Slashdot Mirror
Security-Updated Versions Of Mozilla Released
petabyte writes "As mentioned in this Mozillazine article, there are new versions of the Mozilla Suite (1.7.2), Mozilla Firefox (0.9.3) and Mozilla Thunderbird (0.7.3) available. They address 4 security bugs (linked from the Mozillazine article). Unlike Firefox 0.9.2, these can't be fixed with just a XPI upgrade, so you'll have to download a new binary and install."
FireFox, OTOH, is a 4MB download.
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
Installing over the old version often works, but sometimes not.
If not, I usually save my plugins, delete the directory, install, then copy my plugins. My settings, bookmarks, and skins are all in my profile, and I haven't had to delete/recreate that in a while.
It sounds like you're just being too careful.
Internet Explorer 6 Service Pack 1
I quote:
Thats just *one*, and its larger than the 5MB 0.9.3 release.
NeoThermic
Use my link above, or to view my server, NeoThermic.com
The timestamps in the 0.9.3 release directory show that the Windows binary has been updated.
Got the supposed 0.9.3 for Windows earlier today, which didn't work. Process appeared in task list, but no window came up. Also, any place the version number appeared, it was still listed as 0.9.2. With the caveat that I don't know how those folks do their releases, I'll say that with the proper automation, that oops-i-forgot-to-increase-the-version-number snafu should never happen.
But there are multiple entries in the add/remove programs dialog on windows. Still, that's nothing a quick regedit job won't fix.
http://bugzilla.mozilla.org/buglist.cgi?bug_id=25
IE catches shit for 2 out of the 4 bugs.
libpng buffer overflow - a lot of bitching goes on around here with regards to "OH M$ EVEN HAD AN OVERFLOW IN BMP HANDLING IN IE!!!"
null (%00) in filename fakes extension (ftp, file) - Variation of this got IE in trouble...
Last time I tried to install over an existing installation i seriously regretted it. Took me 3x as long to get everything worked out. So now I uninstall first.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
I just installed 0.9.3, its listing inside the installer as 0.9.2 still.
Your right about automation, even InstallShield can do it!
liqbase
249004 Importing false CA certificate leading to error -8182 (pe...
# False certificates aren't really an exploit
250906 null (%00) in filename fakes extension (ftp, file)
# fake extense aren't exploits
251381 new libpng buffer overflow vulnerabilities
# okay that is an exploit
253121 lock icon and certificates spoofable with onunload docume...
# that is not an exploit either
I think they should be more like bugs. I think Mozilla is just trying to play it safe. Ironically by them "being up front" they may end up driving people away from the browser...
--Joey
I grabbed this from the Troubleshooting Mozilla guide.
:)
From Point 14:
If Nautilus has been configured to use the Mozilla Gecko rendering engine, installing a mozilla.org binary on top of that may cause odd problems and conflicts. You should use the package of Mozilla supplied by your Unix or GNU/Linux distribution, as their version should work properly with their package of GNOME.
I have personally experienced problems where Mozilla refused to render anything secure (https) because I had overwritten previous Mozilla installations. There could have been other problems but I never noticed. I'd reccommend you just do a clean install (which means, an uninstall, then reinstall). There is no reason to tapdance in minefields unless you're a windows user. like me.
Good luck!
Even easier, symlinking /usr/mybrowser/plugins to /usr/mozilla/plugins and relinking on upgrade. /usr/foo/plugins .
Heck, if you upgrade it yourself, it is as easy as aliasing
tar xvfz mozilla.tar.gz && cd mozilla && rm -rf plugins && ln -s
-- perl -e'print pack"H*","6e656d6f406d38792e6f7267"'
I downloaded the linux installer version (firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.g z)ked from the Firefox page and itself seems to have a little bug:
** (firefox-installer-bin:3120): WARNING **: Invalid UTF8 string passed to pango_layout_set_text()
It winds up with an incomplete installation. However, if you just download the gzipped tarball without the installer from here and untar it over your old firefox directory you should be just fine.
Use this link instead: http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/0.9.3/
tasks(723) drafts(105) languages(484) examples(29106)
"At 5MB for Firefox (on windows), its far smaller than the average IE 'patch', which normally are around 7 MB or so."
Bullshit. There's a fix for an IE exploit. 365K. Would you want to reinstall your entire browser, just to fix that one little thing that you urgently want to get corrected?
"Derp de derp."
The way Mozilla does windowing, it creates an invisible root window. You can see that it exists without expose by trying to apple-tab through pages. So far the developers have not found a way to redo the windowing system so that this invisble window is no longer necessary. Its been there since the NS 4.x days I think. I bet if you use FF 0.7 on a box with expose you'll see it there too.
Well, Firefox 1.0 on OS X will be delayed a bit from the other platforms to clean up some issues such as this. The Expose thing you mentioned has been written up in Bugzilla (copy & paste the URL to see the bug.)
Speaking of download speeds, this is something I saw on a university link
Tsunami -- You can't bring a good wave down!
I noticed 0.9.3 doesn't fix the UI Spoof using XUL mentioned a few days ago... Could this mean what I think it means....
Yes, there are some things in Firefox that have no UI equivalent in Camino, and that irks me at times. But I use Camino as my main web browser, and I'm very happy with it, thank you very much.
The new Mozilla Firefox release fixes four security problems and all the other bugs that have been fixed in the aviary branch. Microsoft, on the other hand, hasn't published fixes to IE's layout engine since 2001.
Worked for me.
My problem is that NONE of the themes other than the default work on OSX.
That's due to this bug, which mangles any cross-platform theme using native scrollbars. (You'll have to cut and paste the link, as Bugzilla fears Slashdot).
Vino, gyno, and techno -Bruce Sterling
The Mozilla 1.7.2 Release Page has a link to the bugs it fixes.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
On a lot of stock systems the offending line in mime.types is: .rpm extension in the wild.
audio/x-pn-realaudio-plugin rpm
and should be:
application/x-rpm rpm
I have not come across any realmedia files with the
.
One way to keep updated about Mozilla releases and developments in many different areas is by subscribing to one of the developer mailing lists:. html
... I wrote a note this morning but I imagine they are submerged.
http://www.mozilla.org/community/developer-forums
MozillaZine.org also does a good job of summarizing the development, but it's almost always 2-3 days late.
For the true cutting-edge lizard in you, there's always the feedhouse:
http://feedhouse.mozillazine.org/
And of course it has RSS feeds.
For those of you wanting to know when specific bugs have been fixed, I find the "edge" websites to be most simple to read (although not thorough):
The Rumbling Edge (for Thunderbird):
http://weblogs.mozillazine.org/rumblingedge/
The Burning Edge:
http://www.squarefree.com/burningedge/
Saddly, there is no information about the releases almost a day after they have been out on http://mozillaeurope.org/en/
Enjoy!
Notepad specialist & FAT administrator, group training available
Piffle. Took me all of 30 seconds on cable, no mirrors used.
Linux, you magnificent bastard, I read the fucking manual!
Care to explain why you've linked a `Security Update for Windows 2000`?
We are talking about IE here, not 2K.
As for a IE patch that is large?
IE6 SP1 - 8.7 MB to 12.7MB
IE5 SP2 for ME - 6MB to 17MB
Internet Explorer 6 SP1 Update: "HTTP 404 - File Not Found" Error Message When You Try to Visit Web Pages That Are Opened by JavaScript Functions in Frames or in Windows - 1.3MB
October 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - 2.1MB
October 2003, Cumulative Patch for Internet Explorer for Windows Server 2003 - 4.2MB
October 2003, Cumulative Patch for Internet Explorer 6 - 2.5MB
Need me to continue? Or have I proved my point?
NeoThermic
Use my link above, or to view my server, NeoThermic.com
The windows version listed for download at the FireFox product page is not the same as the windows version listed on the main download page.
Just a heads-up to everyone rushing to download without checking. The mozilla.org web guys might want to fix that too.
Cheers.
user@host$ diff
problems that Firefox .9.x has had with slashdot. It seems that the side menu bars randomly overlap the main page content. It really looks ugly.
Granted, I'd like to see a patcher/updater that works, but this is still sub 1.0 software.
Rename current firefox directory.
Install firefox.
Copy plugins folder to new install.
Load firefox.
That's it. Your bookmarks and settings are in your profile, NOT in the install directory.
Some plug-ins will need to be reinstalled.
Settings are stored in your profile. Not in the program directory.
AFAIK, uninstall doesn't remove your profile.
However extensions and plugins (Flash, Acrobat...) are at risk if you accept to remove the Firefox directory at uninstall end.
I previously had Mozilla Firebird 0.7 installed on Windows 2000. I've tried to migrate to Firefox befoew, but certain things (like Sessionsaver sessions and the theme) didn't work/look proper[ly].
/window sessions so that they come back up after closing and re-opening the program. It's really nice when you have 15 tabs that you have the way you like them and accidently close the window. Qute is the Firebird theme and the most popular on the themes site.
.zip files and put them where I want them, so if you install using an installer, YMMV.
For those that don't know, Sessionsaver can save tab
Previously, all of my settings for Firebird were kept in C:\Documents and Settings\%username%\Application Data\Mozilla\Phoenix\ and there was a file in \Mozilla\ called pluginreg.dat.
I have always downloaded the
Here's how I got my settings back with the Firebird theme and all of my tabs back open. There's no real haX0ring involved here, but in the case that any one wants to do this, this is what worked for me. (Gripes to follow.)
Download Firefix 0.9.3
I downloaded and unpacked the Firefox zip file for Windows (ftp://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/0.9.3/Firefox-win32-0.9.3.zip).
Load Browser, Migrate Settings
Then, I loaded the browser and it prompted me as to whether or not I wanted my old settings migrated. I did, and selected the default options. The browser loaded and my homepage and network settings were there (YES!).
Download and Install Qute
Now, I liked the way Firebird looked and the way my tabs were saved by the Sessionsaver 0.2d extension. So, I went to the Themes manager and clicked Get More Themes. I downloaded and installed Qute. Then, in the Themes manager, I selected the Qute theme and clicked the Use Theme button. It didn't show up in my browser window right away, but I figured "maybe it needs me to shutdown and restart." So, I wasn't too worried.
Download and Install Sessionsaver 0.2d
Then, I googled for "sessionsaver", and got lucky. I installed the Sessionsaver extension. In the Extensions manager, it asked me if it wanted me to install it to my user preferences folder. It suggested that this way, it wouldn't have to be reinstalled when I upgrade the browser. I know that's not true, but I said yes, anyway. I loaded up an extra tab and a window to see if it would load them back up the next time.
Restart Firefox
Much to my surprise (and excitement), Firefox didn't open back up with my test windows and tabs, but my old Firebird session!
I went through this process again (making sure to remove my \Mozilla\Firefox folder and any added files and the program folder made when I unpacked the zip file), just to make sure I wasn't crazy.
Now, for the things that annoy me:
1) The Qute theme isn't EXACTLY like it was in Firebird. The buttos are shinier or something. I may write to the designer or search around for an older version if I can, but I'm going to live with it for now.
2) The Extentions, Themes, and Downloads windows suck up tons of CPU time when I move my mouse cursor between the panes and in and out of the windows. WTF?
3) The Download manager. I personally preferred the old progress windows from Firebird. I know there's an extension to allow me to use external programs for downloads, but I really did like those little windows. At least give me the choice of using the manager or the windows. The one function of this that I do like is t
Withdrawal before climax is very ineffective and those who try this are usually called "parents."