Slashdot Mirror
Security-Updated Versions Of Mozilla Released
petabyte writes "As mentioned in this Mozillazine article, there are new versions of the Mozilla Suite (1.7.2), Mozilla Firefox (0.9.3) and Mozilla Thunderbird (0.7.3) available. They address 4 security bugs (linked from the Mozillazine article). Unlike Firefox 0.9.2, these can't be fixed with just a XPI upgrade, so you'll have to download a new binary and install."
I'm getting tired of the whole uninstall, delete, re-install, get plugins, import bookmars, set settings, get skins (optional) routine. I wish they would hurry up and fix the installer so that I could simply update the browser and save all my stuff.
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
The 4MB size of the complete Mozilla browser is smaller than many of Microsoft's IE updates have been.
So, while you may have to re-download the whole browser, the actual file size is still smaller.
According to the forum, a libpng vulnerability also just happens to crash IE.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Trying to download a 4.0 MB file after it's linked to on the front page of Slashdot is never an easy thing, dude.
If my answers frighten you, stop asking scary questions.
Well I don't know about you, but the 503 errors are gone for me.
"Sockets are the standard networking API, also useful for stopping your eyes from falling onto your cheeks" zeromq.org
i know it'll be an unpopular one about these parts, but: yeah, i'm with you bro. i should only have to click "Upgrade" on the Moz page to get the newest browser. Bitch and moan all you like, that's the way it should be: an icon in the corner: "upgrade now"...you can ignore if you like, you can build from source if you like, but me? Hell, just get me a new browser now....when i click. Yeah, yeah, save me all the "but, if it's just click and go and the security and the users and malware pages"...save it. Code against that, let me upgrade on the fly (restart okay...reboot not-okay) with a click. Tough to do? Hell, look about at the OS that this browser runs on (for the most part at this time): click and do for 'em eh? Not that much to ask. Give 'em a, 'no thanks, i'll do it the hard, trusted, but sure way' button. i'm not banging that in any way...hell, with some packages that's the only way i'll trust 'em. Moz is a safe bet: give us s 'click an' go to the newest version' button k? Yep.
got a nice hefty 1500KB/s sustained over a 768bps connection
I'm impressed! How'd you get the 15,000x speedup?
[
for the math impaired:
1500KB/s = 12000Kb/s
12000Kb/s / 768bps = 15625.
]
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
Internet Explorer 6 Service Pack 1
I quote:
Thats just *one*, and its larger than the 5MB 0.9.3 release.
NeoThermic
Use my link above, or to view my server, NeoThermic.com
The timestamps in the 0.9.3 release directory show that the Windows binary has been updated.
Got the supposed 0.9.3 for Windows earlier today, which didn't work. Process appeared in task list, but no window came up. Also, any place the version number appeared, it was still listed as 0.9.2. With the caveat that I don't know how those folks do their releases, I'll say that with the proper automation, that oops-i-forgot-to-increase-the-version-number snafu should never happen.
http://bugzilla.mozilla.org/buglist.cgi?bug_id=25
IE catches shit for 2 out of the 4 bugs.
libpng buffer overflow - a lot of bitching goes on around here with regards to "OH M$ EVEN HAD AN OVERFLOW IN BMP HANDLING IN IE!!!"
null (%00) in filename fakes extension (ftp, file) - Variation of this got IE in trouble...
While this is not a showstopper, can somebody explain me why Firefox for mac ever since 0.7 has a problem with Expose feature? IE one can se a small window attached to the main window?
Also, why is it we cannot search the bookmarks in the sidebar wihtout crashinf the whole application?
Small annoyances but we are getting awfully close to 1.0 and still no sign of improvement.
Safari is catching up in terms of speed and is looking ever more appealing!
Artificial intelligence is no match for natural stupidity
249004 Importing false CA certificate leading to error -8182 (pe...
# False certificates aren't really an exploit
250906 null (%00) in filename fakes extension (ftp, file)
# fake extense aren't exploits
251381 new libpng buffer overflow vulnerabilities
# okay that is an exploit
253121 lock icon and certificates spoofable with onunload docume...
# that is not an exploit either
I think they should be more like bugs. I think Mozilla is just trying to play it safe. Ironically by them "being up front" they may end up driving people away from the browser...
--Joey
I downloaded the linux installer version (firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.g z)ked from the Firefox page and itself seems to have a little bug:
** (firefox-installer-bin:3120): WARNING **: Invalid UTF8 string passed to pango_layout_set_text()
It winds up with an incomplete installation. However, if you just download the gzipped tarball without the installer from here and untar it over your old firefox directory you should be just fine.
"The 4MB size of the complete Mozilla browser is smaller than many of Microsoft's IE updates have been."
Maybe version updates. However, most IE fixes are a couple of hundred K. Right now, I have a cumilative update that's 2.8 meg that fixes a small handful of things. What you're suggesting would require a 4 megabyte download just to fix a typo in the credits.
"So, while you may have to re-download the whole browser, the actual file size is still smaller."
This would only be true under strange scheduling circumstances. On top of that, IE updates don't require an uninstall.
I easily prefer Firefox to IE, but this statement is misleading in a couple of different directions. Microsoft definitely has Mozilla beat when it comes to the efficiency of updates like this, whether you focus on just the size of the file or if you expand that out to the total end user experience.
"Derp de derp."
i wonder if the people who uncovered these bugs qualified for the $500 payment or if it contributed to them being found.
Not on Gentoo, you insensitive clod!
Maybe if you add together all the small IE updates, it totals more than 4mb at Windows Update.
I can download and install the full Mozilla package faster than I can reboot my computer every time there's an Internet Explorer patch.
That puts Mozilla ahead of IE, at least in my book. :)
The new Mozilla Firefox release fixes four security problems and all the other bugs that have been fixed in the aviary branch. Microsoft, on the other hand, hasn't published fixes to IE's layout engine since 2001.
Well, I guess bigger download speeds = bigger penis. I got it at 1120KB/S..
^^
Prior to 0.9, Firefox was only being updated ever few weeks, with each release holding many fixes since the last release. I think the increase in releases has mainly been due to the fact that in the last month or so the user base of Firefox has gone up dramatically.
I am sure this has put a lot more stress on the Firefox dev team because now people are starting to rely on their browser to be as good as IE and with whole organisations now looking at using Firefox over IE, the pressure must really be on to make sure it lives up to expectations.
Once Firefox hits version 1.0, people will get real shitty if it has bugs and security flaws, so the more they fix during 0.9.+ the better. Until then, I am happy to keep downloading it, daily if needed.
What I find odd is that despite this release being focused on patching security vulnerabilities there's no noticable mention on the web site of the importance of this update. I leave my home page set to the FireFox page in hopes that there will be a clear message saying if there's a need to upgrade, but the page itself only says 0.9 -- and I'm fairly confident that the average user isn't going to figure out the difference from the front page (which now says 0.9.3, but how many users are aware of what version they're using?) It wasn't until I read slashdot that I was made aware of the release of this security update, and who knows if something could have happened since then?
While I don't expect a windowsupdate.com for Mozilla, being that a main criticism of users is their failure to keep software updated why don't the developers make it more clear that an update is even present?
I noticed 0.9.3 doesn't fix the UI Spoof using XUL mentioned a few days ago... Could this mean what I think it means....
Yes.... FireFox is your father.
During the recent Ject issue, I looked into trying to rip out IE. I have like 120 machines to look after, I don't have the money to active directory, and I have certain limits. I'll use psexec but even so, its a long tedius job maintaining 120 machines.
:shell: made me rather glad I had'nt committed a massive workload in the name of switching to a new bugwridden, secuirty glitched browser.
Now, getting back to IE, yes, I did look at ripping it out. Not so easy on XP Pro as any user who signs in gets linked to the program in default. I could banjax the progam directory, and stop it being used that way, but if I do that, I believe I can still call windowsupdate.com via an explorer window. I presume however, that anyone using the same method uses the same cuplable browsing that impairs IE. Thus I'm not really solving the problem, just fending it off until the users get smart.
In terms of Mozilla and Firefox, sadly I have to say the security failure regarding
Today, I'm told if I had rolled Mozilla, someone's just committed me to a whole sale re-roll out just because they can't patch, they have to fix it in a new install.
I've said it before, I'll say it again, doing this to me just puts me right off even contemplating it. Next week, watch out, the next Mozilla issue will rear its ugly head.
I sadly have to put aside the OSS/MS stuff, because whatever I put out there has to work, and its not about Ideaology, I do not care about Ideaology. Mozilla is a fine effort, but the security side leaves much to be desired. One is hard pushed to claim that its a quantum leap in browser security.
AdmV
We`re all equal