Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:Dumb speculations
Also take a look at Firebug, which adds some very good JavaScript debugging and HTTP request/response inspection into the mix (those two are fantastic for AJAX development). Sorry, Firefox is still the browser of choice for web developers; IE and Safari are just used for checking compatability, and it's the Web Developer Toolkit, Firebug, and decent (albeit imperfect) standards support that have made the difference. Safari may win over some IE users, mainly those who suddenly find it bundled into their iTunes download - how's that for leveraging (curse the marketing team who came up with that appalling and unnecessary replacement for the word "using") a monopoly? Ipods don't just sell Macs now, they sell browser market share!
-
Re:*WHOOOOOSH*
Wasn't the original design goal of Firefox to be minimalist and fast?
No. This is a common misconception that until recently I also believed.
-
Re:Audience
-
Re:The entire UI is broken
I didn't claim it was perfect, but it is using the GTK methods to paint the widgets. You can see the implementation of how it paints widgets here here. Anything tagged to paint natively ultimately ends up going through that function. Form buttons are handled differently from chrome buttons. I don't recall what the behaviour is for those, but there may be reasons that they don't render natively using the GTK theme.
-
Re:Nothing to see here.
If you use Firefox sometimes, you might find useful my solution to what you call "strategizing".
I however think that what really matters is the actual availability of meaningful information and of attention to apply to it. -
Re:How about fixing some long standing CSS bugs?
Well, you could always look at what they have added to CSS support:
- The display property's inline-block and inline-table values are now implemented.
- The font-size-adjust property now works on all platforms; previously it was only supported on Windows.
- rgba() and hsla() color values support (bug 147017)
- :default pseudo-class support (bug 302186)
-
How about fixing some long standing CSS bugs?
It'd be nice to see some progress on
:nth-child() support and positioning for generated content support. Konqueror supports both of these already, and it'd be nice to have feature parity there. Don't bother mentioning IE, because I don't care about IE. -
How about fixing some long standing CSS bugs?
It'd be nice to see some progress on
:nth-child() support and positioning for generated content support. Konqueror supports both of these already, and it'd be nice to have feature parity there. Don't bother mentioning IE, because I don't care about IE. -
Re:Nothing to see here.
"
And, does anybody else use browsers as extensively as I do? I would be interested in meeting with some of you and discussing strategies for increasing web browsing and content consumption rates."
Most of this are things that could be done with Places - charting your path etc.
http://wiki.mozilla.org/Places
Rush mode is interesting as dialup user atm I know what is like to wait and then have to find something quickly and have to wait and wait. FF 3.0aX has a drop down box for listing the tabs open/being opned - so the first part of the problem is solved. Now just to separate the box and allow work on it - maybe talk extension here because playing with the internals of what gets prioritised sounds like a nasty job on any one problem - but multiplatform. -
Re:my seemingly eternal question:
Yeah, that's great. Know what else sucks, Mr. Eich? The whole app becoming completely inoperative because one script on one tab is stuck doing who knows what. Smacks of the old "dialog boxes suck" line that was used to explain why we couldn't have a confirmation box to avoid accidentally shutting down the entire app when we were just trying to close a tab.
-
Re:No Places for Me
Call me paranoid, but I don't want my home bookmarks mixed in with my work bookmarks. Nor do I want to go home and have work staring back at me. Separation is good.
But if you want there are add-ons that sync your places bookmarks with your del.icio.us/google/etc bookmarks. So really it's helping facilitate the use of those services. -
DId they fix the print bug?
-
Re:Net result: very little.
Also, keep in mind that great scads of DoD IT is standardized on Microsoft networks and applications that would be difficult to integrate with OSS for a variety of reasons. And, there will always be FUD based "security" reasons that military networks will want to avoid OSS.
Net result: very little.
I'm wondering how many people within the DoD are going to jail then, as there's even a DoD Configuration plugin for a popular open source browser listed here. Are all users who actually have a reason to run this breaking DoD regulations by using open source software or do you just not know what you're talking about? -
Netscape Developer Center lives on
The original Netscape DevEdge site is mirrored here at mozilla.org, and most of its content has already been moved to Mozilla Developer Center.
-
Netscape Developer Center lives on
The original Netscape DevEdge site is mirrored here at mozilla.org, and most of its content has already been moved to Mozilla Developer Center.
-
Re:Could try Seamonkey
Actually Mozilla did kill the Mozilla Suite. They announced that they weren't going to develope it any more in favore of Firefox and Thunderbird. A new group, called the Seamonkey Council is developing it. The Mozilla foundation said that they would provide the infrastructure for them but that seems to be all they are doing.
http://www.mozilla.org/projects/seamonkey/news.htm l#2005-07-02
http://en.wikipedia.org/wiki/SeaMonkey -
Turn Firefox into Netscape
Yes, this is basically just a slightly modded version of Firefox. They have a link from http://browser.netscape.com/ to https://addons.mozilla.org/en-US/firefox/user/568
3 6 if you want to add their stuff to your Firefox. I'm not sure on the details, but this should give you at least some of the benefits of Netscape without having to use their full product. -
Could try Seamonkey
The Seamonkey suite is the ongoing project of the original Mozilla Suite. It has the functionality of Netscape 7 (plus some) as well as the updated support of the rendering engine from Firefox 2 and other security updates. (see the news release for more info.
Disclosure: I have been running Mozilla suite and now Seamonkey since about 1999.
-
Re:Ah well
What, these aren't enough reasons to upgrade? Honestly, users who know vulnerabilities exist and specifically choose not to upgrade deserve what they get in my ever so humble opinion.
-
Re:And Opera
-
Re:Ah welland this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Demo : http://lcamtuf.coredump.cx/ffclick2/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]" That has got to be one of the worst attempts at getting me to open a file from the internet I've seen in a long time.
For those that didn't try it... it'll show the file download box, then it'll pop-up another window with a game inside it, that requires you to continuously press the "Enter" key for ~10 seconds. The pop-up disappears and the focus shifts back to the download dialog where a press of the "Enter" key will automatically download/open the file.
A) You have to somehow not notice the file download dialog appearing behind a pop-up window
B) You have to want to play a game you see in a random pop-up window
C) The file is only going to run as a very limited user account with the correct Firefox process permissions (yes, this can be done in Windows XP as well, although no one does it)
D) Executable files by default don't have an "Open" option when downloading a file in Firefox - you can only save them -
Re:Ah well
RTFA...Try the demo's...It will reduce the FUD.
I tried the demo page/file and got no response whatever.
"2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Demo : http://lcamtuf.coredump.cx/ifsnatch/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
from:(http://lcamtuf.coredump.cx/ifsnatch/) which is from:2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Demo : http://lcamtuf.coredump.cx/ifsnatch/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
and this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Demo : http://lcamtuf.coredump.cx/ffclick2/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]"
I tried both link's test button and got no response whatever.
IMHO, this must be something related to running Windows, as my Kubuntu 7.04 Feisty w/ Firefox 2.0.04 (with NoScript, Adblock, Adblock Filterset, and Flashblock) just does not act on this.
I guess I need to install some version of Windows to experience this...I feel deprived and left out!
Does this work with Firefox w/ NoScript on Windows?
From past experience, I have no doubts that it works with any version of IE on any Windows platform. -
Re:Ah well
RTFA...Try the demo's...It will reduce the FUD.
I tried the demo page/file and got no response whatever.
"2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Demo : http://lcamtuf.coredump.cx/ifsnatch/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
from:(http://lcamtuf.coredump.cx/ifsnatch/) which is from:2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Demo : http://lcamtuf.coredump.cx/ifsnatch/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
and this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Demo : http://lcamtuf.coredump.cx/ffclick2/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]"
I tried both link's test button and got no response whatever.
IMHO, this must be something related to running Windows, as my Kubuntu 7.04 Feisty w/ Firefox 2.0.04 (with NoScript, Adblock, Adblock Filterset, and Flashblock) just does not act on this.
I guess I need to install some version of Windows to experience this...I feel deprived and left out!
Does this work with Firefox w/ NoScript on Windows?
From past experience, I have no doubts that it works with any version of IE on any Windows platform. -
Re:Ah well
RTFA...Try the demo's...It will reduce the FUD.
I tried the demo page/file and got no response whatever.
"2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Demo : http://lcamtuf.coredump.cx/ifsnatch/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
from:(http://lcamtuf.coredump.cx/ifsnatch/) which is from:2) Title : Firefox Cross-site IFRAME hijacking (MAJOR)
Impact : keyboard snooping, content spoofing, etc
Demo : http://lcamtuf.coredump.cx/ifsnatch/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=38268 6 [May 30]"
and this:"3) Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Demo : http://lcamtuf.coredump.cx/ffclick2/
Bugzilla : https://bugzilla.mozilla.org/show_bug.cgi?id=37647 3 [Apr 04]"
I tried both link's test button and got no response whatever.
IMHO, this must be something related to running Windows, as my Kubuntu 7.04 Feisty w/ Firefox 2.0.04 (with NoScript, Adblock, Adblock Filterset, and Flashblock) just does not act on this.
I guess I need to install some version of Windows to experience this...I feel deprived and left out!
Does this work with Firefox w/ NoScript on Windows?
From past experience, I have no doubts that it works with any version of IE on any Windows platform. -
Re:Nerds with something to hide
I use FireGPG along with It's All Text! plugin, which I can edit a textfield with an external editor such as Vim. Vim handles wordwrap for me. The only problem I have is that Gmail automatically makes links for URLs or email addresses, which breaks the signature.
-
Re:Extension time methinksWhat about somebody writing a browser extension that performs bogus searches in the background, for no better reason than to frustrate "profiling" attempts? Is this feasible? Already done
-
Re:As always, Mirrordotmethinks mirrordot should be included in all links to prevent server carnage
Sounds like you want the slashdotter extension for firefox. -
Re:Big Yawn!There is a firefox plugin that makes this operation even more easy.
https://addons.mozilla.org/en-US/firefox/addon/239 0 As a past user of this addon, I would like to warn you that it routes your requests via a third party website, which of course should and can be be avoided.
https://addons.mozilla.org/en-US/firefox/addon/300 6 (which someone did mention above) is much better. -
Re:Big Yawn!There is a firefox plugin that makes this operation even more easy.
https://addons.mozilla.org/en-US/firefox/addon/239 0 As a past user of this addon, I would like to warn you that it routes your requests via a third party website, which of course should and can be be avoided.
https://addons.mozilla.org/en-US/firefox/addon/300 6 (which someone did mention above) is much better. -
Re:Big Yawn!
There is a firefox plugin that makes this operation even more easy.
https://addons.mozilla.org/en-US/firefox/addon/239 0 -
Re:Google imitating Microsoft security holes.
you do not provide functions which can execute arbitrary programs.... This is the source of most of the vulnerabilities involving web browsing. Now we have Google competing to offer similar security holes.
Firefox offers the exact same mechanism. Firefox extensions can contain (and run) executable code. (See below.)
As the Greasemokey security vulnerability demonstrated, web pages can "script" Firefox extensions.
ActiveX = executable code + scripting from the web browser. Firefox extensions introduce the same risks as ActiveX.
Take for instance FoxyTunes, which is listed on the Recommended Add-ons page. Download the XPI file, rename it to ZIP. Open it in WinZip or whatever. You'll notice several files:
- FoxyTunes.dll
- FoxyTunes.dll.linux
- FoxyTunes.dll.mac
- FoxyTunesBonobo.so.file
DLL files are executable code on Windows. I'm assuming the *.linux and *.mac are similar. SO files are executable code under Linux, not sure why it has
.file after it. I'm sure there are more extensions with executable code, that was just the first I looked at. Look for any extension that integrates with external software - almost always there will be a DLL or EXE. -
Re:Google imitating Microsoft security holes.
you do not provide functions which can execute arbitrary programs.... This is the source of most of the vulnerabilities involving web browsing. Now we have Google competing to offer similar security holes.
Firefox offers the exact same mechanism. Firefox extensions can contain (and run) executable code. (See below.)
As the Greasemokey security vulnerability demonstrated, web pages can "script" Firefox extensions.
ActiveX = executable code + scripting from the web browser. Firefox extensions introduce the same risks as ActiveX.
Take for instance FoxyTunes, which is listed on the Recommended Add-ons page. Download the XPI file, rename it to ZIP. Open it in WinZip or whatever. You'll notice several files:
- FoxyTunes.dll
- FoxyTunes.dll.linux
- FoxyTunes.dll.mac
- FoxyTunesBonobo.so.file
DLL files are executable code on Windows. I'm assuming the *.linux and *.mac are similar. SO files are executable code under Linux, not sure why it has
.file after it. I'm sure there are more extensions with executable code, that was just the first I looked at. Look for any extension that integrates with external software - almost always there will be a DLL or EXE. -
Just a summary...
I was hoping for a review of the extensions but only found a summary of what was available. More of the same information can be found by searching for 'phishing' extensions.
-
Re:Firefox extensions are insecure
Ah, good. addons.mozilla.org seems to be responding again.
So check out FoxyTunes, which is listed on the Recommended Add-ons page.
Download the XPI file, rename it to ZIP. Open it in WinZip or whatever. You'll notice several files:
- FoxyTunes.dll
- FoxyTunes.dll.linux
- FoxyTunes.dll.mac
- FoxyTunesBonobo.so.file
DLL files are executable code on Windows. I'm assuming the *.linux and *.mac are similar. SO files are executable code under Linux, not sure why it has
.file after it.I'm sure there are more extensions with executable code, that was just the first I looked at. Look for any extension that integrates with external software - almost always there will be a DLL or EXE.
-
Re:Firefox extensions are insecure
Ah, good. addons.mozilla.org seems to be responding again.
So check out FoxyTunes, which is listed on the Recommended Add-ons page.
Download the XPI file, rename it to ZIP. Open it in WinZip or whatever. You'll notice several files:
- FoxyTunes.dll
- FoxyTunes.dll.linux
- FoxyTunes.dll.mac
- FoxyTunesBonobo.so.file
DLL files are executable code on Windows. I'm assuming the *.linux and *.mac are similar. SO files are executable code under Linux, not sure why it has
.file after it.I'm sure there are more extensions with executable code, that was just the first I looked at. Look for any extension that integrates with external software - almost always there will be a DLL or EXE.
-
Addons from addons.mozilla.org not vulnerable
The vast majority of the open source/hobbyist made Firefox extensions - those that are hosted at https://addons.mozilla.org/ - are not vulnerable to this attack. Users of popular Firefox extensions such as NoScript, Greasemonkey, and AdBlock Plus have nothing to worry about.
Since it's not mentioned in the summary, it's important to reiterate that this takes advantage of non-secure update mechanisms used by some addons. The addons.mozilla.org site will only host extensions that update from addons.mozilla.org through the built-in mechanism, which is not vulnerable to this attack. This is an extension-specific issue, and would most likely apply to any sort of addon for any software that doesn't verify security certificates. -
Re:Documentation
Suppose I am Joe user and don't know anything other than I use Firefox. How am I supposed to know about it? How am I supposed to even know there is an about:config section.
Joe User is not supposed to know about it. It is dangerous to go through about:config and make changes without knowing what you are doing. Joe User should not be doing that in the first place. That's why those settings are hidden. It's a feature, not a bug.How am I supposed to know about the MozillaZine Knowledge Base, and why would I go there? I use Firefox, no Mozilla.
Perhaps by going to the Firefox support page?Hey, I am Joe User. How am I supposed to put information on something I know nothing about into the KB?
We don't need Joe user to put information into the Knowledge Base, because very knowledgable people have already put the information there.You are proving my point for me and you don't even know it.
Where exactly did you do that? -
Re:Microsoft Couldnt Do This In a Million Years
Interesting, it didn't work for me with Firefox 2.0. But I looked at the useragent, and apparently FF 2.0 uses a useragent like BonEcho/2.0.0.1, instead of Firefox/2.0.0.1. When I changed it to Firefox (like it was in previous releases) it worked fine. With BonEcho it just showed a small, boring looking map. Same thing with Opera. I wonder why the Mozilla folks changed the useragent in 2.0.
I don't believe you're actually using Firefox 2.0. Or rather, you're using a very old alpha release (Bon Echo was the Firefox2 codename in development). Upgrade your browser
:).That said, this seems typical for Microsoft. They "get" that they need to support Firefox and other non-IE browsers, but they do so in the crappiest of ways -- using UA string detection. UA detection is obvious and "easy". It basically creates a "fail by default" model, where if you're not doing exactly what is expected then it just refuses to work. This is easier to build and test than a proper object detection mechanism which may have strange edge cases when the objects you need are supported in a browser but don't quite act the same way. It's possible to do, but it's a lot of work to get right and I bet that the Windows Live guys decided that just getting it working was more important than getting it right. If you use your BonEcho UA on other Live properties (Spaces, live.com, Expo, QnA, etc), they'll probably fail in a similar fashion.
I've fought that fight several times myself, and each time I end up losing because doing the right thing is hard and there's just no time to do it and all of the other high-priority work items. The only way to ever win that argument is to change priorities -- if working on all possible browsers was priority #1, there'd always be time to do it right even if another feature or two had to wait for a later release. If working on IE6/7 is pri1, working on Firefox (but not other Gecko-based browsers, like Seamonkey, Galleon, or K-meleon, even though if you did the right thing they'd just work) is pri2, and working on anything else is pri3, guess what'll happen? Yep, a quick regex against the UA for "Firefox", and if you don't find it then bail out.
-
Re:Nice but
Firefox Repagination
Not very elegant(it simply mashes pages together, so you don't get a one page layout, but you do get only one page), but it works pretty well. -
Re:Nice but
It's already been done:
https://addons.mozilla.org/en-US/firefox/addon/209 9 -
Off-topic: Positively surprised
I clicked the link and ended up here:
http://starwars.com/noflash.html
The 'Click here to get a modern browser'-link points to http://www.mozilla.org/.
I was kind of surprised. -
In the meantime there is always things like:
TrackMeNot I am in no way affiliated with these guys but I think the concept is pretty elegant, in a brute force way. Essentially your real searches become invisible again in a sea of random searches.
-
gmail leak
Ah, memory leaks when gmail is open. Now maybe we can discuss an actual, confirmed memory leak for a change. Of the six reported leaks with gmail, four are fixed in Firefox 2.0.0.3 and two seem to be Firefox 3 only. If you can still reproduce a memory leak with gmail up in Firefox 2.0.0.3, you should file a bug report to make sure the problem gets addressed. A browser using 1 GB of memory after a day of use certainly isn't reasonable. It sounds like a problem that should be fixed ASAP. Filing the bug report, including a set of steps to reproduce the problem, is the first step to getting it fixed.
-
gmail leak
Ah, memory leaks when gmail is open. Now maybe we can discuss an actual, confirmed memory leak for a change. Of the six reported leaks with gmail, four are fixed in Firefox 2.0.0.3 and two seem to be Firefox 3 only. If you can still reproduce a memory leak with gmail up in Firefox 2.0.0.3, you should file a bug report to make sure the problem gets addressed. A browser using 1 GB of memory after a day of use certainly isn't reasonable. It sounds like a problem that should be fixed ASAP. Filing the bug report, including a set of steps to reproduce the problem, is the first step to getting it fixed.
-
Re:Who uses local bookmarks anymore?
I use the Bookmark Sync and Sort add-on to synchronize my bookmarks over my own WebDAV server. The add-on works with FTP too.
-
Copy URL + helps a lot
I use text file and the Firefox Copy URL + extension:
Copy URL + :: Firefox Add-ons
"The Copy URL+ extension enables you to copy to the clipboard the current
document's address along with additional information such as the document's
title, the current selection or both."
https://addons.mozilla.org/en-US/firefox/addon/129
It installs a context-menu, allowing you to copy any or all of page title, URL, and most importantly: the text currently selected.
At other times, I use bookmarks in a new folder specific to the subject. You can add keywords to bookmarks in FF. -
Copy URL + helps a lot
I use text file and the Firefox Copy URL + extension:
Copy URL + :: Firefox Add-ons
"The Copy URL+ extension enables you to copy to the clipboard the current
document's address along with additional information such as the document's
title, the current selection or both."
https://addons.mozilla.org/en-US/firefox/addon/129
It installs a context-menu, allowing you to copy any or all of page title, URL, and most importantly: the text currently selected.
At other times, I use bookmarks in a new folder specific to the subject. You can add keywords to bookmarks in FF. -
Re:Bookmarks?
Have you tried keywords?
If you give a bookmark an easy to remember keyword, all you have to do is type the keyword in your address bar and you're straight to the site. No messing with google, no tabbing through your history.
There's no faster way for those sites you visit every other day. -
Re:When?
You can also use "%s" in conjunction with keywords which makes them even better.
bookmark keywords
I use this all the time. For example "flix clerks" will do a netflix query for me. I use this even with google and have the search engine box disabled in the UI. Because the cursor location defaults to the url area when opening a new tab/window, I find this easier (you don't get the history of search terms like with the search box though, I'm not sure that's always a bad thing).
I see a word I don't know? double-click word, copy, cntl-t, d space, paste, enter - bam, it's very quick and I only use the mouse to select the word. -
Got NoScript?
If you have NoScript installed, it leaks memory every time you close a window (no leak when closing a tab though). There are other examples of Extensions chewing memory up - try installing Leak Monitor to find out whether you have Javascript objects getting orphaned.
However, having NoScript installed seriously reduces the amount of Javascript running so it tends to be a net win on memory usage.
Cheers,
Toby Haynes