoft Office to OpenOffice is complete, and the big step, from Windows to Linux, is 50% complete, projected to be 80% by November. Miguel de Icaza gave flashy demos of some Linux desktop applications that didn't impress this cynical observer very much.

PlaceSite is an open-source project looking to bring physical proximity awareness to Internet access at coffeeshops and other meetingplaces: think "local-only Friendster" and you're not far off. They got feedback from a monthlong trial earlier this year and are working on a new version that will be easy to deploy. Could be neat.

In a great 2-hour session on Wednesday, we got to hear from representatives of four leading open source databases about what they've been working on lately. Here are the summaries...

Ingres r3 has an impressive list of big features. Ingres was just open-sourced by Computer Associates this summer, and it's gotten a lot of attention for being a full-featured enterprise database. Ingres supports table partitioning that can be either range-based or hash-based, which can greatly improve performance in many cases. Its optimizer can now come up with parallel execution plans, which can be useful even on single-CPU machines and non-partitioned tables. There's also federated data storage (one can access data stored in another RDBMS through Ingres) and replication. And they're working on a concurrent access cluster, to allow data to be manipulated not just by multiple threads on one machine, but multiple machines.

A side note: Computer Associates was invited by O'Reilly to talk about its recently open-sourcing Ingres. Its representative, while confessing that introducing a new license was "probably the wrong thing to do," said that other licenses wouldn't have worked for them (the GPL "was seen as viral"). The one question that the audience had time to ask was "is Ingres a dump" -- is CA making it open-source to transfer the responsibility of support from the company to the community? The three-part "no" answer was that there are more CA developers working on Ingres now, that Ingres is at the core of their new releases, and that they've sponsored a "million-dollar challenge" to foster community interest. Time will tell I guess.

Firebird 2.0 has been in alpha since January and a beta is expected soon. Since 2000 much of their development has been aimed at making the product easy to install, and making the code easy for a distributed group of developers to work on. This year they're building features on that groundwork. Their design includes 2-phase commits (since the beginning), cooperative garbage collection (as a transaction encounters unneeded data, it removes it) and self-balancing indexes. Backup has been improved. When 2.0 gets to beta, I'm going to check this out, it sounds like very interesting technology (and apparently it will install with four clicks!).

MySQL 5.0 is in beta, and has been feature-frozen since April. Back in 4.1, its abstracted table-type has been put to advantage with odd engines like Archive (only insert, no update); Blackhole for fast replication; and an improvement to MyISAM for logging (allowing concurrent selects with inserts-at-table-end). Their Connector/MXJ lets you run a native MySQL server embedded inside a Java application. In 5.0 we're seeing stored procedures per the SQL:2003 standard, triggers, updatable views, XA (distribution transaction), SAP R/3 compatible server side cursors, fast precision math, a federated storage engine, a greedy optimizer for better handling of many-table joins, and an optional "strict mode" to turn some of MySQL's friendly nonstandard warnings into compliant errors. And they're working on partitioning, ODBC, and letting MySQL Cluster's non-indexed columns to be stored on disk.

PostgreSQL 8.1 is expected to be released in November or December, after a feature-freeze in July -- and it's an impressive list of new features. Their optimizer will make use of multiple indexes when appropriate, which is pretty darn exciting. The recommendation will be that in most cases it will be most efficient to have only single-column indexes and let the optimizer figure out which combination to use. They're implementing a 2-phase commit, they're bringing the automatic vacuum into the core code, and they removed a global shared buffer lock so they're now getting "almost linear" SMP performance scaling. I've never felt the need for Postgres, but I'm definitely going to look at 8.1.

An anonymous reader writes "MozillaZine is reporting that the Mozilla Foundation has created a commercial subsidiary to continue development of Mozilla Firefox and Mozilla Thunderbird. Don't let the word "commercial" scare you, the new Mozilla Corporation (as it has been dubbed) will be owned 100% by the Mozilla Foundation. The change is mostly a legal/tax thing to avoid the problems of pursuing revenue-generating avenues while remaining a non-profit. There will be no change to the development process and end-users won't notice much difference either. See also the Mozilla Foundation press release about the Mozilla Corporation and the Mozilla reorganization FAQ."

An anonymous reader writes "MozillaZine is reporting that the Mozilla Foundation has created a commercial subsidiary to continue development of Mozilla Firefox and Mozilla Thunderbird. Don't let the word "commercial" scare you, the new Mozilla Corporation (as it has been dubbed) will be owned 100% by the Mozilla Foundation. The change is mostly a legal/tax thing to avoid the problems of pursuing revenue-generating avenues while remaining a non-profit. There will be no change to the development process and end-users won't notice much difference either. See also the Mozilla Foundation press release about the Mozilla Corporation and the Mozilla reorganization FAQ."

Ed Pegg writes "I did a survey of all available vector-based drawing programs, in anticipation of SVG in the next Firefox. I found 29 different vector drawing programs. Of these, 14 were free or open source. More than I expected. Did I miss any good ones?"

An Anonymous Reader writes: "The Firefox team has decided to scrap the planned 1.1 release (already in Alpha 2) and instead release the final version as 1.5 due to the significant number of bug fixes and changes. The 1.5 feature complete beta is expected next month." From the article: "We are planning for a Firefox 2.0 and 3.0, but will divide the planned work over (at this point) three major Milestones, 1.5 (September 2005), 2.0 (unscheduled) and 3.0 (unscheduled). All major development work will be done on the Mozilla trunk, and these releases will coincide with Gecko version revs."

bdaehlie writes "After a lot of hard work, Mozilla's new developer site has gone live. It has been available at a test URL for a while but the transition is now complete. This should be a great resource for Mozilla contributors, web developers, and anyone interested in finding out more about Mozilla technologies."

micpp writes "Only a short time after the release of version 1.0.5, Mozilla has released version 1.0.6 of both Firefox and Thunderbird . This update fixes a bug in the browser and email program which prevented some extensions from working."

micpp writes "Only a short time after the release of version 1.0.5, Mozilla has released version 1.0.6 of both Firefox and Thunderbird . This update fixes a bug in the browser and email program which prevented some extensions from working."

micpp writes "Only a short time after the release of version 1.0.5, Mozilla has released version 1.0.6 of both Firefox and Thunderbird . This update fixes a bug in the browser and email program which prevented some extensions from working."

Zebbie writes "The Mozilla Foundation released Firefox 1.05 today. The release notes indicate that there have been some 'security fixes' and 'improvements to stability.' From the web site: 'Firefox 1.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.' It is interesting that these security updates are not yet posted on the security advisories page."

Zebbie writes "The Mozilla Foundation released Firefox 1.05 today. The release notes indicate that there have been some 'security fixes' and 'improvements to stability.' From the web site: 'Firefox 1.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.' It is interesting that these security updates are not yet posted on the security advisories page."

Zebbie writes "The Mozilla Foundation released Firefox 1.05 today. The release notes indicate that there have been some 'security fixes' and 'improvements to stability.' From the web site: 'Firefox 1.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.' It is interesting that these security updates are not yet posted on the security advisories page."

Zebbie writes "The Mozilla Foundation released Firefox 1.05 today. The release notes indicate that there have been some 'security fixes' and 'improvements to stability.' From the web site: 'Firefox 1.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.' It is interesting that these security updates are not yet posted on the security advisories page."

A anonymous reader writes "Branden Robinson has posted his third report as Debian Project Leader. This report covers the Sarge release, the status of security support, delegation activities, Mozilla Firefox trademark license, the need for community donation for a new hosting site and new hardware, and more."

An anonymous reader writes "Version 1.0 of Nvu has been released. Nvu is a standalone WYSIWYG HTML editor and a continuation of Mozilla Composer. As one would expect for a Mozilla-based product, it is fully Web standards-compliant and all the code will soon be available at mozilla.org. Nvu 1.0 can be downloaded for Linux, Mac OS X and Windows. Further details are available at MozillaZine. Slashdot reported on the first beta of Nvu way back in February 2003."

daria42 writes "The Debian development community is currently hotly debating whether the Mozilla Foundation's strict trademarks policy violates Debian's social contract. However, in a twist, it appears Mozilla has not received approval for the Firefox trademarks yet, and the Firefox name may already be taken in the UK and Germany. The foundation has not applied for the Thunderbird trademark anywhere yet."

AnonaCow writes "Firefox and Thunderbird rock my world, but Mozilla's Calendar (Sunbird) has a long way to go. This maybe mundane, but what software does the slashdot community use to schedule? How do you keep track of your various appointments? What about your 'To Do' List?"

AnonaCow writes "Firefox and Thunderbird rock my world, but Mozilla's Calendar (Sunbird) has a long way to go. This maybe mundane, but what software does the slashdot community use to schedule? How do you keep track of your various appointments? What about your 'To Do' List?"

AnonaCow writes "Firefox and Thunderbird rock my world, but Mozilla's Calendar (Sunbird) has a long way to go. This maybe mundane, but what software does the slashdot community use to schedule? How do you keep track of your various appointments? What about your 'To Do' List?"

The Mozilla folks have made available the newest release of the Firefox web browser. This release is for testers and developers only, and should not be used if you have no interest in trying out the latest build. The release notes cover the recent changes. From the what's new document: "Fast back (and forward) - This very experimental feature allows much faster session history navigation. The feature is off by default but can be enabled for testing purposes by setting the browser.sessionhistory.max_viewers preference to a nonzero number."

The Mozilla folks have made available the newest release of the Firefox web browser. This release is for testers and developers only, and should not be used if you have no interest in trying out the latest build. The release notes cover the recent changes. From the what's new document: "Fast back (and forward) - This very experimental feature allows much faster session history navigation. The feature is off by default but can be enabled for testing purposes by setting the browser.sessionhistory.max_viewers preference to a nonzero number."

Nomad128 writes "Mozilla's Deer Park 1 Alpha RC appears to have extended the Javascript spec for the first time in quite some time. New features include Array object methods "every" (logical AND), "some" (logical OR), "map" (function mapping), and "forEach" (iteration). They also appear to have added native XML support. Will this speed up the development of AJAX applications and give Moz a leg-up over IE7?"

Nomad128 writes "Mozilla's Deer Park 1 Alpha RC appears to have extended the Javascript spec for the first time in quite some time. New features include Array object methods "every" (logical AND), "some" (logical OR), "map" (function mapping), and "forEach" (iteration). They also appear to have added native XML support. Will this speed up the development of AJAX applications and give Moz a leg-up over IE7?"

RobMcCool writes "At Stanford KSL, we really like the Semantic Web. So we've taken many of our favorite web sites, scraped them, and put together a huge pile of RDF, which we'll let you download. We've used that RDF to create a search application, in the spirit of Google Q & A or Microsofts recently announced MSN Search extensions. Our search can answer simple factual queries like the previously discussed population of Portugal but can also answer some more complex ones. We also have a smart autocomplete system, type "tom hanks birth" slowly to see it in action (best with Firefox). We're looking for people to be a part of this search system by running their own search sites, and by putting their data on the Semantic Web. Come check it out!"

Mr. Christmas Lights writes "CNet is reporting that Netscape Navigator Version 8 has been released. The 8.0 Beta debuted back in March, with the final version being based on Firefox 1.03, and includes Trust Rating, a feature which identifies sites as safe or unsafe. Netscape 8.0 also includes a toggle which allows switching between Mozilla and Microsoft's rendering engines as needed. The Main Netscape 8 page has more info, and the 'Download Now' page is already serving up the new browser."

KenDaMan writes "CNet is running a story about the ties between Oracle and the Mozilla Foundation. Oracle hired three people to work on Mozilla Lightning. This project, which aims to integrate Mozilla's calendar application, Sunbird, with its e-mail application, Thunderbird, is believed to be key to cracking the market dominance of Microsoft Outlook. Is Oracle getting set make an Open Source offering?"

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

jtowndot writes "The market for open source developers seems to be heating up. Asterisk, Gnome, Horde, and Mozilla all have bounties for desired features. Recently, Lime Wire updated its wish list to include bounties on open source development work! Similarly, i2p also released a bounty list. Is it time to consider quitting my day job to do open source development full time?"

Marthisdil points out a News.com story which reports that "Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them." Security firm Secunia reported the vulnerabilities (and the "extremely critical" rating is theirs), but the News.com story points out that thus far, "no known cases have yet emerged where an attacker took advantage of the public exploit code." Update: 05/09 20:20 GMT by T : Rebron of the Mozilla Foundation sends a correction; this is really the same flaw reported yesterday. He suggests that you glance at the Mozilla security alert on this hole (as well other alerts at the Mozilla Security Center), and says "The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit."

Marthisdil points out a News.com story which reports that "Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them." Security firm Secunia reported the vulnerabilities (and the "extremely critical" rating is theirs), but the News.com story points out that thus far, "no known cases have yet emerged where an attacker took advantage of the public exploit code." Update: 05/09 20:20 GMT by T : Rebron of the Mozilla Foundation sends a correction; this is really the same flaw reported yesterday. He suggests that you glance at the Mozilla security alert on this hole (as well other alerts at the Mozilla Security Center), and says "The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit."

Distro Jockey writes "The Fedora Core Blog gives a review of the features we can expect from Firefox 1.1. Many uses have been running the latest trunk builds and seeing dramatic improvements in page rendering, managing many tabs quickly, and the much-anticipated fix for the /. layout bug. From the article: 'One major new feature in Firefox 1.1 is the "Sanitize" feature. This enables secure browsing with much more ease. Select the "Sanitize" option in the preferences and Firefox will scrub your profile of sensitive information (which you select in the preferences).'"

FreeFooOpenFighter writes "KernelTrap has an interesting article about Oregon State University's Open Source Lab. They currently provide hosting for an impressive list of projects including, among many others, the Mozilla Foundation, Debian GNU/Linux, and Gentoo Linux. According to the informative article, they plan to continue to donate hosting with their two OC48s to FOSS projects meeting their criteria."

Spy Hunter writes "The Scalable Vector Graphics format has yet to take off on the web, perhaps due to a small installed base of SVG-enabled browsers. That could soon change as the latest Firefox 1.1 nightly builds have started coming with native SVG support compiled in and enabled by default. If this feature makes into the Firefox 1.1 release (which is not certain, but likely, as the developers want it to happen) it will increase the number of web users who have an SVG renderer installed. But perhaps more interesting than that is the possibility of mixing SVG graphic elements directly into the markup of regular XHTML pages, freeing vector graphics from the small rectangle of a browser plugin and opening up a host of exciting new possibilities for web developers. This is enabled by the integration of SVG directly into the Gecko rendering engine, instead of as a browser plugin. With such a useful web developer feature available only in Firefox, could we soon start seeing websites asking their users to download Firefox to get the best browsing experience?"

A Dafa Disciple writes "Fred Langa of Information Week has written an article claiming to discuss the 'Pros and Cons of Firefox'. At first I was excited because I thought I was going to get to finally read an enlightening, in-depth article that critically examined the browser. I should have known better. Aside from the usual criticism of open source software, it contains a reference to a Symantec Internet Security Report which claims that more security vulnerabilities in the last six months of 2004 were found in Firefox than IE. I'll leave it to you to analyze Mr. Langa's opinion and scrutinize Symantec's study and reputation as a security software developer."

ESqVIP writes "Not long after Firefox 1.0.2 is out, there's a new public release. Just like the other 1.0.x releases, this is mostly a security fix. The release should hold for a few more days and we could also get bug 171349 (wrong icon displayed on Win9x) fixed. Mozilla Suite, on the other hand, has quite significant changes, some of them "imported" from Firefox. As announced before, this might be the Suite's last major release from the Mozilla Foundation."

ESqVIP writes "Not long after Firefox 1.0.2 is out, there's a new public release. Just like the other 1.0.x releases, this is mostly a security fix. The release should hold for a few more days and we could also get bug 171349 (wrong icon displayed on Win9x) fixed. Mozilla Suite, on the other hand, has quite significant changes, some of them "imported" from Firefox. As announced before, this might be the Suite's last major release from the Mozilla Foundation."