Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
download mirrors are here
-
Re:1.0.7 or..
Get a nightly version.
-
Straight to Mozilla's FTP
-
Straight to Mozilla's FTP
-
Straight to Mozilla's FTP
-
Re:An update problem...
That is not a problem, it is a feature that has already been explained in this article. Hint: try going to http://download.mozilla.org/?product=firefox-1.0.
7 &os=win&lang=en-US -
An update problem...
I'm just wondering if anyone has the same problem as I'm having... In Firefox I click TOOLS->OPTIONS->ADVANCED. Then I click on software updates and click "Check Now" but it doesn't see the new Firefox version... Anyone know what is going on with this?
For now I'll get it here... -
Re:And yet.....
Download it now if you're impatient, or wait a day or two for it to appear in the browser updates, as usual.
-
Full release notes...
...are here here.
Also, from the Mozillazine article, looks like Portable Firefox has been updated as well.
And I'm posting this with 1.0.7, good times... -
Re:What a checksum is for
Cool.
Where are those on http://www.mozilla.org/ or http://www.getfirefox.com/? I just spent 15 minutes searching for the MD5 sums for the latest Firefox (1.0.7) and until I dug my way thru their ftp server, I couldn't find them.
Assume most people get their software thru a web site and most clueless users don't know FTP from FTD, and then rant to me about getting the hashes from a trusted website. -
check your md5sums and gpg sigs !
Downloading from any mirror, official or not is fine as long as you check the archive using md5 or sha1 (or ideally, gpg) from the main site, which provides signatures for every archive.
Though what I don't know is why mozilla doesn't insist more on that (you have to go on the ftp site clicking on "other systems" to find the checksums and signatures : ftp thunderbird) -
Re:first post
Here's one bug that hasn't been fixed for a long time. No, it's not a security bug, but EVERY bug is a security problem. Anytime you can make something do what it's not supposed to do, it's a security problem:
https://bugzilla.mozilla.org/show_bug.cgi?id=74331
Does this mean Mozilla Firefox is less secure? No. I don't get what you people are talking about. More security fixes doesn't mean less secure. It means more secure. What are you thinking? Where is your logic? Come on. Thing about it seriously for a few minutes and you'll understend. -
Normal installation runs binaries as root
Before everybody starts pointing out that they don't browse the web with their root account, and so can't write to any of the binaries on their system, you should be aware that one of the infected files is the installer - which most people do run as root.
Also, even if you don't run the installer binary, but simply unpack the tarball manually, the release notes tell you to run included binaries as root as part of the normal multi-user installation process.
-
Finding updates is a big issue.Yes I find this a huge issue, apparently there's a patch for the IDN issue but is it easy to find? No. Does "check for updates" find it? - No. The security updates link is a tiny link hidden in the footer on the default Firefox page. (http://www.mozilla.org/products/firefox/central.
h tml) Until Mozilla make it extremely easy for the user to update, or discover updates then your average user is never going to update. Figures (admitted a small sample) from a site I run, but they're a good indicator of your average home user.77.00% MSIE 6.0
11.00% Firefox 1.0.4
4.00% Firefox 1.0
2.00% Mozilla 5.0
2.00% Safari 1.2
2.00% Firefox 1.0.6 -
Re:It's all academic
To respond to my own post...
One point of clarification, "Once we're talking about executable code, it has full access to your system." Obviously: it has access to your system according to the access rights of the user you're running as. If you're not running as admin/root, it wouldn't have "full" access...
To give a concrete example of a Firefox extension that contains an executable, I went ahead and downloaded the most popular extension as listed on addons.mozilla.org, which is Flashgot. You can download the XPI file from this link. Save the file to disk. Rename to
.ZIP. Extract the files. In the chrome directory you'll find flashgot.jar. Extract the files in that. You'll get 3 directories - content, locale, and skin. In the content directory there's another directory called flashgot, which contains - bingo - flashgot.exe. -
Re:Mozilla is a disaster waiting to happenThis is FUD.
As of Firefox 1.03, what you say is no longer correct. The Firefox team has separated the content document object model from the chrome, so that chrome functions are no longer vulnerable to being overriden by content.
In addition, they've encapsulated chrome code even further in Firefox 1.5
Admittedly the original design was a bit insecure, but the risks going forward have been eliminated, and the real risks are mostly the usual browser vulnerabilities in parsing, buffers, etc., all of which are present in Konqueror, Safari, and Opera, all of which have received far less security scrutiny.
-
Re:Mozilla is a disaster waiting to happenThis is FUD.
As of Firefox 1.03, what you say is no longer correct. The Firefox team has separated the content document object model from the chrome, so that chrome functions are no longer vulnerable to being overriden by content.
In addition, they've encapsulated chrome code even further in Firefox 1.5
Admittedly the original design was a bit insecure, but the risks going forward have been eliminated, and the real risks are mostly the usual browser vulnerabilities in parsing, buffers, etc., all of which are present in Konqueror, Safari, and Opera, all of which have received far less security scrutiny.
-
Re:Mozilla is a disaster waiting to happen
This is FUD. As of Firefox 1.03, what you say is no longer correct. The Firefox team has separated the content document object model from the chrome, so that chrome functions are no longer vulnerable to being overriden by content. In addition, they've encapsulated chrome code even further in Firefox 1.5 Admittedly the original design was a bit insecure, but the risks going forward have been eliminated, and the real risks are mostly the usual browser vulnerabilities in parsing, buffers, etc.
-
Re:Mozilla is a disaster waiting to happen
This is FUD. As of Firefox 1.03, what you say is no longer correct. The Firefox team has separated the content document object model from the chrome, so that chrome functions are no longer vulnerable to being overriden by content. In addition, they've encapsulated chrome code even further in Firefox 1.5 Admittedly the original design was a bit insecure, but the risks going forward have been eliminated, and the real risks are mostly the usual browser vulnerabilities in parsing, buffers, etc.
-
Re:Symantec forgot one critical detail...
Are you deliberately spreading FUD? Firefox 1.0.7 is right here. (if you were going for funny, I don't see the joke)
They've been building 1.5 (Deer Park) for at least one or two months. I'm assuming they finished working on 1.0.7 before they began work on 1.5, so 1.7 isn't exactly new. -
1.0.7 is out
Firefox 1.0.7 Released, and the bug is fixed.
-
btw firefox 1.0.7 (en-US) is out
-
btw firefox 1.0.7 (en-US) is out
-
Re:Questions
Firefox various versions, Release Candidates, and Betas:
http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/
Firefox nightly builds:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nig htly/latest-trunk/ -
Re:Questions
Firefox various versions, Release Candidates, and Betas:
http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/
Firefox nightly builds:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nig htly/latest-trunk/ -
Re:Can someone please explain to me...SessionSaver does that and also allows to save and name the current open tabs for later access.
The only problem I have with it, is that it replaces all windows and tabs when restoring a session.
-
Bug Bounty Programhttp://www.mozilla.org/security/bug-bounty.html
I think that everyone has for got an important factor here. Not only is Firefox open source, but Mozilla actually rewards people monetarily for bringing vulnerabilities to their attention. This is in sharp contrast to say Microsoft who has threatened legal action against these same people. So lets look at an example...
Mozilla's Bug Bounty Program will PAY you $500 and openly discloses their code and vulnerabilities (after a fix of course)
Microsoft will threaten and perhaps follow through on legal action, and certainly does not open their source code.
-
Re:meanwhile...
-
Re:Questions
Given the topic, I'm amused that your sig is simultaneously on topic and out of date:
Keep firefox secure, vote for bug #262536
Bug 262536 "Bigger notice for updates and critical updates" has been marked resolved by Ben Goodger: "This is fixed by the new update system UI."
8-) -
RSS
Opera seems very nice, but it seems to be missing one key feature. Is there a way to view RSS feeds (similar to Firefox's Live Bookmarks) in Opera? I know there is RSS support in Opera Mail, but I was hoping for some in the browser itself.
-
Re:Good
The biggest Opera security problem recently was the news-making cross-platform popup origin spoofing vulnerability. Secuna released a security advisory to the general public on 6/21/2005. Opera fixed it with Opera 8.01 on 6/16/2005, five days before the report was released. Firefox, on the other hand, took until 7/12/2005 to fix it in Firefox 1.0.5, three weeks after the advisory's public release.
Also, this vulnerability was the biggest security fix in Opera 8.01; Firefox 1.0.5 fixed 9 vulnerabilities that were more severe. -
Re:Good
The biggest Opera security problem recently was the news-making cross-platform popup origin spoofing vulnerability. Secuna released a security advisory to the general public on 6/21/2005. Opera fixed it with Opera 8.01 on 6/16/2005, five days before the report was released. Firefox, on the other hand, took until 7/12/2005 to fix it in Firefox 1.0.5, three weeks after the advisory's public release.
Also, this vulnerability was the biggest security fix in Opera 8.01; Firefox 1.0.5 fixed 9 vulnerabilities that were more severe. -
Re: good
I wish there was some centralised project that maintains a list of sites/paths to block, and Gecko browsers automatically download the list regularly. Hosts files can get big quickly. This project could also block phishing sites.
Not quite what you're asking for, but the Adblock Filterset.G Updater extension comes reasonably close. -
Two words: Page Zoom!
With Opera you can zoom in or out on the complete rendered page, and not just on the texts or the images. So you can zoom in without nuking the quite so often lame page designs. Awesome function I'm definitely mssing in firefox. Bug/feature request has been filed in 1999 already (bugzilla number 4281 - copy and paste the url. Slashdot referers are blocked by bugzilla.) Vote for this bug, it might help
:-\. -
Re:Can someone please explain to me...I made this post months back, so some of the information may be outdated. I've updated some accordingly:
However some people prefer Opera because it's
1) more secure .... link 1 .... link 2 .... link 3 .... link 4 .... link 5 .... link 6, September 16th 2005
2) faster
3) Is actively worked on -from Mike Connor, an important Firefox developer
4) smaller (3.7mb vs 4.7mb)
5) less bloat/ram usage -
Re:Can someone please explain to me...
(1) Convenience of a tightly integrated, all-in-one package vs several applications
(2) No need for hassle and potential security risks of finding, installing, maintaining extensions most everything the typical Internet user needs is already integrated into Opera
(3) Peace of mind from the discipline and standards of a commercial QA process which an Open Source organization can't match
(4) Opera has best security track record (www.secunia.com)
(5) Ongoing premium support for the cost of a single instance of Firefox premium support (http://www.mozilla.org/support/#third-party)
(6) Still smaller download, footprint and faster rendering
(7) Access to some cool new features produced by the proven leader in browser innovation, in terms of documentable advancements, which can't be replicated with extensions, e.g. ERA-based features
(8) A better organized and richer source of free online support (look at depth and breadth of Opera Forums (Fora?) vs Mozilla's)
(9) A core rendering engine whose development, security, and quality benefit from its deployment across different kinds of platforms and devices
(10) Better value and experience for users with unique/specific needs, e.g. better language localization, voice capabilities for sight-impaired, ERA for laptops with small screens, etc. -
Re:My reasons for not switching.
Links to said Mozilla/Firefox extensions:
AdBlock Plus
BugMeNot
CustomizeGoogle
DictionarySearch
Farkit
Gmail Notifier
Nuke Anything
Plain Text Links
Switch Proxy Tool
Greasemonkey -
Re:what's the point?
Actually, even now you can download precompiled binaries of XULRunner. Check to find out more.
-
Re:Hey, Rob et. al.
How about learning to look at the URL in your browser before clicking on it, if it bothers you? Or installing a Firefox plugin to flag PDFs? And then quitting whining about PDF?
-
Re:what's the point?
For all those Firefox open source advocates, I found this pretty interesting (2nd point):
Problems with Firefox
* Extreme instability code-wise (impossible to base derivates on it)
* 'We're not accepting patches' (http://bonsai.mozilla.org/cvsblame.cgi?file=mozil la/browser/Attic/README.html&rev=1.10&root=/cvsroo t) shows general attitude of some developers -
Re:Wherefore
Aside from actual technical reasons, perhaps one can have philosophical reasons for using it over Firefox and Thunderbird. Consider the following excerpts from the Firefox team's development blog and the Firefox readme:
1.) The middle finger housed at this site certainly implies the user and anyone who differs with the holy developers is wrong. Here, the customer is wrong, so it throws community accountability into question.
2.) Read lines 96 to 111 in the Firefox readme, and tell me that the developers are not being arrogant. While I see the value in meritocracy, to an extent, I fail to see the value arrogance. Secondly, it fails to offer anyone in the community any standardized channel for getting the attention of the developers, were the individual to have something that actually warranted their attention.
- Begin Quote -
96 ian 1.7 Q6: So to whom do I send patches?
97 ian 1.6
98 We are not currently accepting any input. No UI specs, no bugs,
99 and definitely no patches. See Q3.
100 ian 1.9
101 Q7: How do I get involved?
102
103 You don't except by invitation. This is a meritocracy -- only
104 those gain the respect of those in the group can join the group. See
105 Q6.
106 ian 1.6
107 ian 1.10 Q8: I don't like the mozilla/browser process! This sucks! I'm
108 never going to contribute to Mozilla again!
109
110 Oh no, please, don't go, whatever shall we do without you.
111
- End Quote -
The software may technically be open source because I can fetch the source via CVS; but under the policies of its developers, it is unaccountable and closed to my submission. How discouraging.
This is off the topic, but my final complaint about Firefox and Thunderbird is merely technical. Before anyone claims that I am wrong due to the fact that the user can write extensions and thereby participate in the community, I would agree in this argument, but I believe that it overlooks something: Everyone raves about extensions as if they are the best solution to ending the bloat of the original software. That view is fine, but I beg to differ with tradeoff of how cheap and poorly integrated the majority of main extensions feel. I have yet to use an extension that feels integrated better than the numerous features included in the Seamonkey suite.
If my views are not sufficient here, consider taking a look at this large list of individuals who think otherwise: http://wiki.mozilla.org/SeaMonkey:Reasons. -
Re:Wherefore
Aside from actual technical reasons, perhaps one can have philosophical reasons for using it over Firefox and Thunderbird. Consider the following excerpts from the Firefox team's development blog and the Firefox readme:
1.) The middle finger housed at this site certainly implies the user and anyone who differs with the holy developers is wrong. Here, the customer is wrong, so it throws community accountability into question.
2.) Read lines 96 to 111 in the Firefox readme, and tell me that the developers are not being arrogant. While I see the value in meritocracy, to an extent, I fail to see the value arrogance. Secondly, it fails to offer anyone in the community any standardized channel for getting the attention of the developers, were the individual to have something that actually warranted their attention.
- Begin Quote -
96 ian 1.7 Q6: So to whom do I send patches?
97 ian 1.6
98 We are not currently accepting any input. No UI specs, no bugs,
99 and definitely no patches. See Q3.
100 ian 1.9
101 Q7: How do I get involved?
102
103 You don't except by invitation. This is a meritocracy -- only
104 those gain the respect of those in the group can join the group. See
105 Q6.
106 ian 1.6
107 ian 1.10 Q8: I don't like the mozilla/browser process! This sucks! I'm
108 never going to contribute to Mozilla again!
109
110 Oh no, please, don't go, whatever shall we do without you.
111
- End Quote -
The software may technically be open source because I can fetch the source via CVS; but under the policies of its developers, it is unaccountable and closed to my submission. How discouraging.
This is off the topic, but my final complaint about Firefox and Thunderbird is merely technical. Before anyone claims that I am wrong due to the fact that the user can write extensions and thereby participate in the community, I would agree in this argument, but I believe that it overlooks something: Everyone raves about extensions as if they are the best solution to ending the bloat of the original software. That view is fine, but I beg to differ with tradeoff of how cheap and poorly integrated the majority of main extensions feel. I have yet to use an extension that feels integrated better than the numerous features included in the Seamonkey suite.
If my views are not sufficient here, consider taking a look at this large list of individuals who think otherwise: http://wiki.mozilla.org/SeaMonkey:Reasons. -
Re:what's the point?
1. Can someone explain why this exists?
Here are just a few answers to that question.2. Do they really expect Netscape users to download something called SeaMonkey?
No, mostly users of Mozilla 1.7.x will download SeaMonkey. -
Re:Mozilla Suite
> something with such an aging and nasty interface
hey, do you mean that (https://addons.mozilla.org/themes/moreinfo.php?ap plication=firefox&category=Modern&numpg=10&id=9) interface, that did not look like a lame IE copy??
Seriously folks, why does FF in it's standard design look as poor as IE? To me this "ms-imitation-design" that also caught most X window managers ist absolutely stupid (and ugly). And ther surely is something better. Innovate. Don't imitate! -
Intelligent design?
Rather than allowing C# to evolve naturally, Microsoft is hoping that they can get people to buy into its intelligent design
Seriously, I've never seen anyone try to evolve a production language this quickly. They're throwing in features left and right. It's exciting! But it's also terrifying: I feel like C# is being driven at breakneck speed towards, err... I don't think Microsoft actually HAS any ultimate goal in mind for C#, as long as they can cover a lot of ground getting there.
And if you drive this fast, eventually you're going to crash, and when C# does, it will fragment into dozens of small shiny sublanguages. People will carve out their C# comfort zones containing the features they feel comfortable with and exclude the rest. Two C# programmers will no longer always speak the same "dialect," making it difficult understand each others' code.
The fact that there's a great deal of overlap among C#'s features only makes this worse. Programmer A's heavy use of generics and lambda expressions will be unfamiliar to programmer B, who never bothered to learn those features since he can accomplish the same things using implicit typing and LINQ.
And, needless to say, differing levels of compiler support will also exacerbate this problem.
I'm surprised Microsoft isn't more careful, given the cautionary example of C++. C++ is in the later stages of this disease. Large projects have to specify the C++ sublanguage dialect that they're using. And we aren't talking simple style guidelines, but the excision of large chunks of features, like RTTI and exceptions. If C# continues the way it's going, it will wind up like this.
ding! That was the sound of me reaching my metaphor limit of three per post. I guess I better end this. So to sum up:
Microsoft, you are the largest software developer and in control of the OS and development tools. You are in the unique position of being able to dictate every aspect of a new programming language. It will be used for years to come by millions of developers in all different situations. This is a blessing and a tremendous opportunity.
Don't fuck it up.
(please?)
-
Re:How can you vouche for the security of this?
You should calm down. First, the Firefox 1.5 Beta is only for testing purposes, and using it in a production environment is entirely on your risk. Yes, things can break sooner or later, but users are warned about it. Second, regular users downloading Firefox will still get the stable 1.0.6 version. In order to get the beta, they have to use a different link, and they are warned before they download. Third, even in Firefox 1.0.0 the automatic update mechanism is pretty good. That is, Firefox will automatically search for updates and users will be prompted if a newer version is found. If they choose not to update, they do so on their own risk. Fourth, starting with 1.5 "notification of an update is more prominent, and updates to Firefox may now be half a megabyte or smaller.". Finally, if you have any problems about Mozilla implementing drafts in betas you can of course document the possible problems and notify the guys actively involved in the development of Firefox. They seem very open to constructive suggestions. Otherwise, you can just disable the CSS extensions in your copy of Firefox (if it's not already disabled by default
... check the about:config) or get the source and do anything you want with it. Just trolling about something you could get as a gift and but you didn't even try is pretty illogical, esspecialy if coming from an IE background. Are you working for Microsoft of someting, that it would be so hard to you to try someting new and cool? Or is it just more exciting to be a target until holly IE7 comes along? -
The Bug is Fixed: Download Patch Here
You can download the patch below. They've done, actually, an impressive job with it because, by way of a "peace offering" to the Web community, they've incorporated quite a large number of features from IE7 and future releases far earlier than expected.
The changes are actually pretty dramatic, with even some significant alterations to the UI and a number of fixes to the bookmarks system. Enjoy.
http://www.mozilla.org/products/firefox/ -
Re:What is THIS?!
"nyah, nyah, my hands are covering my eyes so the exploit can't harm you!"
Firefox also follows the same method.
Several of the bugs are marked hidden.
https://bugzilla.mozilla.org/show_bug.cgi?id=30693 9 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30694 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30703 1 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30704 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 4 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 7 [mozilla.org] -
Re:What is THIS?!
"nyah, nyah, my hands are covering my eyes so the exploit can't harm you!"
Firefox also follows the same method.
Several of the bugs are marked hidden.
https://bugzilla.mozilla.org/show_bug.cgi?id=30693 9 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30694 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30703 1 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30704 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 4 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 7 [mozilla.org] -
Re:What is THIS?!
"nyah, nyah, my hands are covering my eyes so the exploit can't harm you!"
Firefox also follows the same method.
Several of the bugs are marked hidden.
https://bugzilla.mozilla.org/show_bug.cgi?id=30693 9 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30694 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30703 1 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30704 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 4 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 7 [mozilla.org]