Slashdot Mirror
Security-Updated Versions Of Mozilla Released
petabyte writes "As mentioned in this Mozillazine article, there are new versions of the Mozilla Suite (1.7.2), Mozilla Firefox (0.9.3) and Mozilla Thunderbird (0.7.3) available. They address 4 security bugs (linked from the Mozillazine article). Unlike Firefox 0.9.2, these can't be fixed with just a XPI upgrade, so you'll have to download a new binary and install."
Installing over the old version often works, but sometimes not.
If not, I usually save my plugins, delete the directory, install, then copy my plugins. My settings, bookmarks, and skins are all in my profile, and I haven't had to delete/recreate that in a while.
It sounds like you're just being too careful.
Internet Explorer 6 Service Pack 1
I quote:
Thats just *one*, and its larger than the 5MB 0.9.3 release.
NeoThermic
Use my link above, or to view my server, NeoThermic.com
The timestamps in the 0.9.3 release directory show that the Windows binary has been updated.
Got the supposed 0.9.3 for Windows earlier today, which didn't work. Process appeared in task list, but no window came up. Also, any place the version number appeared, it was still listed as 0.9.2. With the caveat that I don't know how those folks do their releases, I'll say that with the proper automation, that oops-i-forgot-to-increase-the-version-number snafu should never happen.
http://bugzilla.mozilla.org/buglist.cgi?bug_id=25
IE catches shit for 2 out of the 4 bugs.
libpng buffer overflow - a lot of bitching goes on around here with regards to "OH M$ EVEN HAD AN OVERFLOW IN BMP HANDLING IN IE!!!"
null (%00) in filename fakes extension (ftp, file) - Variation of this got IE in trouble...
Last time I tried to install over an existing installation i seriously regretted it. Took me 3x as long to get everything worked out. So now I uninstall first.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
249004 Importing false CA certificate leading to error -8182 (pe...
# False certificates aren't really an exploit
250906 null (%00) in filename fakes extension (ftp, file)
# fake extense aren't exploits
251381 new libpng buffer overflow vulnerabilities
# okay that is an exploit
253121 lock icon and certificates spoofable with onunload docume...
# that is not an exploit either
I think they should be more like bugs. I think Mozilla is just trying to play it safe. Ironically by them "being up front" they may end up driving people away from the browser...
--Joey
I downloaded the linux installer version (firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.g z)ked from the Firefox page and itself seems to have a little bug:
** (firefox-installer-bin:3120): WARNING **: Invalid UTF8 string passed to pango_layout_set_text()
It winds up with an incomplete installation. However, if you just download the gzipped tarball without the installer from here and untar it over your old firefox directory you should be just fine.
Use this link instead: http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/0.9.3/
tasks(723) drafts(105) languages(484) examples(29106)
Well, Firefox 1.0 on OS X will be delayed a bit from the other platforms to clean up some issues such as this. The Expose thing you mentioned has been written up in Bugzilla (copy & paste the URL to see the bug.)
The new Mozilla Firefox release fixes four security problems and all the other bugs that have been fixed in the aviary branch. Microsoft, on the other hand, hasn't published fixes to IE's layout engine since 2001.
Worked for me.
One way to keep updated about Mozilla releases and developments in many different areas is by subscribing to one of the developer mailing lists:. html
... I wrote a note this morning but I imagine they are submerged.
http://www.mozilla.org/community/developer-forums
MozillaZine.org also does a good job of summarizing the development, but it's almost always 2-3 days late.
For the true cutting-edge lizard in you, there's always the feedhouse:
http://feedhouse.mozillazine.org/
And of course it has RSS feeds.
For those of you wanting to know when specific bugs have been fixed, I find the "edge" websites to be most simple to read (although not thorough):
The Rumbling Edge (for Thunderbird):
http://weblogs.mozillazine.org/rumblingedge/
The Burning Edge:
http://www.squarefree.com/burningedge/
Saddly, there is no information about the releases almost a day after they have been out on http://mozillaeurope.org/en/
Enjoy!
Notepad specialist & FAT administrator, group training available
Care to explain why you've linked a `Security Update for Windows 2000`?
We are talking about IE here, not 2K.
As for a IE patch that is large?
IE6 SP1 - 8.7 MB to 12.7MB
IE5 SP2 for ME - 6MB to 17MB
Internet Explorer 6 SP1 Update: "HTTP 404 - File Not Found" Error Message When You Try to Visit Web Pages That Are Opened by JavaScript Functions in Frames or in Windows - 1.3MB
October 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - 2.1MB
October 2003, Cumulative Patch for Internet Explorer for Windows Server 2003 - 4.2MB
October 2003, Cumulative Patch for Internet Explorer 6 - 2.5MB
Need me to continue? Or have I proved my point?
NeoThermic
Use my link above, or to view my server, NeoThermic.com
problems that Firefox .9.x has had with slashdot. It seems that the side menu bars randomly overlap the main page content. It really looks ugly.
Granted, I'd like to see a patcher/updater that works, but this is still sub 1.0 software.
Rename current firefox directory.
Install firefox.
Copy plugins folder to new install.
Load firefox.
That's it. Your bookmarks and settings are in your profile, NOT in the install directory.
Some plug-ins will need to be reinstalled.