Firefox 1.0.1 Released

homeobocks writes "Firefox 1.0.1 has been officially released by the Mozilla Foundation, with some important security fixes. An announcement and release notes are available." Presumably this fixes the window injection vulnerabilities.

On this subject

[NoGuffCheck]

Have they released any info on new signups as a result of the Firefox 1.0 NY Times Advert?

Re:On this subject

[PeterPumpkin]

Not really, but it can be figured out from this nice chart.

The ad went out on December 16, 2004.

This is 37 days after the launch of Firefox. If you look to the downloads per day graph, there is a noticable increase afterward.

Re:On this subject

[MikeCapone]

www.spreadFirefox.com and Ada's blog at mozillazine.org have most of the information about Firefox's marketshare and marketing campaigns.

I just installed 1.0.1 and everything seems to be working... Except that they haven't fixed the slashdot rendering bug yet (well, to be fair it's probably slashdot's HTML's fault -- I don't know why they haven't switched to CSS yet. They'd save gigs of bandwidth).

Re:On this subject

[dotgain]

BTW the workaround for the rendering bug you encounter on /. is to increase the size of your text then decrease it again (Ctrl +, Ctrl -).

I dunno if it is a slashdot bug or not. It seems to me that if you can fix it with this workaround, then's it's a Mozilla bug (it does it there, too). Yes they definitely should use CSS, but since it's such an ugly site, it'll probably still look better in lynx.

Re:On this subject

[jrest]

Sorry, but I can't find such an increase. There is a small spike, but not really significant. Also, in the cumulative graph nothing major happens.
In fact, I come to the opposite conclusion: there was no noticable increase afterward.

Re:On this subject

[tehshen]

Or you could use SlashFix. I am using it on 1.0.1 and it is working as good as ever.

The main Slashdot rendering bug fix is going to be released with 1.1. This version 1.0.1 is only a security fix.

Re:On this subject

well, to be fair it's probably slashdot's HTML's fault

Every single time this bug is mentioned, somebody blames it on Slashdot. Every single time, somebody else corrects them. Most of the time there's a reply saying something to the effect of "okay, so it's a bug in Firefox... but it's still Slashdot's fault!". And people continue to post comments like yours.

What is it going to take to convince people that it's a bug in Firefox? Showing them the bugzilla entry doesn't work. Showing them valid HTML that exhibits the same problem doesn't work. Showing them Firefox developers talking about the bug doesn't work. Telling them that it's fixed in current nightlies doesn't work.

Where the hell does this irrational superstition that it's Slashdot's fault come from? And why do you fools continue to post comments like this?

Re:On this subject

[Skater]

Statisticians have a concept called "significance". In this case, we'd compare the number of downloads that week to the average of the previous weeks (excluding the first one since it's the first week of release and so was understandably higher - normally reputable statisticians are loath to throw away data but this time it's the right thing to do). Without running the numbers, by looking at the charts I can tell you that we can't say the downloads that week are significantly higher than previous weeks (I'm a trained professional with several years of experience; please don't try that trick at home).

There's no way to say what would've happened. We could fit a trend to the previous weeks (again excluding the first week) and try to guess (with a huge margin of error), and there might be slight decrease predicted. BUT there are several weeks before the ad where the count jumped back up, too, so I wouldn't be comfortable making any conclusion about a trend from that data.

Re:On this subject

[sepluv]

Except that they haven't fixed the slashdot rendering bug yet

This was fixed in Gecko in May 2004 on the trunk which is used by the latest stable version of Mozilla Suite (but not on the aviary branch which 1.0.1 is still based on. Aviary is now being exhumed back into the trunk, so hopefully, future builds (including releases) will all be based off the trunk (so Gecko fixes will propogate to Firefox).

To fix it in Firefox:

get a recent nightly build--I find them just as stable

just install the Slashfix extension.

BTW the bug only occured sometimes if your machine was fast and it was rendering /. too quickly--you could try reloading--it was a genuine bug as it occured intermittently, but the awful, hoggy, invalid slashcode HTML doesn't help (esp. their use of evil many-nested tables for layout--see the funny and informative Why tables for layout is stupid).

IDN Problems Fixed?

[michaelhood]

From changelog: International Domain Names are now displayed as punycode.

(wiki linkage mine).

Re:IDN Problems Fixed?

[michaelhood]

Did you even read the wiki?

The encoding is applied separately to each component of a domain name which is not representable solely within the ASCII character set, and a reserved prefix 'xn--' is added to the translated Punycode string. For example, bücher becomes bcher-kva in Punycode, and therefore the domain name bücher.ch would be represented as xn--bcher-kva.ch in IDNA.

Compare an ASCII 'punycoded' URL http://xn--tdali-d8a8w.lv/ (http://xn--tdali-d8a8w.lv/) (working) and its full Unicode counterpart that does include Latvian characters with appropriate diacritics: http://tûdaliò.lv (http://t%C5%ABdali%C5%86.lv) punycoded URLs are prefixed with xn-, and look like nonsense to those of us looking at Latin character sets. Look at the difference between those two sample URLs. Which one is easier to train to identify? Do you have a suggestion for a better solution to IDN spoofing concerns?

Re:IDN Problems Fixed?

[typhoonius]

Anyone who's bored can try out the original proof of concept.

In Firefox 1.0, it displays as "http://www.paypal.com/"; in Firefox 1.0.1, it displays as "http://www.xn--pypal-4ve.com/".

Re:IDN Problems Fixed?

[shird]

uhm... it is the use of unicode that causes the problem. Without it, there isnt a problem.

Its because some letters look exactly the same but are effectively different unicode characters that lets you register the same 'looking' address but point it to a different site.

Re:IDN Problems Fixed?

[Rits]

Hush, it's the ascii-reading world that needs protection. Or at least, they decide who needs protection from spoofing...

Mirrors

If the downloads for Firefox become overloaded today/tomorrow, Coral cache mirrors:

http://download.mozilla.org.nyud.net:8090/?product =firefox-1.0.1&os=win&lang=en-US Windows
http://download.mozilla.org.nyud.net:8090/?product =firefox-1.0.1&os=linux&lang=en-US Linux

Re:Mirrors

[iethree]

it would me much more convenient (and probably less bandwidth-intensive) if they allowed us to update Firefox through the built-in update feature.
At least Micro$oft doesnt make you totally re-download IE everytime they patch it.

Re:Mirrors

[PReDiToR]

I did that, I found that Session Saver and Foxy tunes have updates available, but Firefox doesn't.

I guess they haven't put the updates on the server yet?

Screw it, I downloaded the whole thing and it took 20 seconds. I closed FF, Zipped up ProgFiles\MozFF and DocSet\User\AppDat\Moz, installed FF 1.0.1 and loaded it up.

Took less thAn 2 minutes to do all that, I'm updated and no extensions broke.

Pretty cool. Didn't even need a fricken reboot like IE would have.

Re:Mirrors

[joeldixon66]

From Asa's Blog:

"We're still working on some with the application update infrastructure and the installer so for the first few days, we'll only be offering the release via full download at the website and then turning on the automatic update system hopefully sometime next week."

Re:Mirrors

[Myen]

Since you're linking to the en-US version anyway...
BitTorrent links in case the servers really go to crap. (Theirs, not mine)

Re:Mirrors

[Rirath.com]

I installed 1.0.1, then reinstalled 1.0 because I like the Textzoom extension. This hasn't been officially updated to 1.0, but extensionsmirror has a link to a version patched for 1.0 installs.

Since it's not being maintained, I'll probably eventually have to give it up, but I won't for such a minor Firefox update.

Actually, no you don't. Changing extension maxlimits is trival.

- First, find your profile. In Explorer find: %appdata%\Settings\\Application Data\Mozilla\Firefox\Profiles\\extensions

- Second, open Extensions.rdf with notepad, metapad, etc.

- Third, find and replace any of:
em:maxVersion="1.0"
With em:maxVersion="5.0"

And you're good to go. You can put any number you want, but I like 5.0 just to make it easier, especially with nightlies in the past. You could also use about:config to lower your version number, but that could have other side effects. Now, if doing this makes your extension not work because of code changes (rarely) or somehow borks your profile (highly doubtful), use at your own risk. :)

And Extensionsmirror.nl is a great place to find prebumped extensions.

How do I automatically kill history in Firefox?

Let's say someone is finished browsing pr0n for the night and wants to clear the cache, history and cookies automatically on browser exit. Is this possible with Firefox via a setting or script?

Re:How do I automatically kill history in Firefox?

[PReDiToR]

Grab the Kiosk extension from extensionsmirror.nl.

Or you could go to Tools > Options > Privacy > Clear all (under Windows).

Re:How do I automatically kill history in Firefox?

[Bagels]

Set it to accept cookies for current session only, have it remember history for past 0 days. Don't worry about the cache, as IIRC it's encoded such that it only means something to the browser (not left with the same title as the cached webpage item or even its extension).

Yeeehaaa (but...)

[A_Non_Moose]

from tfa:

You can now make links opened by other applications open into a new tab, reuse an existing tab, or open a new window.

Does it play well with Tabbrowser extension?

Usually any app that does this kills off my saved session. (grrrr).

Here's hoping.

And, isn't msi support supposed to be available?
(if it is there I did not see it)

Re:/. rendering

[bunratty]

Firefox 1.0.1 is supposed to have only security and stability fixes. Unless an unstable engineer feels insecure about Slashdot fans complaining about the Slashdot bug, I don't think it'll be fixed until Firefox 1.1.

Re:/. rendering

[damiam]

Oops. On further exploration, I see that it's fixed in the trunk, and the fix will be included in the 1.1 release (I guess must have misread that to say 1.0.1). In the meantime, there's always the SlashFix extension.

Check Updates...

[adam31]

How come it doesn't work in the Options->Advanced->Check for Updates tab?

It says no updates available... Do I need to actually update from the site?

Re:Check Updates...

[asa]

We'll be turning on the application update mechanism starting next week. Given the daunting task of updating all 27+ million people who have downloaded and are using Firefox today, we've elected to stagger the update over several days.

--Asa

Re:Check Updates...

[cshields2]

It will most likely not be staggared for the next release, as we will have a major infrastructure upgrade by then allowing the update service to survive the hit all at once. The staggaring had to be done at this point in time.

Cheers!

Whew!

It's about time they fixed those security issues. I was getting tired of using Internet Explore in the meantime.

Security Fix

[krikat]

Does the security fix remove internet explorer?

OS X-specific fixes?

[moosesocks]

Any word on if this includes fixes for the massive memory leaks in the OS X port? I know they were on track for 1.1, but it's possible they could have made their way into 1.0.1......

Re:seems like only yesterday

[jdkincad]

They removed default compatibility for international domain names. I wonder how much of an impact this will have on foreign adoption of Firefox over IE

None. IIRC they just turned off IDN support, and did not remove it. If someone needs it, the can turn it back on.

IE has no IDN support without third party software, so Firefox is still a better choice if you need IDN support.

This version doesnt fix some new type of popups

Try this site: It shows a sarcastic popup saying "your browser has successfully blocked a popup!" http://www.indianmasala.com/
How insulting!

Actual list of changes

[timealterer]

Here is the full list of changes and related bugs for Firefox 1.0.1.

You'll note that it's quite terse - this is not the 1.1 update from trunk that will get us rendering fixes, etc. that we'll see in June or so. Almost all security fixes here.

Re:seems like only yesterday

[jeffg]

They removed default compatibility for international domain names.

Your statement is misleading.

Support for IDNs is still present, it's just that after inputting a URL using an IDN domain name like http://www.göögle.com/, it is displayed as the punycore representation in the address bar: http://www.xn-ggle-5qaa.com/

The merits of this work around are certainly up for debate (hint: the debate started years ago).

I wonder how much of an impact this will have on foreign adoption of Firefox over IE.

Seeing as no currently shipping version of Microsoft Internet Explorer supports IDNs... you can probably stop wondering. :)

Be kind to the mirrors, use official bittorents!!!

[Jedbro]

Be friendly to the Mozilla.org mirrors, they
have set up an official Bittorent seeder.

-Jed

( http://bittorrent.mozilla.org/ )

Re:But can I upgrade using Software update?

[bersl2]

They are going to enable that in a few days, after those who know about the upgrade have cleared from the servers, lest they be fried.

Re:Is a .0.1 dot release really newsworthy

[homeobocks]

As I mentioned in the story, 1.0.1 contains fixes for 9 security holes, some of which allowed spoofing.

A few bugs in this release

[CaptBubba]

After installing 1.0.1 on WinXP I could not navigate anywhere. Everytime I would hit enter after typing something into the location bar firefox would crash.

I've gone back to 1.0 and there are no problems. here's a link to the windows 1.0 versions in case anyone else similarly needs to revert back.

Re:/. rendering

[gstoddart]

Unless an unstable engineer feels insecure about Slashdot fans complaining about the Slashdot bug

Some of those self-same Slashdot fans are unstable engineers.

Awesome news!

[realmolo]

I'm gonna read about it tomorrow on Slashdot! Or maybe even later tonight!

Bittorrent!

[GarfBond]

Official BT Torrents here!

Now if you're worried about putting too much strain on the Mozilla download servers, use the BT links!

Alternatively, this page lists translations and direct download links

New Download Count?

[Denver_80203]

I would be interesting to see how many people download 1.0.1 over time vs 1.0. Statistically it would be hard to say how many people upgraded, didn't upgrade, first copy of firefox was 1.0.1 but, I would like to see the number seperately.

Good Experience

[CarlinWithers]

It's nice to see so much enthusiasm in the computer world. Personally, I've loved Firefox. It's nice to have the same browser in both Windows and Linux. Got it late (about 2 months ago), but it's done me good. I couldn't go back to non-tabbed browsing and no nested searches window. Also, scanned with ad-aware today. Only two files!!! Both in IE cache from the few times I've had to use IE for ActiveX integrated sites. Used to think 500 was normal. Thanks Firefox, and I expect more good coming from this.

Re:This version doesnt fix some new type of popups

[mrnobo1024]

That's not actually a popup, it's just an image inside an with CSS "position: absolute". There's no way to stop this unfortunately, blocking absolute positioning would screw up a lot of site's layouts.

Re:Too bad it still doesn't fix the RAM problem

But fortunately, I've got 1GB of RAM, and there's barely any spyware, so I'm ok with it now. I just wish I didn't have to put either Dillo for Linux or IE6 on Win98 for those old late Pentium Is / early Pentium IIs I fix up for people in my spare time, since Firefox is a nice browser despite its flaws. Too bad it won't run decently on anything less than a Pentium III with 256MB of RAM.

Do try K-Meleon, as it performs much better than Firefox on older computers. Its RAM usage should be somewhat lower as it doesn't use XUL for the GUI, but still has Gecko underneath.

My computer is 4 years old now and Firefox is not a dream to use as it keeps freezing up for 2 seconds whenever its CPU usage maxes out. K-Meleon is much lighter, though not as pretty ;)

Re:Ah, so this software does have vulnerabilities

[freitasm]

Secondly, FF is NOT faster, despite the FUD that FF zealots like to spread. I've timed both and it takes FF several seconds longer to start up as well as to render a complex page.

Well said... Check previous /. story with browser speed comparison. Opera is faster, but IE is actually faster than Firefox in most operations.

No more mr. Memory Hog

[Daedalon]

Windows users who have problems with Mozilla software (Firefox, Thunderbird or Suite) being too slow or using too much memory and CPU, check out the Moox optimized builds.

One of my friends reported having constantly about 100 MB more free memory after switching to Moox M2 in his Athlon XP. A bit of a warning though: I tried to install original 1.0.1 over Moox M2 1.0, and it now crashes every time I press enter in the URL bar. Now typing in Internet Explorer, I'm anxiously waiting for Moox optimized 1.0.1 builds to come out and solve the situation.

Re:How can I find out?

[IWannaBeAnAC]

Wow. This statement epitomizes everything that has gone wrong with slashdot!

Re:This version doesnt fix some new type of popups

[mcc]

That's, um, not exactly a popup. That's a picture of a windows popup, in the webpage itself.

Somehow the illusion is less convincing when you use a Macintosh and you find yourself looking at a Windows XP window border...

Re:STILL GETTING POPUPS...

[digitalchinky]

Seriously, you need to spend a little more quiet time with google. +firefox +popup +blocking +tutorial

It's not hard. I see nothing except for the odd tiny fraction of css crap.

Fix it yourself because - 'they' - will never hold your hand until it works just nice and peachy the way you personally want.

If a site you like has more advertising than actual content, then maybe you need to go elsewhere. The net is a pretty big place, apparantly with lots of duplication...

Here is an example.

[maotx]

Here is an example how Firefox 1.0.1 shows IDN names.*
Click the Fake and Real link to see the difference.

The Fake site will not work with Internet Exporer with the latest service pack.

*Requires Firefox 1.0.1

Re:I'm excited

[tritonic]

True, some people seem a bit worried that Slashdot.org is turning into FireFoxNews.org. But I'm with you

Remember that it's not just one geek-friendly browser we're talking about here - the future of the entire internet's at stake. The popularity of this one browser could be the only thing that prevents the web turning into a microsoft-dominated proprietary system a few years down the line, destroying any chance linux might have had on desktop machines.

And if that's not an exciting and important Slashdot story, I don't know what is.

Re:Change Log

Firstly, don't plagarise. Cite your sources. Your list is an exact copy of http://www.squarefree.com/burningedge/releases/1.1 .html.

Secondly, if you do plagarise, make sure you steal the right frigging document! You posted a changelog for the not-yet-released Firefox 1.1. This is Firefox 1.0.1. Its changelog can be found at http://www.squarefree.com/burningedge/releases/1.0 .1.html.

Doesn't require 1.0.1

[Theatetus]

Actually you don't need 1.0.1 to see how it works; spoofstick on 1.0 displays the bogus URL as xn--blah-blah-blah...

Porn browsing tips for firefox =D

[H3g3m0n]

You can also simply set the number of days in the History option under privacy to 0. An even better idea is to start firefox with the -profilemanager commandline paramater, create a special profile called somthing such as "noprofile", and set all the cache, history, cookies etc... to not be stored. You can then make a script/shortcut file that runs "firefox -profile noprofile" which will load that profile.

You can do things such as put an obviouly diffrent skin on it to make sure you arn't running the wrong profile and install flashgot to allow you to grab entire image/movie gallerys.

You can have a custom adblock filter list to remove nonrelevant images such as those backgrounds, banners and image borders that sites have which slows down your browsing.

Under linux I have everything setup to use an highly encrypted filesystem so nothing can be accessed without the password, if you have your images, firefox profile, and its starting script in there then noone will beable to find anything also because its encrypted and only accessable by you, you can leave the history to be saved and create bookmarks etc. Just remember to unmount the filesystem and clear the loopback device.

Re:Too bad it still doesn't fix the RAM problem

[kawaichan]

yes you can.

go to -> Windows Task Manager -> view -> select column -> check virtual memory size

Re:Be kind to the mirrors, use official bittorents

[trawg]

I've been seeding these for about 1/2 hour with only 30mb uploaded (--max_uploads 100) - I'm sure there's a lot of people seeding, but it would have been great to see a link to the BitTorrent mirror page in the news post to spare the mirrors. I can't figure out why more slashdot news posts aren't edited when there is a BitTorrent link added for the content referred to in the item (especially when its an official torrent provided by the content creators!)

Re:Firefox sucks

[billmustdie]

by Anonymous Coward on Thursday February 24, @10:35PM (#11773968) Firefox Sucks! It's so slow to load. Much slower than IE. It doesn't even render pages properly. IE has always been perfect. What's this about Firefox vulnerabilities? IE with SP2 is much safer. Who uses Firefox? Only Linux zealots, hippies, and Mac users. Real computer users use IE. Us real computer users that actually have jobs will not deal with third-class software like Firefox. The moderating system did not hinder me from posting this. -Computer Expert.

Rofl
Who comes up with this stuff?

Re:Be kind to the mirrors, use official bittorents

[kinema]

As Bittorrent has become so popular one has to wonder why FF doesn't support it natively or via plug-in as a download method.

about:cache

[cheekyboy]

Memory cache device

Number of entries: 208
Maximum storage size: 31744 KiB
Storage in use: 7436 KiB
Inactive storage: 7127 KiB

List Cache Entries
Disk cache device

Number of entries: 312
Maximum storage size: 50000 KiB
Storage in use: 18025 KiB
Cache Directory: C:\Documents and Settings\Development\Application Data\Mozilla\Firefox\Profiles\fd8vwgvl.default\Cac he

Spoiler

[CowsAnonymous]

Just so you know, if you're going to reinstall from scratch, I already read the EULA and no; there's no $1000 prize.

Re:Slashdot bug?

[VargrX]

If your using Ad-Block, there's a very easy way to fix this - add

http://images.slashdot.org/pix.gif

to your block list and the problem go's away.

I would imagine that this could also be added to a proxy easily enough also.