Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:WTF is an XPI? Super secret instructions requir
Here you go.. an obvious, step-by-step guide.
Don't even need to double-click anything, it installs from inside the browser. No need for self-extracting executables. -
0.9.2 Release Notes?Apparently they haven't gotten to writing the release notes for 0.9.2. Is this "shellblock" thing the only fix? Sounds like it would be much easier to install the shellblock.xpi extension. (redundant I know)
BUT, since I have XP SP2 installed (the latest release candidate), I can ignore 0.9.2 altogether? Or are other bug fixes included in this release?
-
Re:So who's going to tell all the recent converts?Yes it does - from the press release:
SmartUpdate: A new SmartUpdate feature notifies users of new versions of Firefox to ensure that the browser is always up to date.
However, my FireFox hasn't informed me of it (I just loaded it then this morning), and even when I tried manually to check for updates it reported nothing. As an excercise I'm not going to update immediately, but I'll wait and see how long it takes for FireFox to tell me there's an update available. -
Bug has already been fixed...
I'm sorry, but that's totally incorrect.
According to the bugzilla entry (Copy the link and paste it in a new window. Links from slashdot are disabled.) for that bug, the problem is resolved. I can confirm that that is correct because I am running Firefox 0.8 right now, and the demo application was denied UniversalXPConnect priveledges. -
Bug has already been fixed...
I'm sorry, but that's totally incorrect.
According to the bugzilla entry (Copy the link and paste it in a new window. Links from slashdot are disabled.) for that bug, the problem is resolved. I can confirm that that is correct because I am running Firefox 0.8 right now, and the demo application was denied UniversalXPConnect priveledges. -
Re:A clear advantage
Linux fanboy moron,
Read the fucking article. Here, I'll make it easy for you:
An old [2002!] discussion in the Mozilla bug report database considers the possibility of addressing this problem, but the developers decided against it since the program has a facility for letting the user disallow specific external protocols and schemes, including shell:. It is not disabled by default, though.
The developers considered changing from scheme blacklisting to whitelisting, in which case all schemes and protocols would be disallowed unless explicitly allowed. Mozilla Foundation spokesmen said a future version of the browsers will change to whitelisting, but the interim fix just disables the shell protocol. Several other schemes, such as vbscript, are already disabled by default.
-
Shellblock XPI...
I just installed Shellblock XPI for Mozilla v1.7 from http://update.mozilla.org/extensions/moreinfo.php
? id=154. How can I check it is installed? -
Re:Two beefs...
I don't like that the entire package had to be updated
I don't like that either. Nor the mozilla devs. So they posted a patch via an extension to be applied to ff, tb and seamonkey.
Cheers...
-
Re:And now for some helpful links:
Well, here is the plugin that blocks the shell: scheme for all Mozilla based browsers (1.1+ I think). I'm running 1.8beta2 and I couldn't find any info on whether it was affected but I found the above plugin so I'm not worried.
-
what mozilla users should know
-
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
And now for some helpful links:
And now for some helpful links:
Note: If you click on download links for firefox on the main page of mozilla.org, you get 0.9.2. The link on the firefox page @ http://www.mozilla.org/products/firefox/ still gets you 0.9.1. The link on the main page for the Linux version of Firefox still points to version 0.9.1. It seems that if you want 0.9.2 for Linux you'll have to compile it yourself.
0.8
0.9rc
0.9
0.9.1
0.9.2
And a direct link to the newest release for the really lazy:
Windows 0.9.2
The question is, what is the shellblock.xpi for?
Does Bugzilla know? Sorry, links to Bugzilla from Slashdot are disabled. Ook! -
A clear advantage
The Mozilla Foundation has confirmed the problem and issued a fix
This incident underscores why many use or have switched to Firefox: vulnerabilities discovered and promptly fixed. Not weeks and months from their publication--and not by another vendor--this exploit was addressed by those who have made available Mozilla's code for public scrutiny.
FYI, in case you didn't read the article, you can download the fix here. -
Phoenix, Firebird, Firefox, Firesomething!
Firesomething - Run Mozilla Spacemoose one day, Mozilla Mooncow the next!
-
They had
If you look at the roadmap, and scroll down to the "OUT FOR 1.0" area, you'll see that they did in fact consider doing just that. I believe it was originally targetted for 0.9. It's probably out due to lack of resources, so contribute some time to the project and they may put it in.
:-) -
Re:At least
Both the whitelist and the install button delay solve this.
Together they do. The whitelist shouldn't be seen as a silver bullet. It shouldn't be possible for somebody who has control over one of the whitelist websites to automatically install something on your computer without your permission.
the install button delay is in Firefox 0.9.1.
My mistake. I took "I landed this patch on the Aviary 1.0 branch" to mean that it would be applied to Firefox 1.0. I can't keep track of the different branches. So Aviary 1.0 stuff goes into Firefox 0.9.1? I'm confused!
I also think that a three second delay is both arbitrary and unsafe. There are plenty of hunt-and-peck typists that would look at the keyboard for three seconds trying to find the 'l' and 'y' keys.
I don't have a better suggestion, except perhaps bringing the confirmation up in a popup that doesn't steal the focus. I don't think a website can trick somebody into switching windows and hitting 'y'.
-
Re:Corporate Acceptance?
Built-in since 0.8, at least according to Bugzilla (direct links from slashdot don't work, copypaste and open manually)
-
Re:At least
Mozilla already has a large developer community, almost all of the extensions at Mozilla Update are developed by the community.
An extension developer can submit their extension to Mozilla Update and directly link to the XPI from their homepage.
Or they can provide a downloadable XPI file, the user has to open it (from File > Open), and it'll be installed.
So there is no automatic installation, and the avarage user can't be tricked to click yes for an installation dialog. -
Re:Why no adblock?
Er.... You mean this Adblock? The one that's currently the second highest rated extension for Firefox on Mozilla Update?
-
Re:Why no adblock?
Er.... You mean this Adblock? The one that's currently the second highest rated extension for Firefox on Mozilla Update?
-
Re:At least
Mozilla 1.7 and current nightly builds of Firefox don't accept extensions from websites other than Mozilla's.
Anything else? -
Re:At least
Mozilla 1.7 and current nightly builds of Firefox don't accept extensions from websites other than Mozilla's.
Anything else? -
Re:I don't get it
What you talkin' 'bout, Willis?
Have a linux version... with an installer.
Or a binary version... already pre-built. -
Re:I don't get it
What you talkin' 'bout, Willis?
Have a linux version... with an installer.
Or a binary version... already pre-built. -
Re:And this is why I still have to use Opera
This extension gives you single window mode: Single Window 1.0
Also if you read the docs they made a major change to how firefox manages extensions from 8.0 to 9.0, so it's simply a matter of the extension creators to update to the new requirements. -
Re:My two cents
Download Sort is what you're looking for.
Hope that helps. -
Re:My two cents
This extenstion should do what you are looking for.
-
Super DragAndGo
I've just started using Firefox, and the best plugin I know of for it is Super DragAndGo. If you drag a link to empty space on the webpage, that link is opened in a new tab. It's so simple, but it's the best new web browsing feature I've seen in a long time.
-
fav ext
My fav extension at the moment is GmailCompose, combined with Gmail's great interface, it feels like a real email app, and not just web mail.
-
Why no adblock?
No mention of adblock conveniently since Wired lives or dies by ads. Also note that adblock has been removed from Mozilla Update also likely due to pressure from web devs concerned about loss of revenue.
-
W0t?
Slow news day, eh? The Article is low on substance. This page has much more details. Looks like the wired article has copy-pasted and not done any real work. The actual article should have had listed quirks, what do the extentions actually do, rather than pasting text from mozilla extention page.
-
All-in-One Gestures
I loves me some All-in-One Gestures. There's a big list of configurable actions you can take with gestures, not the least of which is "Open selection in new window" for when people don't link URLs in web forums.
-
Why steal software?
Why steal software? Many software packages are reasonably priced, and many are offered with rebates and upgrade coupons. See more here
On the other hand, most of the truely great apps are written for linux. They are usually feature packed, have very little security problems, etc.. Examples would be MythTV, Apache, MySQL, the GIMP, Mozilla and Firefox, etc... The list goes on!
--
Craploads of deals updating in real time from all the best deal sites. -
Re:My guess
The reason the motherboard started smoldering? The CPU maxed when he tried to load one of that site's webpages. It's impossible to pick out any actual content on that page amongst all the adverts, links, and folderol.
The ad-blocking lizard is your friend.
-
Re:in any case
I think the previous poster meant that IE lacks support for PNG-24's 8 bit alpha.
See, PNG supports 256 levels of transparency. Gradients. Oh, the joy of no jagged edges.
The problem is, yes, a 24 bit PNG with 8 bits of alpha can get rather large, especially when they are used for what they weren't intended for; replacing JPGs.
Open up this link in anything but IE (I tested it with Mozilla and Opera) to see some 8-bit alpha. And a cool little demo to boot. -
Find as you type
A bit offtopic, but I noticed the Firefox information page refers to "Find As You Type" as FastFind. WTF is that about? Sounds a bit too much like marketing speak.
-
is tweaking unsupported?
;why no documentation? though i am personally not opposed to searching for or reading tips on modifying the browser, i wonder why "tweaks" like this aren't documented in the help.
;are actions such as modifying the chrome or about:config considered "unsupported" by the developers at mozilla? curious...
;i would never have found out about how cool firefox keywords are without this article, for instance.
;ok, i guess mod me down... i didn't have much to say
:);treehead
-
Re:Easy.
Fast response. Oh yeah, like the trojan password dialog bug in mozilla. Whoops. links are disabled from
/. Go to bugzilla and look up bug 51631.
Reported: 2000-09-06
Fixed: 2003-12-22 -
Security Fixes
OK, the whole reason folks want to switch from IE is because Microsoft isn't providing timely patches. However, I'm not sure if Mozilla is either -- Mozilla seems to be a "work in progress", which means that potential security problems are fixed in the development branch, but that does not affect the release schedule. And Firefox is still in beta stages and probably isn't being patched at all.
I read somewhere there's a remote hole in Moz 1.6 and FireFox 0.8. However, the advisory page doesn't list them, and hasn't been updated since November, so I don't know what to believe.
Furthermore, some milestone releases aren't totally stable or may behave differently. It would be very difficult for a corporate deployment to follow Mozilla's release schedule, especially if they had to test intranet apps etc.
I know that Mozilla security is not a huge real world problem yet, but maybe someone can clarify what exactly Mozilla's security patch policy really is.
(Also, you'll have to prepare to uninstall and reinstall the whole browser because there isn't a patch procedure, but that probably could be scripted.) -
Re:I must ask...
The
/. rendering problem is a known bug, and the fix should appear in Firefox 1.0
http://bugzilla.mozilla.org/show_bug.cgi?id=217527 -
IE is more secure than firefox for the moment
I do like Firefox a lot. It is a wonderful browser, and it is improving at a rapid pace. But I will not use it until the devs get their heads out of their arses. It is not as secure as IE for one simple reaon: no javascript whitelisting. IE has it in the form of security zones.
If firefox ever adds jscript whitelisting to the main app or someone develops an extension for it (that is kept up to date with current releases) I will switch in an instant. Unfortunately I am getting the impression that the devs are very pro-jscript and have no interest in making it easy for users to browse with it off completely. Instead they want to only allow disabling it's most annoying and obvious features. This is a woefully inadequate solution.
With IE I can browse with javascript completely off while still being able to shop at sites like newegg or amazon with jscript (and activex if necessary) automatically enabled. There are many sites nowadays (created by incompetent web designers)that won't even load without javascript. I will either ignore such sites or take the chance on giving them temporary trusted or partially restricted status.
People talk about how insecure and dangerous ActiveX is and they're right, but javascript is almost as bad. IMO, anyone who surfs the internet with javascript on is asking for trouble and shouldn't be surprised when they find it. And, no,I am not talking about popups. Javascript is a hell of a lot more than just the window popup or resize functions. The recent slammer worm, while an example of an exploit of bad IE security in the form of BHOs is also an example of the dangers of javascript. This worm could not function without it and it did not rely on popups or resizing. It used javascript that would never be blocked by the kind of partial blocking that firefox uses.
Mozilla has also had security zone capability through user pref javascript settings for a long time, but a UI for it has never been included in the official browser. At this point it looks like it never will.
There was some effort expended at actually producing a UI for the zones but nothing seems to have come of it. The devs who were working on it gave up when they saw this which unfortunately is not capable of javascript whitelisting at least in current versions of mozilla or firefox.
There have been some attempts at extensions to add in jscript whitelisting to mozilla, but there is nothing that works with current versions of either mozilla or firefox.
All of this work is at least 1-2 years old. Some of it is as 3-4 years old. Nothing is currently being done with any of it. Obviously the devs don't consider it an important feature. In fact they consider it so unimportant that even when it's already in the code, they can't be bothered to make a UI for it it.
So thank you very much, but I will stick with a much safer browsing experience on IE with pwrtwks to give me two click security zone control and trust setter and IE Zone Editor to give me even more control over IE's wonderful security zone features.
For the one remaining gigantic IE annoyance, those popup "warning" windows you get when browsing with activeX turned off on sites with activeX, there is a way to turn them off. It works.