Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 1.0.1 Released

Posted by CowboyNeal on from the new-and-improved dept.

homeobocks writes "Firefox 1.0.1 has been officially released by the Mozilla Foundation, with some important security fixes. An announcement and release notes are available." Presumably this fixes the window injection vulnerabilities.

38 of 617 comments (clear)

  1. IDN Problems Fixed? by michaelhood · · Score: 5, Informative

    From changelog: International Domain Names are now displayed as punycode.

    (wiki linkage mine).

    1. Re:IDN Problems Fixed? by michaelhood · · Score: 3, Informative

      Did you even read the wiki?

      The encoding is applied separately to each component of a domain name which is not representable solely within the ASCII character set, and a reserved prefix 'xn--' is added to the translated Punycode string. For example, bücher becomes bcher-kva in Punycode, and therefore the domain name bücher.ch would be represented as xn--bcher-kva.ch in IDNA.

      Compare an ASCII 'punycoded' URL http://xn--tdali-d8a8w.lv/ (http://xn--tdali-d8a8w.lv/) (working) and its full Unicode counterpart that does include Latvian characters with appropriate diacritics: http://tûdaliò.lv (http://t%C5%ABdali%C5%86.lv) punycoded URLs are prefixed with xn-, and look like nonsense to those of us looking at Latin character sets. Look at the difference between those two sample URLs. Which one is easier to train to identify? Do you have a suggestion for a better solution to IDN spoofing concerns?

    2. Re:IDN Problems Fixed? by typhoonius · · Score: 5, Informative

      Anyone who's bored can try out the original proof of concept.

      In Firefox 1.0, it displays as "http://www.paypal.com/"; in Firefox 1.0.1, it displays as "http://www.xn--pypal-4ve.com/".

    3. Re:IDN Problems Fixed? by shird · · Score: 3, Informative

      uhm... it is the use of unicode that causes the problem. Without it, there isnt a problem.

      Its because some letters look exactly the same but are effectively different unicode characters that lets you register the same 'looking' address but point it to a different site.

      --
      I.O.U One Sig.
  2. Mirrors by Anonymous Coward · · Score: 5, Informative

    If the downloads for Firefox become overloaded today/tomorrow, Coral cache mirrors:

    http://download.mozilla.org.nyud.net:8090/?product =firefox-1.0.1&os=win&lang=en-US Windows
    http://download.mozilla.org.nyud.net:8090/?product =firefox-1.0.1&os=linux&lang=en-US Linux

    1. Re:Mirrors by joeldixon66 · · Score: 5, Informative

      From Asa's Blog:

      "We're still working on some with the application update infrastructure and the installer so for the first few days, we'll only be offering the release via full download at the website and then turning on the automatic update system hopefully sometime next week."

    2. Re:Mirrors by Myen · · Score: 5, Informative

      Since you're linking to the en-US version anyway...
      BitTorrent links in case the servers really go to crap. (Theirs, not mine)

    3. Re:Mirrors by Rirath.com · · Score: 5, Informative

      I installed 1.0.1, then reinstalled 1.0 because I like the Textzoom extension. This hasn't been officially updated to 1.0, but extensionsmirror has a link to a version patched for 1.0 installs.

      Since it's not being maintained, I'll probably eventually have to give it up, but I won't for such a minor Firefox update.

      Actually, no you don't. Changing extension maxlimits is trival.

      - First, find your profile. In Explorer find: %appdata%\Settings\\Application Data\Mozilla\Firefox\Profiles\\extensions

      - Second, open Extensions.rdf with notepad, metapad, etc.

      - Third, find and replace any of:
      em:maxVersion="1.0"
      With em:maxVersion="5.0"

      And you're good to go. You can put any number you want, but I like 5.0 just to make it easier, especially with nightlies in the past. You could also use about:config to lower your version number, but that could have other side effects. Now, if doing this makes your extension not work because of code changes (rarely) or somehow borks your profile (highly doubtful), use at your own risk. :)

      And Extensionsmirror.nl is a great place to find prebumped extensions.

  3. Re:/. rendering by damiam · · Score: 4, Informative

    Oops. On further exploration, I see that it's fixed in the trunk, and the fix will be included in the 1.1 release (I guess must have misread that to say 1.0.1). In the meantime, there's always the SlashFix extension.

    --
    It's hard to be religious when certain people are never incinerated by bolts of lightning.
  4. OS X-specific fixes? by moosesocks · · Score: 4, Informative

    Any word on if this includes fixes for the massive memory leaks in the OS X port? I know they were on track for 1.1, but it's possible they could have made their way into 1.0.1......

    --
    -- If you try to fail and succeed, which have you done? - Uli's moose
  5. Re:Check Updates... by asa · · Score: 5, Informative

    We'll be turning on the application update mechanism starting next week. Given the daunting task of updating all 27+ million people who have downloaded and are using Firefox today, we've elected to stagger the update over several days.

    --Asa

  6. Re:seems like only yesterday by jdkincad · · Score: 4, Informative

    They removed default compatibility for international domain names. I wonder how much of an impact this will have on foreign adoption of Firefox over IE

    None. IIRC they just turned off IDN support, and did not remove it. If someone needs it, the can turn it back on.

    IE has no IDN support without third party software, so Firefox is still a better choice if you need IDN support.

    --
    The great advantage of having a reputation for being stupid: People are less suspicious of you.
  7. Actual list of changes by timealterer · · Score: 4, Informative

    Here is the full list of changes and related bugs for Firefox 1.0.1.

    You'll note that it's quite terse - this is not the 1.1 update from trunk that will get us rendering fixes, etc. that we'll see in June or so. Almost all security fixes here.

    --
    - Allen Pike
    Altering time, one time at a time.
  8. Re:seems like only yesterday by jeffg · · Score: 4, Informative
    They removed default compatibility for international domain names.

    Your statement is misleading.

    Support for IDNs is still present, it's just that after inputting a URL using an IDN domain name like http://www.göögle.com/, it is displayed as the punycore representation in the address bar: http://www.xn-ggle-5qaa.com/

    The merits of this work around are certainly up for debate (hint: the debate started years ago).

    I wonder how much of an impact this will have on foreign adoption of Firefox over IE.
    Seeing as no currently shipping version of Microsoft Internet Explorer supports IDNs... you can probably stop wondering. :)
  9. Be kind to the mirrors, use official bittorents!!! by Jedbro · · Score: 5, Informative

    Be friendly to the Mozilla.org mirrors, they
    have set up an official Bittorent seeder.

    -Jed

    ( http://bittorrent.mozilla.org/ )

  10. Re:But can I upgrade using Software update? by bersl2 · · Score: 4, Informative

    They are going to enable that in a few days, after those who know about the upgrade have cleared from the servers, lest they be fried.

  11. Re:Is a .0.1 dot release really newsworthy by homeobocks · · Score: 3, Informative

    As I mentioned in the story, 1.0.1 contains fixes for 9 security holes, some of which allowed spoofing.

    --
    MOUNT TAPE U1439 ON B3, NO RING
  12. A few bugs in this release by CaptBubba · · Score: 4, Informative
    After installing 1.0.1 on WinXP I could not navigate anywhere. Everytime I would hit enter after typing something into the location bar firefox would crash.

    I've gone back to 1.0 and there are no problems. here's a link to the windows 1.0 versions in case anyone else similarly needs to revert back.

  13. Re:How do I automatically kill history in Firefox? by PReDiToR · · Score: 5, Informative

    Grab the Kiosk extension from extensionsmirror.nl.

    Or you could go to Tools > Options > Privacy > Clear all (under Windows).

    --

    Do not meddle in the affairs of geeks for they are subtle and quick to anger
  14. Bittorrent! by GarfBond · · Score: 4, Informative
    Official BT Torrents here!

    Now if you're worried about putting too much strain on the Mozilla download servers, use the BT links!

    Alternatively, this page lists translations and direct download links

  15. Re:Check Updates... by cshields2 · · Score: 5, Informative

    It will most likely not be staggared for the next release, as we will have a major infrastructure upgrade by then allowing the update service to survive the hit all at once. The staggaring had to be done at this point in time.

    Cheers!

  16. Re:This version doesnt fix some new type of popups by mrnobo1024 · · Score: 3, Informative

    That's not actually a popup, it's just an image inside an with CSS "position: absolute". There's no way to stop this unfortunately, blocking absolute positioning would screw up a lot of site's layouts.

  17. Re:Too bad it still doesn't fix the RAM problem by Anonymous Coward · · Score: 3, Informative
    But fortunately, I've got 1GB of RAM, and there's barely any spyware, so I'm ok with it now. I just wish I didn't have to put either Dillo for Linux or IE6 on Win98 for those old late Pentium Is / early Pentium IIs I fix up for people in my spare time, since Firefox is a nice browser despite its flaws. Too bad it won't run decently on anything less than a Pentium III with 256MB of RAM.
    Do try K-Meleon, as it performs much better than Firefox on older computers. Its RAM usage should be somewhat lower as it doesn't use XUL for the GUI, but still has Gecko underneath.

    My computer is 4 years old now and Firefox is not a dream to use as it keeps freezing up for 2 seconds whenever its CPU usage maxes out. K-Meleon is much lighter, though not as pretty ;)
  18. Re:Ah, so this software does have vulnerabilities by freitasm · · Score: 3, Informative

    Secondly, FF is NOT faster, despite the FUD that FF zealots like to spread. I've timed both and it takes FF several seconds longer to start up as well as to render a complex page.

    Well said... Check previous /. story with browser speed comparison. Opera is faster, but IE is actually faster than Firefox in most operations.

  19. No more mr. Memory Hog by Daedalon · · Score: 5, Informative

    Windows users who have problems with Mozilla software (Firefox, Thunderbird or Suite) being too slow or using too much memory and CPU, check out the Moox optimized builds.

    One of my friends reported having constantly about 100 MB more free memory after switching to Moox M2 in his Athlon XP. A bit of a warning though: I tried to install original 1.0.1 over Moox M2 1.0, and it now crashes every time I press enter in the URL bar. Now typing in Internet Explorer, I'm anxiously waiting for Moox optimized 1.0.1 builds to come out and solve the situation.

  20. Re:How do I automatically kill history in Firefox? by Bagels · · Score: 4, Informative

    Set it to accept cookies for current session only, have it remember history for past 0 days. Don't worry about the cache, as IIRC it's encoded such that it only means something to the browser (not left with the same title as the cached webpage item or even its extension).

    --
    --- Bwah?
  21. Re:STILL GETTING POPUPS... by digitalchinky · · Score: 3, Informative

    Seriously, you need to spend a little more quiet time with google. +firefox +popup +blocking +tutorial

    It's not hard. I see nothing except for the odd tiny fraction of css crap.

    Fix it yourself because - 'they' - will never hold your hand until it works just nice and peachy the way you personally want.

    If a site you like has more advertising than actual content, then maybe you need to go elsewhere. The net is a pretty big place, apparantly with lots of duplication...

  22. Here is an example. by maotx · · Score: 4, Informative

    Here is an example how Firefox 1.0.1 shows IDN names.*
    Click the Fake and Real link to see the difference.

    The Fake site will not work with Internet Exporer with the latest service pack.

    *Requires Firefox 1.0.1

    --
    I'm a virgo and on Slashdot. Coincidence? Yes.
  23. Re:Change Log by Anonymous Coward · · Score: 5, Informative

    Firstly, don't plagarise. Cite your sources. Your list is an exact copy of http://www.squarefree.com/burningedge/releases/1.1 .html.

    Secondly, if you do plagarise, make sure you steal the right frigging document! You posted a changelog for the not-yet-released Firefox 1.1. This is Firefox 1.0.1. Its changelog can be found at http://www.squarefree.com/burningedge/releases/1.0 .1.html.

  24. Doesn't require 1.0.1 by Theatetus · · Score: 4, Informative

    Actually you don't need 1.0.1 to see how it works; spoofstick on 1.0 displays the bogus URL as xn--blah-blah-blah...

    --
    All's true that is mistrusted
  25. Re:Too bad it still doesn't fix the RAM problem by kawaichan · · Score: 3, Informative

    yes you can.

    go to -> Windows Task Manager -> view -> select column -> check virtual memory size

    --

    kawai
  26. Re:On this subject by PeterPumpkin · · Score: 4, Informative

    Not really, but it can be figured out from this nice chart.

    The ad went out on December 16, 2004.

    This is 37 days after the launch of Firefox. If you look to the downloads per day graph, there is a noticable increase afterward.

  27. about:cache by cheekyboy · · Score: 3, Informative

    Memory cache device

    Number of entries: 208
    Maximum storage size: 31744 KiB
    Storage in use: 7436 KiB
    Inactive storage: 7127 KiB

    List Cache Entries
    Disk cache device

    Number of entries: 312
    Maximum storage size: 50000 KiB
    Storage in use: 18025 KiB
    Cache Directory: C:\Documents and Settings\Development\Application Data\Mozilla\Firefox\Profiles\fd8vwgvl.default\Cac he

    --
    Liberty freedom are no1, not dicks in suits.
  28. Re:On this subject by MikeCapone · · Score: 4, Informative

    www.spreadFirefox.com and Ada's blog at mozillazine.org have most of the information about Firefox's marketshare and marketing campaigns.

    I just installed 1.0.1 and everything seems to be working... Except that they haven't fixed the slashdot rendering bug yet (well, to be fair it's probably slashdot's HTML's fault -- I don't know why they haven't switched to CSS yet. They'd save gigs of bandwidth).

    --
    Treehugger? Treehugger... Treehugger!
  29. Re:On this subject by dotgain · · Score: 5, Informative
    BTW the workaround for the rendering bug you encounter on /. is to increase the size of your text then decrease it again (Ctrl +, Ctrl -).

    I dunno if it is a slashdot bug or not. It seems to me that if you can fix it with this workaround, then's it's a Mozilla bug (it does it there, too). Yes they definitely should use CSS, but since it's such an ugly site, it'll probably still look better in lynx.

  30. Re:On this subject by tehshen · · Score: 4, Informative

    Or you could use SlashFix. I am using it on 1.0.1 and it is working as good as ever.

    The main Slashdot rendering bug fix is going to be released with 1.1. This version 1.0.1 is only a security fix.

    --
    Guy asked me for a quarter for a cup of coffee. So I bit him.
  31. Re:Slashdot bug? by VargrX · · Score: 3, Informative
    If your using Ad-Block, there's a very easy way to fix this - add
    http://images.slashdot.org/pix.gif
    to your block list and the problem go's away.

    I would imagine that this could also be added to a proxy easily enough also.

    --
    Sometimes people just have to learn and adapt to change, it is one of the requirements of being a living thing.
  32. Re:On this subject by sepluv · · Score: 4, Informative
    Except that they haven't fixed the slashdot rendering bug yet

    This was fixed in Gecko in May 2004 on the trunk which is used by the latest stable version of Mozilla Suite (but not on the aviary branch which 1.0.1 is still based on. Aviary is now being exhumed back into the trunk, so hopefully, future builds (including releases) will all be based off the trunk (so Gecko fixes will propogate to Firefox).

    To fix it in Firefox:

    get a recent nightly build--I find them just as stable

    just install the Slashfix extension.

    BTW the bug only occured sometimes if your machine was fast and it was rendering /. too quickly--you could try reloading--it was a genuine bug as it occured intermittently, but the awful, hoggy, invalid slashcode HTML doesn't help (esp. their use of evil many-nested tables for layout--see the funny and informative Why tables for layout is stupid).

    --
    Joe Llywelyn Griffith Blakesley
    [This post is in the public domain (copyright-free) unless otherwise stated]