Firefox Updated to 1.0.4

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

Update process...

[sznupi]

yes, I know the arguments behind it...but it would be relly nice if update didn't involve simply downloading installer (on mine 128kbps it's so so...and on slower?)

Re:Update process...

[iamjoltman]

I believe that a patch update system will be implemented starting with Firefox 1.1

Re:Update process...

[cyways]

How about just including an Update entry somewhere in the menus? As far as I can tell, there's no menu item or icon that automatically takes you to an update site or checks to see if an update is available. My 1.0.3 version running on Windows didn't display the update icon this morning, so I eventually clicked on the circle icon to go to the Firefox home page. Guess what? No mention of an update there, or any link to the downloads page either.

Re:Update process...

[hostyle]

Tools > Options > Advanced

Re:Update process...

[88NoSoup4U88]

So can you tell me what the argument(s) behind it are ?

I find it very strange that the people I have converted (mostly not too tech-savvy) to using Firefox, still have to make re-installs themselves.

Re:Update process...

[barryman_5000]

Reading some of the blogs on planet.mozilla.org states just that. Lots of tiny nifty features are supposedly going to be making it into 1.1 (the back/forward cache should make my 1 sec wait non-existent now!).

Re:Update process...

[sznupi]

I was most often told that it's because of multitude of different compile versions in existence, likely causing borked updates.

Re:Update process...

[Rauser]

Also, if you notice a small green or red arrow icon in the upper left corner of the window (next to the Firefox homepage icon) you can just click on that arrow to launch the Firefox Update process.

Re:Update process...

[Curtman]

I hope jar signing becomes easier to do. It would be very nice to have a bittorrent extension to fetch updates from whoever signed them. (which would probably be whoever compiled them)

Re:Update process...

[slaad]

Don't forget that half their extensions will need to be reinstalled as well.

Re:Update process...

It's a fuckin RC release you morrons.
Wake me up when the Gold code is released.

Re:Update process...

[thesp]

Autoupdate also STILL doesn't play nice with non-Administrator (read non-root) users in WinXp

Re:Update process...

[masklinn]

I haven't had to reinstall an extension for a long time.

Didn't you know that the "Check for updates" works for extensions?

Re:Update process...

Nor should it or could it. Non administrators should not be able to install new programs and definitely should not be able to modify existing programs. Or change the default browser. The only way it would ever play nice is if Windows got even less secure...And we can only hope that doesn't happen.

Re:Update process...

[zerocool^]

Found this on the FTP Site. Didn't use it myself... maybe it'll solve the problem.

ftp://ftp.mozilla.org/pub/mozilla.org/firefox/rele ases/1.0.4/update/win32/en-US/

Re:Update process...

[ArmorFiend]

I find it very strange that the people I have converted (mostly not too tech-savvy) to using Firefox, still have to make re-installs themselves. No, apt-get upgrade catches it automatically. I'm not sure how the propritary OSes handle it. It would be nice if windows update automatically upgraded your firefox for you, but somehow I'm not holding my breath.

Re:Update process...

[sik0fewl]

Which, of course, means we can't use the new update system until we upgrade to 1.1.1. I sure hope 1.1 is full of holes so we can try it out right away :)

Re:Update process...

[E+IS+mC(Square)]

Aren't non-administrator account and install thing mutually exclusive?

Re:Update process...

[codeheed]

who really cares another update another month.

Re:Update process...

[satanami69]

While I also find your comment funny, why would 1.1 be restricted fom updating from 1.0.4?

Re:Update process...

[sik0fewl]

It wouldn't, but we wouldn't be able to try the *new* update system until we upgrade to 1.1 (with the new update system) and *then* get 1.1.1.

Quick and serious on security

[xiando]

These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!

Re:Quick and serious on security

[portwojc]

Yes excellent work.

Hopefully the mainstream news sources I saw will report this just as they reported the problem. I'm not holding my breath though.

Re:Quick and serious on security

[MoogMan]

But, on the flip side, it does show a lack of a security auditing process. This will be needed inevitably...

Re:Quick and serious on security

Let's hope that Firefox users are quick and serious about security as well. Now that there are millions of Firefox installations out there, chances are many belong to users who don't care much about updating every major software on their computer every few weeks.

Re:Quick and serious on security

[hkmwbz]

"These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work!"

If I am not mistaken, they have been working on this for longer than that. Some moron announced the flaws while Mozilla were busy fixing them, thereby putting users at risk.

So I don't think they actually fixed it and got a release out in three days.

Re:Quick and serious on security

What, do you think security audits catch every problem?

Re:Quick and serious on security

[CaymanIslandCarpedie]

We can only dream ;-)

They don't get advertisers by saying "you are safe". All they are interested in is headlines like "A new insideous threat could be killing all your children today! Tune in tonight to hear all about it."

Re:Quick and serious on security

[alib001]

Sayeth the Ziff Davis e-mail:

Firefox Web Browser Under Attack

Major security flaws just uncovered in the popular Firefox browser have its creators rushing to fill the gaps. The vulnerabilities are called "extremely critical" and were leaked to the Web a few days ago. Ouch. For details on what the problem entails, and where to find the patches, check out our story. Firefox may be good, but it's not perfect!

And the linked to story Zero-Day Firefox Exploit Sends Mozilla Scrambling

'Mozilla's public acknowledgement of the vulnerabilities includes a chilling warning that an attacker could combine the flaws to execute malicious code without user interaction.'

Chilling. Hmmm.

Re:Quick and serious on security

[ninja_assault_kitten]

Uhm, no. These were disclosed publicly on Monday. Public and private disclosure are two very different things. I know for a fact that Mozilla was aware of these flaws at least 7 days before they went public.

Re:Quick and serious on security

Some moron announced the flaws while Mozilla were busy fixing them, thereby putting users at risk.

Don't you mean: "some moron released software with serious security holes in it, putting users at risk"?

Why do people *accept* crappy software in the first place?

Re:Quick and serious on security

[RayTardo]

It's called Karma-whoring.

Re:Quick and serious on security

[daern]

These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!

Yes, yes, very good.

Coming from a corporate background, however, I should point out that it's not enough that an update should be available quickly, but that the update should have been fully regression tested against all scenarios. If you ask Microsoft, it's this testing that invariably delays the releases of their patches and this is also one of the reasons why they've moved to the "patch Tuesday" model.

Remember that if you have a potential DOS vulnerability (as an example) that is patched with a dodgy patch that kills the application, you'll have just succeeded in doing what hundreds of script kiddies try and do all day...but all by yourself :-)

I'm not being an apologist for anyone, but do not underestimate the importance of testing and also the importance of knowing that a patch has been tested to the acceptance of Firefox in the wider corporate community, which has seen only small uptakes of Firefox to date...

Re:Quick and serious on security

[IrishWonder]

Let's hope that while fixing the old problems no new problems have been created... We all know how it can be...

Re:Quick and serious on security

[Hungry+Student]

I would've shared your cynicism had I not just logged onto the BBC news website and seen their Latest News ticker show the words "The makers of Firefox say the two flaws in the open source browser have been fixed.", linking to this story of theirs, posted at 17:01BST, 16:01GMT.

A good, accurate followup to their original "Critical flaws found in Firefox" story

Re:Quick and serious on security

[hkmwbz]

""Don't you mean: "some moron released software with serious security holes in it, putting users at risk"?""

Your comment doesn't make sense. The holes were obviously not known when Firefox 1.0 was released. And show me a mainstream browser without a few known security holes in its past. If you are referring to Opera, Opera 8 has not had any holes yet, but it's only been out for a short period of time, and Opera 7 did have a few security flaws.

Re:Quick and serious on security

Now I get it.

1. Post redundant praise about Firefox.
2. Wait a few minutes
3. PROFIT!

Dumb zealots.

"You must be new here!"

Re:Quick and serious on security

[t0x]

the problem with this is the update process itself. a hefty 4MB download is not for every one. and especially the manual installs each time an update is released is very tedious. it would have been better if the browser has an automated update process. even manual install of a patch would suffice but please not a download of the whole installer.

Already upgraded

[Walkiry]

Posting from 1.0.4 right now. Funny thing, after I upgraded and restarted the browser, I still had the "updates available" little red arrow on the top right corner of the browser. After checking for upgrades (and finding none), it's disappeared. Bug? Leftover registry entry or config file from 1.0.3?

Re:Already upgraded

[KlaymenDK]

I had that too, I think it's to do with extentions. When I clicked the arrow (on 104) it complained that an update to Copy Plain Text wasn't available after all.

Re:Already upgraded

[hotdiggitydawg]

I noticed the same thing in 1.0.2 and 1.0.3 too.

Re:Already upgraded

That's happened to me for a few versions now. Bug, I guess.

Re:Already upgraded

[the_raptor]

I had that bug when upgrading to 1.0.3.

Re:Already upgraded

[A+beautiful+mind]

Not related to your syxtem, but if someone is on linux and using debian for example, they disable the update functionality for the browser for the browser itself and allow it for the extensions only. This is to ensure that firefox gets updated by the package manager, in the example's case: apt-get.

It has reportedly sometimes the bad effect that the red update arrow stays red forever.

Re:Already upgraded

[GothicX]

It doesn't updated the version at "about:config"...

Re:Already upgraded

[A+beautiful+mind]

This is what i get why using the net after being 30h without sleep and not using preview.

Sorry folks for the incomprehensiveness.

Re:Already upgraded

Just so you don't feel left not getting the arrow right away:
Go to tools/options/advanced/software updates:

click [Check Now]

Re:Already upgraded

[kbrosnan]

There is a flag variable in about:config 'app.update.updatesAvailable' that gets set to true. The notification would have gone away on its own in about a day when Firefox checked for updates.

Re:Already upgraded

odd, but i don't have a red arrow.

apt-get updates everything for me

Re:Already upgraded

[bdipert]

Has anyone else noticed that Tools->Options->Advanced->Software Update->Check Now under Firefox v1.0.4 results in lots of 'encountered problems' messages for various extensions, messages that didn't exist under Firefox v1.0.3? Ideas why?

Re:Already upgraded

[Sq]

check for updates have the same problems under old 1.0.3... dunno why.

Re:Already upgraded

[coolmadsi]

I would upgrade but i use portable firefox (ironically, its not portable, i can't install anything on my school's network so i just run portable firefox off the network space).

Long story short, i will always have this red arrow for the next few days (until i leave school).

I did try to update with the red arrow but it completely buggered up so i thought it would be best to leave it.

Dude at work

[PlancksCnst]

This guy at work noticed I was using firefox (he's an IE user), and said, slyly, "You know, there's a couple of really bad security holes." Good think FF fixes their holes faster than MS.

Re:Dude at work

Yeah and there's about 20 unpatched vulns in MSIE. What a dork.

Re:Dude at work

[MonoSynth]

You'd better fix a hole quick if you don't have the money to cover your ass....

Re:Dude at work

[UnknowingFool]

Next time respond: "You know IE has 18 open holes. Some of them back from 2003"

Re:Dude at work

[OwlWhacker]

This guy at work noticed I was using firefox (he's an IE user), and said, slyly, "You know, there's a couple of really bad security holes."

That's like somebody seeing you kissing and saying "You can get diseases from that", yet they themselves are in a sexual relationship with somebody who is highly promiscuous with junkies.

Re:Dude at work

Junkies! That's a great idea!

Re:Dude at work

You leave Pamela Anderson out of this!

Re:Dude at work

[Bradee-oh!]

That... wow. That truly made my day. I'm going to start using that one. Post of praise as I have no mod points.

Seriously, thank you for giving my morning a jumpstart. :)

Re:Dude at work

[zerocool^]

Haha.

That guy is my boss.
Here's an email conversation re:firefox. Read from bottom email up, in typical exchange fashion.

"However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser."

-----Original Message-----
From: Will Dunn
Sent: Wednesday, May 11, 2005 8:47 AM
To: All
Subject: RE: [ISN] Firefox suffers first 'extremely critical' security hole

If you use the built-in update feature in firefox, which is enabled by default (the little up-arrow in the top right corner), there's already a temporary fix being pushed down from the modzev group.

Not to mention, you're still more secure than if you use internet explorer - a search on Secunia returns 49 results for firefox, with 29 of those being for firefox 1.x versus 139 for internet explorer, 80 of which are for 6.x and 19 of which are unpatched.

-----Original Message-----
From: [name removed to protect the ignorant]
Sent: Wednesday, May 11, 2005 8:11 AM
To: All
Subject: FW: [ISN] Firefox suffers first 'extremely critical' security hole

-----Original Message-----
From: isn-bounces@attrition.org [mailto:isn-bounces@attrition.org%5D On Behalf Of InfoSec News
Sent: Tuesday, May 10, 2005 3:18 AM
To: isn@attrition.org
Subject: [ISN] Firefox suffers first 'extremely critical' security hole

http://www.techworld.com/security/news/index.cfm?N ewsID=3619

By Matthew Broersma
Techworld
09 May 2005

Firefox has unpatched "extremely critical" security holes and exploit
code is already circulating on the Net, security researchers have
warned.

The two unpatched flaws in the Mozilla browser could allow an attacker
to take control of your system.

A patch is expected shortly, but in the meantime users can protect
themselves by switching off JavaScript. In addition, the Mozilla
Foundation has now made the flaws effectively impossible to exploit by
changes to the server-side download mechanism on the
update.mozilla.org and addons.mozilla.org sites, according to security
experts.

[.....rest of article.....]

Wow. What an ignorant closeminded bastard. This coming from a guy who runs an exchange server and several IIS servers, and had me install, configure, and migrate his DNS from exchange to RedHat on my first two days because he was concerned about security. He's one of those "throw money at it" and "Microsoft is the solution for all problems"

~Will

Re:Dude at work

I was just about to say it's exactly like that!

Vulnerabilities everywhere.

[CABAN]

Next time I try to help a friend out I'm not suggesting firefox. I'm suggesting Netscape! Wwwait.

Re:Vulnerabilities everywhere.

[goldaryn]

I managed to crash Firefox rather spectacularly the other day. I don't remember how, exactly (it was a combination of probably 10 extensions) and I got a Netscape Navigator error dialog before it closed. I'm sure a source browse will show this up, strange though

Many Eyes ?

Do many eyes make bugs shallow - FireFox seems to have had quite a few bugs ?

Re:Many Eyes ?

[ssj_195]

They do, to an extent (but this does not magically prevent a product from *being released* without bugs), and yes it does, just like all software. It's worth noting that most (all?) of these bugs have been found precisely by these eyes that are looking over the code.

Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.

Re:Many Eyes ?

[rah1420]

I kick myself in advance for replying to an AC, but what do you define as "quite a few?" More than IE? How about resolution -- faster than IE?

This sounds suspiciously like flamebait.

hmmm...

[prophetmike]

Firefox 1.0.4 was posted sometime between 11 and 11:30PM last night EST. I got it about 11:40 :D (Yes, geek alert) That aside, with all of these newfound vulnerabilities popping up so often, could Firefox become (later down the line) the new Internet Explorer? May seem highly unlikely now.. but as the New York Lottery says... "Hey, you never know."

Re:hmmm...

[metricmusic]

could Firefox become (later down the line) the new Internet Explorer?

With dominant market share? that would be a joyous moment.

Re:hmmm...

could Firefox become (later down the line) the new Internet Explorer?

Notice they said "fixed"?

Not "it's not a bug, it's a feature".
Not "that hole is purely theoretical".
Not "warning users about a security hole in *our* product that could affect *their* computers is irresponsible"
Not "We haven't confirmed that there is indeed a hole"
Not "We're working on a fix, come back in three months".

Re:hmmm...

[RLW]

Maybe FireFox contains vulnerabilities as numerous as IE. Maybe FireFox is no more secure than IE. Maybe it's even worse in these areas. Even if this is true, FireFox is a better long term solution because the development team is responsive to these issues and is actively engaged in fixing the holes where the viruses get in and keep my system from working. M$FT does not care about you or your system. It wants your wallet now and for all time. For M$FT 'good enough' is the enemy of 'better' and apparently IE is 'good enough'. M$FT says "That's all you need, that's all you deserve. Be quiet and I'll get around to fixing these bits after I've conquered a few more markets. Really."

Re:hmmm...

[CaymanIslandCarpedie]

No. The real issue with IE wasn't the security that were found (this will ALWAYS be the case with ANY software), it was thier lax attitude about fixing the issues.

FireFox right out of the box proved to be a pretty solid browser (they had the chance to learn lessons from those browsers that came before). And when an issue does come up the take it seriously and try to fix it promptly.

I'd not only argue FireFox will never be IE (of a year or two ago), but I'd also bet IE (of today) will never be IE (of a year or two ago). XP SP2 had a lot of fixes and MS$ has been much more both pro-active and reactive about security (thanks to the kick in the pants from FireFox).

Please put down your torches and pitch-forks ;-) I'm not saying IE is as good as FF, just saying MS$ has responded to the challenge and are doing better so I don't think any browser will be as lax as MS$ has been in the past.

That is however one of the issues with MS$. They have soooo much going on, there are times when a product (IE) will be such a low priority these things can happen. Over the last few years MS$ has been working on high-priority tasks like (new VS.NET, new SQL Server, XP SP2, and Longhorn) just to name a few. With those big core company projects happening, IE kind of fell through the cracks since they felt un-touchable in the browser market. Luckily, FireFox came around and woke them up. If you use IE or not, for the good of everyone it is good to see they have woken up a bit and lets hope it never happens again!

Re:hmmm...

[EggyToast]

Nothing is more apparent as proof of Microsoft's "good enough" system than the fact that IE was stuck on version 6 with absolutely no sign of an update... until FireFox came out and started making waves. Now the IE7 news is all "Gates had to reform the IE development group..."

Wait... IE is a major Windows app. Why was there no dedicated development group working on it as a matter of course?

Oh yeah. MS stops important development on applications once they have no competition...

Re:hmmm...

Firefox could be the new IE --only-- IF they start waiting six months to fix a vulnerablilty and only fix it once the problem has become a public and known issue.

Re:hmmm...

11:40? I was still progamming at that time! Geek alert my ass... You haven't even seen a geek (I know that, because I hardly ever go out..)

Re:hmmm...

[prophetmike]

I hardly ever go out myself. I was talking to people on IRC while reading Slashdot and Bink.nu and came across Firefox while doing my every 2 day check to see if any new version of my software is released. I was also finishing my psychology take-home final. I am a Microsoft Windows fanboy... but I use Firefox. I may not be a GEEK... but compared to those my age (18), I certainly would seem like one.

Mozilla Suite updated as well

[iamjoltman]

It should be noted that the Mozilla Suite has also relased an update, 1.7.8.

Re:Mozilla Suite updated as well

[chrae]

It seems that the Mozilla Suite has lost a lot of it's sex appeal. Firefox gets all the attention and Mozilla is the fat friend you gotta be nice to.

Re:Mozilla Suite updated as well

[mat+catastrophe]

But, you know, the fat friend will still love you after the sexy one leaves you for another.

Re:Mozilla Suite updated as well

[deepsky]

Speaking of which -yes I know it's slightly offtopic- what's the future of the suite, aka Mozilla Seamonkey? Some time ago the moz foundation announced there will be no more new release (except bug fixes like this one). Someone announced that Seamonkey will be a new separate open source projects. Any news about this?

Firefox is great but still it looks a bit like "Seamonkey for dummies" to me...

Re:Mozilla Suite updated as well

[Mr.+Underbridge]

It seems that the Mozilla Suite has lost a lot of it's sex appeal. Firefox gets all the attention and Mozilla is the fat friend you gotta be nice to.

Quite an apt analogy, as "fat" is the operative word.

Re:Mozilla Suite updated as well

[mzwaterski]

Sorry about that man...your sexy ex-girlfriend was great last night!

Re:Mozilla Suite updated as well

[ricotest]

Only on Slashdot would this ridiculously inappropriate metaphor be rated Insightful.

Re:Mozilla Suite updated as well

[earthbound+kid]

I dunno, I guess you're just being glib, but to take it overly seriously for a moment, in such cases, there's still a risk in dating someone too far below your league-- if by some random chance someone else above their league falls for them, they'll gladly trade you to move up the ladder. The problem is that in a lot of cases, a less attractive person will end up falling in love with the idea of you instead of the actuality of you. The thought is, "Oh wow, I can't believe someone like that could love me," instead of, "Oh wow, I love these things about him/her." Thus, when some new, more handsome and sexy person comes along, there's nothing tying them to you and specifically you alone except for that fact that prior to now they were unable to date anyone at your level of attractiveness...

Love is a tricky problem, and I've experienced both sides of the attractiveness imbalance. It's never healthy. It might be nice if people could just ignore physical attractiveness in all cases, but don't kid yourself, most of the time the people who say, "looks don't matter" are non-lookers who are upset about being unable to bag more attractive partners.

Re:Mozilla Suite updated as well

[Dolda2000]

Not very strange, is it?

Re:Mozilla Suite updated as well

[novakreo]

Not very strange, is it?

Are you serious?!
It looks like she has flames shooting out her ass and hair growing in all the wrong places.
And the toenails are more than a little creepy.

Re:Mozilla Suite updated as well

[imess]

2 more security problems and we will get mozilla 1.8! yeah!

Re:Mozilla Suite updated as well

[MaDeR]

O my god. This is eerie... I want more peaceful looking manga-foxgirl. :P

One of the reasons i use Firefox.

[Masq666]

This is one of the reasons that i use firefox, they fix the problems right a way. Not many browsers fixes bugs and other security issues this fast.

Re:One of the reasons i use Firefox.

[3terrabyte]

True. True.
I switched to Firefox because I was sick of using IE. Ever since I've switched, AdAware has found ZERO spyware/malware incidents!

To IE's meager defense, I'm sure there might have been a setting somewhere that might have tightened up the holes, but switching to Firefox has been easier. Plus, I'm addicted to the tabbed browing.

Re:One of the reasons i use Firefox.

[Masq666]

The tabbed browsing is pretty addictive, when i use IE i always try to press conrol+t to get a new tab, but it never works. Wonder why..hehe Firefox is maybe not bullet proof but it sure keeps your PC clean from spyware.

Re:One of the reasons i use Firefox.

[man_of_mr_e]

Right away? It's been 10 days since the bug was added to the bugzilla database. 10 days!

Re:One of the reasons i use Firefox.

[spoonyfork]

Ever since I've switched, AdAware has found ZERO spyware/malware incidents!

That is an excellent selling point for FF but the malware issue concerns more than just a browser. (With apologies to Dijkstra) AdAware and the like can be used to show the presence of malware, but never to show their absence.

Re:One of the reasons i use Firefox.

Isn't 10 days still considered "right away", compared to other time frames?

Wheres my arrow?

[kevin_conaway]

I don't have an upgrade arrow yet :P

Re:Wheres my arrow?

[nuremon]

Me neither, plus I found 1.0.3 to be decidedly unstable when compared to every other previous version that I've used (since before 1.0 at least). I think I'm going to wait a day and make sure the important extensions I have don't die again, anyway.

Re:Wheres my arrow?

[michrech]

I don't know this as fact, but I think it is all in what time your browser checks for updates. I can't tell for sure, but I think it is set to do a random check (mayhapps it even checks every so many days and yours is still not showing an update as others are because you installed so many days after they did)...

I dunno..

---
telnet://sinep.gotdns.com -- Telegard BBS -- Enjoy!

Re:Wheres my arrow?

[hotdiggitydawg]

You may be using a version that isn't available yet (eg. British-english, as opposed to American-english). You can force a manual check with "Tools -> Options -> Advanced -> Software Update -> Check Now", if doesn't find any updates then I guess there's non eavailable for your version yet...

Re:Wheres my arrow?

[pebs]

I don't have an upgrade arrow yet :P

Options -> Advanced -> Software Update -> "Check Now" button

Re:Wheres my arrow?

Could be the language you have installed. I noticed there is no 1.0.4 available from British English yet.

http://www.mozilla.org/products/firefox/all

Re:Wheres my arrow?

[DustyShadow]

It would probably be a good idea if they put the check for updates button in a more visible spot, like say the File menu. Maybe then, a novice user would see it and wonder what it was for. I'm sure a lot of people have no idea that software updates are made available.

Re:Wheres my arrow?

[AndroidCat]

I had one, but installing 1.0.4 fixed that. :)

Re:Wheres my arrow?

[greenegg77]

Excuse me sir, please stand by that wall over there. Yes, the one that everybody is pointing their rifles at. Would you like a cigarrette? Don't smoke, eh? Well, it's not like it's going to kill you...

Re:Wheres my arrow?

I expected to see it directly under the Tools menu, not buried under Advanced Options. It should definately be right on the first level of menus.

Re:Wheres my arrow?

v1.0.3 here.. no update arrow, tried Options -> Advanced -> Software Update -> "Check Now" button several times today...

Firefox was not able to find any updates.

Firefox encountered problems when trying to find updates for some items.

Details

Firefox could not check for updates to the following components (either the updates server(s) did not respond, or the update service(s) werenot found)

Firefox(default) ... not that usefull :(

IE still #1 a-ok

With my hardware firewall, and ActiveX disabled I am not afraid to use IE. It's faster and smaller, and renders sites better than Firefox. I do, however, love the WebDeveloper extension for FF.

Re:IE still #1 a-ok

Not being afraid doesn't mean something bad isn't going to happen!

You should disable scripting as well.

Re:IE still #1 a-ok

"I am not afraid to use IE. It's faster and smaller, and renders sites better than Firefox"

OK buddy, put the crack pipe down and nobody gets hurt.

Re:IE still #1 a-ok

You jest but I find your comment spot on.

I have used a software firewall (Zone Alarm) with IE running on XP Home SP2 for the past 6 months.

All I had to do was set ActiveX to always prompt, set the security and privacy to high, refuse cookies (not needed but I hate them) and I have never had a piece of spyware on my system. I still scan for Virus, spyware and adware twice a week with Norton AV, MS anti-spyware, and AdAware.

All this "IE is the Sux04rz" talk makes it very apparent that the people getting infected either have no clue about how to configure a secure computer, or have no scruples on what they click "OK" to.

Then again when some sites says I need to download some ActiveX component to view it I say no and download my warez elsewhere.

Re:IE still #1 a-ok

it doesn't render pages better. unless if you consider things like [margue] and [blink] cool!

Re:IE still #1 a-ok

[goodtim]

With my hardware firewall, and ActiveX disabled I am not afraid to use IE. It's faster and smaller, and renders sites better than Firefox. I do, however, love the WebDeveloper extension for FF.

Just because you aren't afraid of using IE, doesn't mean you shouldn't be. I'm sure most people who's computer is riddled with spyware arn't afraid of using IE either.

Re:IE still #1 a-ok

[finkployd]

All I had to do was set ActiveX to always prompt, set the security and privacy to high, refuse cookies (not needed but I hate them) and I have never had a piece of spyware on my system.

That's all you had to do? It sounds so easy, intuitive even. I mean the first thing anyone using a computer instinctivly knows is that they have to master every obscure setting and learn which ones to change.


All this "IE is the Sux04rz" talk makes it very apparent that the people getting infected either have no clue about how to configure a secure computer, or have no scruples on what they click "OK" to.

Or perhaps they are in the 99% of computer users who do not dig through every config option and research the implications of each to tune their system so that it is usable to browse the web. (I am, but most aren't).

I agree many computer users are frighteningly stupid, but not in this way. I get irritated when things like common sense go out the door when a computer is involved (people who fall for too good to be true email scams and such). However what you described is not by any stretch of the imagination common sense.

Rather than go through all the trouble you described, it is much easier for me to install firefox on friend's and family's PCs and alert them when to update it. Heck, most of them are thrilled with the features like pop up blocking and tabs anyway so for them it is a win win situation.

Finkployd

Re:IE still #1 a-ok

[samael]

I assume that by 'better' you mean 'with more ads, popups and annoying flashing things all over the place.'

Re:IE still #1 a-ok

[Bert64]

Renders sites better? Actually IE renders sites very badly, the fact that some sites depend on ie's buggy rendering is disturbing enough. Firefox will render any site closer to what the site's html/xml code is specifying.
IE doesnt support xhtml atall, and only manages to render an approximation of it when you set the mime type to incorrectly identify it as html.
Also, you are more vulnerable to cross site scripting attacks when using ie.. mozilla will correctly url-encode requests, while ie will not.. therefore when the server returns the data, it will be url-encoded and mozilla won't accept any malicious html tags.. Also mozilla actually supports HTTP (ie doesnt, heres why) and uses the mime-type to work out how it should render a file.. ie on the other hand ignores it (the HTTP rfc 2616 states that any tool supporting http will use the mime type if one is present) so if an error is returned as text/plain and contains html tags, ie will render the html tags (leading to possible malicious code or cross site scripting etc) whereas mozilla will render it as plain text like it should.

Re:IE still #1 a-ok

> With my hardware firewall, and ActiveX disabled I am not afraid to use IE.

That's what I thought, too, until about a year ago.

I caught a trojan on my "good" box - the one I use for online banking. Firewalled behind a hardware NAT router with SPI and with the XP firewall added in for good measure. No pr0n- or warez-sites visits. No e-Mail. All patched up according to Windows Update. I'm the only one who had access to that system. No warezed stuff installed. Antivirus and SSD active and updated.

That was scary.

I stopped using IE right there and then.

Re:IE still #1 a-ok

[The-Bus]

Unfortunately there are some sites where I still need to use IE for work, whether or not I want to. The issue is when I am browsing the internet with IE I feel like a lost tourist driving around the bad part of town with my windows only partially rolled up. Sure, if I am smart I can avoid trouble, but you just never know.

Firefox at least doesn't give me that feeling.

Re:IE still #1 a-ok

That's all you had to do? It sounds so easy, intuitive even. I mean the first thing anyone using a computer instinctivly knows is that they have to master every obscure setting and learn which ones to change.

Heh, that sounds just like way people have to approach Linux. :D

Re:IE still #1 a-ok

[Ath]

All this "IE is the Sux04rz" talk makes it very apparent that the people getting infected either have no clue about how to configure a secure computer, or have no scruples on what they click "OK" to.

Boy, I cannot agree with you more. If you have half a clue, then IE is easy to make secure. I just went into Tools - Internet Options and set the Security policy to Restricted Sites, turned on popup blocking (after I obviously installed SP2), set my Privacy level to High (because everyone except an idiot knows this is how to disable Cookies), and then installed all the hot fixes from MS. If you are too lazy to maintain your software properly then you shouldn't even have a computer. Just get a Mac or something.

It's like all those people who complain about safety problems in cars. My Pinto is safer than almost every car out there. All that with almost zero risk of theft. I strapped some padding onto the rear bumper and put some steel reinforcement plating around the gas tank. There is almost no risk to myself or my passengers of a ruptured fuel tank, all because I took the time to fix an inherent problem in the design of the ... wait .... err ... I gotta go.

Re:IE still #1 a-ok

[WARM3CH]

Well, generally I agree with you. However, when it comes to correctly rendering UTF-8 pages, specially with Arabic characters, firefox has some very well known bugs that have not been fixed now for ages. The most annyoing one is a bug in rendering arabic decimal number: It shows all numbers like 1.4 as 4.1! Of course, IE renders such pages perfectly.

Re:IE still #1 a-ok

Since I am not addressing a forum of ignorant users I say, it is easy to do.

I often install firefox on friends computers when I get tired of the complaints about adware and spyware. I don't think I ever said IE is better then FF or the other way around. I simply said that with the proper knowledge, it is easy to secure.

People talk about it as if it is a door that you can't put a lock on, when in fact it is like every other piece of software in the world, you need to know how to configure it to secure it.

On the same sentiment that you use to bitch about IE I could just as easily bitch about Linux when comparing it to BSD.

As an aside, I find that most spy-ad/ware gets installed by site promoting illegal activities, free porn passwords, warez, game cracks, pirated software, and the like. Does joe user really expect to be safe when he actively seeks out the criminal element of the web. Give me a break. When was the last time a reputable web site installed spyware?

Re:IE still #1 a-ok

[EggyToast]

Imagine a company making a CD-Burning program that spit out a coaster 50% of the time and garbled data, resulting in 20% corrupt files of the "good" 50% discs.

Of course, there were settings you could change that would fix that. They were in Advanced>Settings>Options>Burning>Defaults>Input. You just had to uncheck "Always burn with error correction (may cause some discs to burn slower)" which simply fixed the garbled data, and "Always burn with high-precision laser" (so you don't get coasters). Checking those 2 boxes results in the application working perfectly every time.

Would anyone use that? No! People would laugh it off and comment on just how stupid it is. Why IE gets a free pass for almost the same transgressions is beyond me. Oh, wait, no it isn't -- it's because people started using it years ago and are afraid of changing to something better because it's "different." "I've already got those boxes checked."

Re:IE still #1 a-ok

Oh, shit! Rendering of non-English pages is much more important than preventing my workstation from being ass raped by a malicious page that masquerades as a useful search result...

Just out of curiosity, why would firefox change the order of chars just beacuse the encoding changed? That doesn't make any sense, nor does a Google search turn anything up. If you're the only one with the problem, it's likely not a browser problem...

Re:IE still #1 a-ok

[MoonBuggy]

Once again, it's time for the "-1, Incorrect" moderation.

IE is not faster or smaller overall; it's preloaded and non-removable on Windows, so at least some of the space and memory is taken whether you like it or not. If you're interested, the IE package is several megs larger than the Firefox package on my Mac. While I will concede that the upshot of this is faster start times on Windows, I really don't think that waiting for FF to start is that much trouble (less than 3 seconds on my machine - I can live with that and I can't imagine it's much different on Windows machines).

As for rendering, as others have mentioned, FF is pretty close to W3C valid whereas IE is not even close. Neither are perfect, but in 95% of cases where Firefox doesn't render a page properly it's because that page uses proprietary, non-standard, IE only markup.

Re:IE still #1 a-ok

[WARM3CH]

Oh, shit! Rendering of non-English pages is much more important than preventing my workstation from being ass raped by a malicious page that masquerades as a useful search result...

Did I say that? I was just answering this phrase: "...Firefox will render any site closer to what the site's html/xml code is specifying..."
I just brought one simple example that FireFox sometimes do not render something correctly. You have a problem with that?
I typed my example using latin numbers but the bug is with the arabic numbers (that I could not use corrctly with ./ post editor!). And you are right, the encoding of the page should not change the order of characters. Firfox simply shows such number in arabic "always" with reversed characters round the decimal point!
And before you get angry again, please note that I'm a FireFox user myself, and I know this bug is there and yet I'm continuing to use for OTHER benefits it has.

Re:IE still #1 a-ok

ignorance is bliss. I too can walk down the middle of the busy highway, but eventually I'll get run over and not know what happended. Duh.

Re:IE still #1 a-ok

The grand-parent may have been trolling, but IE really does render some sites better than FF. This is especially true with webpages in most Indian languages. The Unicode standard states that the consonant glyph should be written before the associated vowel glyph, *even if* it appears before. This disambiguation is left to the renderer. IE renders it exactly right, while FF displays the characters in the sequence they were entered, so the vowel glyphs appear after the consonant glyph, making the text unreadable. This is true for all Devanagari-based languages and all Dravidian languages.

Re:IE still #1 a-ok

Better ignore him, he seems to be a troll-fanboy. Just can't accept anything wrong with his brower.

Re:IE still #1 a-ok

[Rallion]

The 'smaller' this is nice, since I noticed a while ago that even with only the download window open, Firefox was using a total of 149MB of RAM. When it gets to be as big as all of Windows, you can no longer claim that the difference is just because IE is part of the OS.

Re:IE still #1 a-ok

[masklinn]

renders sites better than Firefox

I *really* hope you were joking when you wrote that down, because it's one of the most beautiful pieces of bullshit i've read today...
Please do pay a visit to the CSS Zen Garden and compare IE renderings to FF renderings.
the Special Effects Designs are the most interresting ones in terms of IE sucking badly, BTW...

Re:IE still #1 a-ok

Obscure?

There is a fucking CONTROL PANEL icon to change this shit. It is a slider for fucks sake. How much more simple can you get. Want higher security, slide the little fucking bar higher.

It is not like you have to edit a registry setting. It is in plain view, if you are smart enough to look.

After SP2 you can even have a level of security lower then Medium. WTF is your problem.

Jesus fucking christ, what more do you want?

Re:IE still #1 a-ok

[krewemaynard]

I have used a software firewall (Zone Alarm) with IE running on XP Home SP2 for the past 6 months.

All I had to do was set ActiveX to always prompt, set the security and privacy to high, refuse cookies (not needed but I hate them) and I have never had a piece of spyware on my system. I still scan for Virus, spyware and adware twice a week with Norton AV, MS anti-spyware, and AdAware.

this is one of the main reasons i've stopped using windows unless absolutely necessary (and even then the rule is to try VMWare...rebooting is a last resort). i used to make a hobby of updating, scanning, securing, tweaking...uggh! Windows is a high-maintenance OS, and i have grown weary of it.

i use OS X and Linux, as does my wife, and my PCs run hella good. if you wanna spend all your time trying to figure out Security Zones (which i have NEVER fully understood, and i'm no slouch), Privacy Settings, and tracking down some obscure checkbox in a well-buried dialogue box, go right ahead. i'll be using my PC in the meantime.

Re:IE still #1 a-ok

i use OS X.

In that case, I have a new dashboard widget for you to install.

Quess where it is hidden on the net.

Re:IE still #1 a-ok

As opposed to the Firefox solution which is simple.

From the website

Changes were made to the default Mozilla Update site to protect users from these attacks shortly after this attack became public. Users who have added other extension or theme sites to the software installation whitelist should remove them until they have upgraded to a fixed version of Firefox.

1. Select the "Options" dialog from the "Tools" menu
2. Select the "Web Features" icon
3. Click the "Allowed Sites" button on the same line as the "Allow web sites to install software" checkbox
4. Click the "Remove All Sites" button
5. Click "OK"

Disabling Javascript will prevent both attacks.

Re:IE still #1 a-ok

[krewemaynard]

hide it anywhere you want. i'm still using 10.3, and don't have to upgrade to 10.4 anytime soon (although i'm anxious to get a new Mac). i can wait until there's a fix for it, thankyouverymuch.

Re:IE still #1 a-ok

I still use firefox 1.0 preview release, and it only consumes 22 megs.

Re:IE still #1 a-ok

[finkployd]

Jesus fucking christ, what more do you want?

Perhaps for it to come this way be default? Should every computer user assume that every piece of software they touch is insecure by default and needs to be insvestigated and tweaked to be secure? Would it not make more sense to ship it with this setting?

And yes jackass, mucking about with the control panel is obscure to many computer users. I'm sure you wrote your own OS and applications with nothing more than a magnet and some hard disk platters, but not everyone is as smart as you. You would think Microsoft would have figured that out by now.

Finkployd

Re:IE still #1 a-ok

Should every computer user assume that every piece of software they touch is insecure by default and needs to be insvestigated and tweaked to be secure?

Abo-fucking-lutly. Otherwise they deserver what they get. Do you asume you default Linux install is inherently insecure? Wait, you do, you lock it down. Well then jackass perhaps you shoudl expect the saem from others.

or wait, since it is MS are they held to an unachievable standerd.

You are a joke.

Re:IE still #1 a-ok

Sorry - that was supposed to sound amusing rather than angry. Read the first paragraph like it's being sarcastic, maybe? :)

Isn't Arabic read right-to-left, though, making the rendering of numbers "backwards" the sort of correct way? Or is it converting 14.3 to 3.14 rather than 3.41?

Re:IE still #1 a-ok

[finkployd]

Well then jackass perhaps you shoudl expect the saem from others.

or wait, since it is MS are they held to an unachievable standerd.

You are a joke.


And your spelling sucks.

You know what, NOTHING is inheriently secure. However when you are making software for the masses (you know, like Microsoft does) it is inexcusable to HAVE a way to make it secure, but not ship it that way. There is no such operating system as Linux, that is a kernel. Perhaps you are taking about Fedora, or Ubunto, or something like that.

A default install of Fedora Linux, OSX, or Ubuntu is much more secure than a default install of Windows (perhaps not XP SP 2, they did finally do some things right with that one). They are basically locked down by default. However, comparing operating systems to web browsers is kind of silly anyway. So compare Opera or Firefox against IE. What is more secure by default? THAT is my point.

Finkployd

Re:IE still #1 a-ok

The Pinto doors can still stick when you get rear-ended, even at low speeds. Good luck fixing THAT withoug tying the car together with a roll cage! Good engine though. Find a used Ranger that needs a four cylinder and crush the Pinto after saving the drivetrain.

Re:IE still #1 a-ok

[WARM3CH]

no problem :)
And yes, Arabic, Persian and languages like that read from right to left. However, the funny part is that the numbers are read from left to right! Now, the bug with FF is that when you write 314 (with arabic characters, that is) it renders it correctly as 314 but when you write 3.14 it swaps the two parts and render it 14.3 which can be a bit annoying if you have lots of such numbers in a text.

Re:IE still #1 a-ok

[Bert64]

Is it filed as a bug with bugzilla?
Not being able to read such languages, i wouldn't have noticed such a thing.. But i'm sure there are plenty of indian coders who could lend a hand in fixing this.
Aside from that, firefox still does a much better job overall at rendering pages, and from a purely english speaking latin charset perspective it renders far better than ie.

Re:IE still #1 a-ok

So terrorists use IE then?

Mirrors

[bunburyist]

Mozilla.org will probably get hammered!! Here's a google cache of the Firefox Mirror List

And while you're at it don't forget those extensions:

FoxyTunes: http:www.iosart.com/foxytunes/firefox/

AdBlock: http://adblock.mozdev.org/

Or you can just go get more at: update.mozilla.org

Happy Browsing!

Re:Mirrors

[PlancksCnst]

You forgot Greasemonkey. that's my fave after Adblock and Flashblock.

Re:Mirrors

[anpe]

yup, Greasemonkey rocks.
I'm stuck behind a dump proxy that allows *.gmane.org but forbids gmane.org. Sadly all urls used in http://www.gmane.org/ link to http://gmane.org/

Clearly writing an extension for this is an overkill.

Here's the greasemonkey code for it:
// ==UserScript==
// @name WWW.gmane
// @namespace www_gmane
// @description Rewrites http://gmane.org/ -> http://www.gmane.org/
// @include http://gmane.org/*
// ==/UserScript==

(function() {
var scriptBefore = 'http:\/\/gmane.org'
var scriptAfter = 'http:\/\/www.gmane.org'
var xpath_a = "//a[contains(@href, scriptBefore)]";
var xpath_img = "//img[contains(@src, scriptBefore)]";
var xpath_link = "//link[contains(@href, scriptBefore)]";
var res_a = document.evaluate(xpath_a, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_img = document.evaluate(xpath_img, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_link = document.evaluate(xpath_link, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var i, link;
for (i = 0; link = res_a.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
var img;
for (i = 0; img = res_img.snapshotItem(i); i++) {
img.src = img.src.replace(scriptBefore, scriptAfter);
}
for (i = 0; link = res_link.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
})();

lam elessfilterlameles sfilter
lamelessfilter lamelessfilter
lameles sfilter ameless filter

Re:Mirrors

AdBlock is great. First thing to enter in the filter list should be *ads.odsn.com*

Re:Mirrors

[DrJonesAC2]

Anyone know where I can get this update without the installer? Just a zip file would do me nicely. Or has firefox come to require registry entries in order to run properly?

Re:Mirrors

[irq255]

The first thing I enter in the filter list for Adblock is this adblock filterset.

Re:Mirrors

Greasemonkey is good and on asa's blog, platypus was mentioned which is a great new extension to interactively modify pages and generating greasemonkey scripts from your changes. Now, browse happy, worry free, and worship our common WWW illiterate god! I hate Microsoft, and Apple is cool, especially since OS X builds on open source.

*starts masturbating to the karma rating boost*

Re:Mirrors

[jvj24601]

You can get it here:

http://ftp.mozilla.org/pub/mozilla.org/firefox/nig htly/2005-05-11-13-aviary1.0.1/

Re:Mirrors

[ESqVIP]

Beware, though: never mix zip and installer builds. Many instability issues are known to happen.

So, uninstall first if you're currently using an installer build.

Re:Mirrors

Don't be fucking stupid, Mozilla can deal with any faggot download.

No

One word: ActiveX

Locales

[bjprice]

Unfortunately there's no British English version of 1.0.4 yet.

It'll appear in the list of locales here when it's ready, but it looks like we limeys are stuck with 1.0.3 (or speaking American English) until then.

Re:Locales

[InsideTheAsylum]

You know, you don't have to wait for Firefoux to come out, you can just use the regular old Firefox..

Re:Locales

What exactly is different? I didn't see any obvious spelling differences on my American English version of Firefox. It's not like our version says "Open Location Beeyotch!" instead of "Open Location".

Re:Locales

[Jugalator]

True, but one need to realise the differences are small but still exist; it's like running Firefox on different tyres. :-)

Re:Locales

Mozilla needs to sort their release system out. It's disgraceful that you still have to use an older/exploitable version to have the browser in your language.

Re:Locales

It's not exactly my favorite FireFox feature, so I doubt it'll matter

Re:Locales

[dagnabit]

Isn't the British version named Foyerfox?

Re:Locales

[LiquidCoooled]

I went into the options screen, and I had lost the settings for my "Fonts and Colours".

All that was left was "Fonts & Colors" (whatever they are).

In reality, I never once noticed I had the english version until I just went and checked.

Re:Locales

Does the English version come with a picture of Charles and Camilla?

We're stuck with a picture of Barbara Bush on this side of the pond.

Oh wait that's a dinosaur!

Impressive

[PenguinBoyDave]

While I don't care for the update process, I am exceedingly impressed that Mozilla makes fixes so quickly, and doesn't try to hide them (like another browser company has done in the past). Professionalism...very nice to see this from Mozilla. Kudos!

Re:Impressive

[Swamii]

Dave, while that's usually the case, there have been several bugs that the Mozilla foundation has marked as private and have kept from the public for more than 2 years. I believe such cases have been mentioned by several slashdot posters in the past.

Re:Impressive

[PenguinBoyDave]

That is very interesting. I was not aware of that...probably because I have been such a fan of Mozilla I didn't bother to look for problems.

Re:Impressive

[spells]

probably because I have been such a fan of Mozilla

Wow, a /. user acknowleging a bias. How rare and refreshing - now please leave and don't return because I can't keep cleaning the coffee I spewed all over my monitor when I read your post ;)

Re:Impressive

[Swamii]

Yep, no problem. I'm actually a FF fan too (using 1.0.4 to post this), but it's good to realize the FF is not as invulnerable and ironclad as some Slashdotters would have us believe.

Re:Impressive

[man_of_mr_e]

Uhh...

This very bug was first reported to bugzilla 10 days ago and the bug was restricted and kept private until a public disclosure by someone else a few days ago.

It took them 10 days to fix, I don't call that quick (though certainly faster than some other vendors)

Re:Impressive

Terms like fast/slow, beautiful/ugly, young/old are relative terms. 10 days seems pretty quick to me, compared to a lot of other vendors. Therefore, it's quick. Not as quick as Google searches, or a bullet in flight, but it can still be called "quick".

exe crashes explorer when viewed accross SMB share

I copy the exe installer into a folder on a windows share, explorer crashes when I access the folder from certain clients. Same happened with 1.0.2 but not with 1.0.3

I wildly guess it's a race condition or something arising from reading the embedded icon resourse as that doesn't show? No I don't really have a clue what causes it.

All machines are fully patched W2K, thank buddha for memory sticks!

c'mon! Let's break some FF extensions!

[denis-The-menace]

Why can't we have extensions that don't die just because they changed the release number?

Extension authors can't keep up.
Mozilla Update is slow to update itself.
and Users like me are left looking to google for help.
Silly me thought Mozilla Update there to centralized things.

Re:c'mon! Let's break some FF extensions!

[EpsCylonB]

is there an easy way to renable all your old extensions ?

Re:c'mon! Let's break some FF extensions!

[LnxAddct]

about:config
extensions.disabledObsolete = false
Regards,
Steve

Re:c'mon! Let's break some FF extensions!

[DarkAvZ]

Here's why (right from the release notes):

When you upgrade to a new version of Firefox all of your Extensions and Themes will be disabled until Firefox determines that either a) they are compatible with the new release or b) there are newer versions available that are compatible. This is because Firefox changes from release to release and as such the ways in which some extensions integrate changes, meaning there can be problems when running an older extension with a newer version of Firefox. If you find that your favorite Extension or Theme has not been updated to be compatible with this release of Firefox, write the author and encourage them to update it.

Re:c'mon! Let's break some FF extensions!

[Moredhel]

I find that, after an update, a random number of my extensions show as OK, but aren't active. I fix this using the following path:

Open the Extension dialog. For each Extension, 1st click it, and the 3rd-click it and select "Disable". Once done, I exit Firefox, and restart it. The open the Extensions dialog again and go through each clicking "Enable" instead. Then exit and restart Firefox a 2nd time, and everything is back as it was.

HTH.

Re:c'mon! Let's break some FF extensions!

[Stevyn]

I use the spellbound extension a lot and every time I upgrade firefox it's always a pain in the ass to get it working again. I have to run firefox as root, install something, close it, and repeat the process a few times. It probably takes less than five minutes so it's not really a time issue, it's just aggravating because it feels like it really shouldn't have to happen.

Re:c'mon! Let's break some FF extensions!

[ConceptJunkie]

HAHAHAHA! Linus LOOZORS!

i never have to run as root on windows micorsft is smart enuff that they dont make u login as root every time you install a update!

YOU LOOSERS! Linus will never be as GOOD as \/\/!n|)0\/\/z

Language Not Available!!

[HomeworkJunkie]

Damn. Can't upgrade to 1.0.4 since the English (British) version is not available yet :( Can't be installing the American version ;)

Re:Language Not Available!!

[un1xl0ser]

Why don't you upgrade your language from British English to American English?

That would solve both problems.

Re:Language Not Available!!

[HomeworkJunkie]

Why would I want American English? I don't understand it :)

Re:Language Not Available!!

[stanleypane]

( Can't be installing the American version ;)

Oh no, wouldn't want to chance that one. Seeing how proper your British English be, I can surely understand.

Re:Language Not Available!!

We can't do anything about your single-digit IQ. Sorry.

Re:Language Not Available!!

Nor it would seem, your 4 digit wastelines.

Re:Language Not Available!!

Because people would assume that we were just underweight yanks with inadequate dentists, and throw bombs at us for being imperialist oil thieves.

Plus "Nucular" just sounds funny in an English accent.

What-ho!

Re:Language Not Available!!

[FidelCatsro]

(joke)
sounds like a downgrade to me , you lot keep removing letters from words or as i like to call them features.. for example
colour = color
maths = math
aluminium = aluminum
(/joke)

Re:Language Not Available!!

[fatted]

Thats a downgrade! English "Lite" for people who can't spell!

Re:Language Not Available!!

[jdavidb]

Right! The new model is more efficient! :)

Re:Language Not Available!!

[Down_in_the_Park]

Would you upgrade to a no longer maintained OS, like ...mmmh DOS

Re:Language Not Available!!

American English itself is due for an upgrade. New feature: adverbs are to be added "real soon now".

Re:Language Not Available!!

Except that it's not backwards compatible with the billion systems using English....

I for one prefer a higher vowels-per-metre rating!

Re:Language Not Available!!

[jdavidb]

Er, is that a thousand million, or a million million?

Re:Language Not Available!!

[HomeworkJunkie]

By they way "Can't be installing the American version" needs to be read in a good farmer style West Country (Gloucester/Bath) accent.

I ain't be wanting any new fangled machines running on my farm!! Get orf my land!!

Re:Language Not Available!!

Nor it would seem, your 4 digit wastelines.

What? 1,016 mm? That's not that bad...

Re:Language Not Available!!

[tepples]

There are about 1e9 speakers of at least some dialect mutually intelligible with British or American English.

Re:Language Not Available!!

[sik0fewl]

Why don't you upgrade your language from British English to American English?

But that would be like upgrading from Firefox to IE. I fail to see how that would solve any problems.

Re:Language Not Available!!

[dBLiSS]

WORD Y'ALL... MTV?

Re:Great

Bullshit. Microsoft fixes a lot of problems quickly but the monthly release schedule that they have moved to means that you'll only get those patches every four weeks unless it's critical.

Re:Great

Just because the problem was only announced on security sites a week ago, does not mean it had not existed for years in the Mozilla codebase, plain for all to see. Microsoft on the other hand quietly releases fixes, then discloses what they fix. Practice has taught them one thing about vunerabilities, and that is that the sooner you release the fix the sooner the wolves will start chasing down the stragglers. In cases where a flaw is announced before a patch is out, the lag time for Microsoft isn't too shabby.

Until Firefox has an upgrade mechanism that doesn't feel like extracting teeth, the Microsoft approach, regrettably is going to win out.

-Steve

Update Icon

So why isn't my "update" icon lit?

Re:Update Icon

[fatted]

+++ Divide By Cucumber Error. Please Reinstall Universe And Reboot. +++

Good, but I wish there was remote updating

As a system admin for our company, every new Firefox release means that I will have to go around to 150 workstations and manually reinstall the browser again to keep it up to date. I wish there was some sort of way to remotely update the browser on all machines or a way to patch vulnerabilities without a full reinstall.

Re:Good, but I wish there was remote updating

[vadim_t]

Why should there be any?

A sane OS should do that through a package manager. You can do that easily on any Linux distro without needing any specific support in the application.

I suppose there must be something like that for Windows.

Re:Good, but I wish there was remote updating

[LnxAddct]

As a system admin for your company, you should use a msi package, but if for some reason you can't, firefox's installer can be fully scripted by simply passing it some args and turning on the quiet switch(or invisible or something switch, you'll have to look it up).
Regards,
Steve

Re:Good, but I wish there was remote updating

[Jugalator]

I suppose there must be something like that for Windows.

Yeah, and Firefox is released in this package format already -- MSI.

I'm pretty sure they have at least networking support enough to solve his problems of updating 100+ individual installs. :-o

Re:Good, but I wish there was remote updating

[jlrobins_uncc]

Under OSX, I unpack the DMG on a test box, and if all looks good, I tar it up and cron out the update to all of our desktop boxes. The cron script tests the installed version's version string inside the plist file against the expected one, and, if not the same, then fetches the tarball from webspace and unpacks.

Re:Good, but I wish there was remote updating

[Bert64]

It's very easy to do on unix, i have scripts to do exactly that.. Ofcourse i install it on a test machine first, and when verified to work i push the changes out over all the other machines using an automated script.

Re:Good, but I wish there was remote updating

its called a fileserver. they invented them back in the 80's. check it out.

You mean the 1880's? Because I'm quite sure that they had been in use for many years in 1980.

Re:Good, but I wish there was remote updating

[hab136]

I will have to go around to 150 workstations and manually reinstall

SMS and its competitors will keep you from having to ever leaving your desk.

On OSX and *nix side, use a common shared drive for binaries.

Re:Good, but I wish there was remote updating

[jdavidb]

What is the "R" software they have there, after Thunderbird?

Re:Good, but I wish there was remote updating

[Flooded77]

From R-project.org

R is a language and environment for statistical computing and graphics. It is a GNU project which is similar to the S language and environment which was developed at Bell Laboratories (formerly AT&T, now Lucent Technologies) by John Chambers and colleagues. R can be considered as a different implementation of S. There are some important differences, but much code written for S runs unaltered under R.

Re:Good, but I wish there was remote updating

[jdavidb]

Thank you. I wish they had made their icons into links.

Re:Good, but I wish there was remote updating

Personally, I wish people would design, write, and release software without security holes in it.

If all we're wishing for is "some sort of way to remotely update the browser", we've lost already.

Re:Good, but I wish there was remote updating

[ConceptJunkie]

Wow, and I'm still on C. Well C++ anyway.

I gotta update!

Re:Good, but I wish there was remote updating

[PCM2]

The problem is that the site you link to says MSIs are "easy to use, but difficult to create" and it does not itself host an MSI for Firefox 1.04.

Re:Good, but I wish there was remote updating

If you happen to be running Active Directory or SMS, you can always just download the MSI version of Firefox to deploy to all your workstations from a central server.
You can download them here at http://www.zettaserve.com/
And of course, it is free :)
The MSI of Firefox 1.0.4 should be out in a few hours.

Re:Good, but I wish there was remote updating

[apdt]

Agreed.... at least I thought so, but recently while trying to deploy FF with group policies I came across Advanced Installer which is a free(beer) MSI authoring tool that makes it really simple to create MSI's. I've made my own custom MSI's for firefox using a combination of this and FFDeploy (well actually just the createProfile.vbs and manual method from it).

works like a charm.

Re:Great

[Skye16]

What does it matter if they fix it and we don't have it? I don't care whether it's fixed for them, I want it fixed for me.

Middle click new tab on Mac

[Feng]

Does middle clicking on a link open a new tab for OS X yet? The last I heard you had to patch FF to enable this feature. Middle clicking works fine on Safari, it's one feature I really miss when using FF on OS X.

Re:Middle click new tab on Mac

[DrWhizBang]

Aren't all clicks with a Mac middle-clicks?

Re:Middle click new tab on Mac

and here i was thinking Mac only had _one_ button on the mouse?

Re:Middle click new tab on Mac

[Bert64]

Works for me..

Re:Middle click new tab on Mac

[Ligurmatic]

If you have a Logitech or Microsoft mouse (or others that include software, but I can't say for sure) you can always set the middle button to be option-click. That solved it in FireFox for me.

Since it's an infrequently used button on Macs, it shouldn't cause much of a headache.

Re:Middle click new tab on Mac

[kbrosnan]

Middle click won't ever work on a 1.0.x release. You will need to wait until the 1.1 release. It was fix on the trunk by bug 151249.

bugzilla.mozilla.org/show_bug.cgi?id=151249

Re:Middle click new tab on Mac

[Blakey+Rat]

Har-de-har har har.

Re:Middle click new tab on Mac

[masklinn]

Since Mac is now officially Unix you can manage to buy and install a *real* mouse on an Apple box, and get more than one working button too !

Amazingly fast response

[jbarr]

My wife pointed out an article on Google News (that I had already seen earlier) showing that Firefox had some security vulnerabilities. She winced because I had just converter her to Firefox. I told her not to worry. I said, "Mark my words, there will be a security fix within a week." Well, today the fix was released and she was impressed. Not only has the Firefox development team improved the product, but they have made my wife happy! Life is good!

Re:Amazingly fast response

so... they've made your wife happy? and that's ok with u?!

Re:Amazingly fast response

[x_codingmonkey_x]

What bugs me is the fact that there is no news about the fix coming out so soon. It seems that news agencies are just giving Firefox a bad image.

Re:Amazingly fast response

My mom always said, "Jim, you're 1 in a million." Given the current population, there are 6000 of me. God help us all!

Six thousand copies of you does sound like a lot, however each one has a million people to "handle" them, so I doubt that any serious harm can be done. However, that assumes a uniform distribution and a much more likely Poisson distribution would actually give a small but existant set of "high Jim occurance" areas, where the ratio could be much lower, such as 1 in 10000. This assumes that Jim distribution is a series of independent random events - which it may not be. Considering the imminent reality of human cloning, we may have to learn as a society to deal with large numbers of copies of a person. Maybe then, you are actually helping us along that path.

Re:Amazingly fast response

[jbarr]

What bugs me is the fact that there is no news about the fix coming out so soon. It seems that news agencies are just giving Firefox a bad image.

There is. It's just not at the top of Google News...

Re:Amazingly fast response

[srid]

Not only has the Firefox development team improved the product, but they have made my wife happy! Life is good!

How is life good then? ;-)

Re:Amazingly fast response

[JohnGrahamCumming]

So you're saying "Chicks dig it"? Why the hell isn't that Mozilla's slogan?

John.

Re:Amazingly fast response

This must be the most ridiculous thing I've read all week. It reads like a zealot's advertisment. "Not only is Firefox AWESOME, but it helps you with your sex life!"

Re:Amazingly fast response

How does it feel haaving other men make your wife happy?

Re:Amazingly fast response

So, you are getting sex again?

Re:Amazingly fast response

[jbarr]

This must be the most ridiculous thing I've read all week. It reads like a zealot's advertisment. "Not only is Firefox AWESOME, but it helps you with your sex life!" This must be the most ridiculous thing I've read all week. It reads like a zealot's advertisment. "Not only is Firefox AWESOME, but it helps you with your sex life!"

You see, that's the problem. I never said anything about anyone's sex life. I'm talking about a person being happy with a product that delivers timely updates and is proactive with its user base. For once, my wife doesn't say "This program sucks!" instead, she sees it as a useful and productive tool.

Read all you want into my original statement, but I suspect that your supposition about one's sex life probably reflects the condition of your own....

Re:Amazingly fast response

[deesine]

I put a different message in YIM everyday.

Today's message mirrored your's...Life is good!

And that was before updating FF and coming to /.

Hmm...maybe we caught a wave in the same morphogenic field.

Re:Amazingly fast response

[I'm+Don+Giovanni]

Too bad the bugs were reported ten days ago (according to Mozilla). The so-called "fast response" is only relative to the time that the bugs reached the mainstream news, not to the time that the bugs were first reported to Bugzilla. Besides that, security bugs are not disclosed to the public, so we really don't know how long ago the bugs were first reported.

Second, the percentage of Firefox users that will actually update will be fairly low. A recent survey showed that most Firefox users are still runing 0.9 and 1.0 versions.

Third, exploits for holes in Microsoft's code are almost always released after the patches for those holes are released. Indeed, the exploits are created by black-hats examining the patches themselves. Those that don't apply the patches are still vulnerable, nonetheless. Same applies to Firefox; even moreso with Firefox's shoddy update mechanism (if you can call it such).

Re:Amazingly fast response

[gahzinia]

"Not only has the Firefox development team improved the product, but they have made my wife happy! Life is good!"

I guess having the Firefox dev team make your wife happy is better than having your neighbor make your wife happy...

Good work guys

[Weaselmancer]

We appreciate it.

It's in the details

You can check for updates from Tools>Options>Advanced>Software Updates. If you use some themes, e.g. Littlefox, there is a button next to the Firefox home page 'circle' that you can click to check for updates.

As for your observation regarding the red flag, I believe The Mozilla Foundation had disabled that feature on the website because of one of the critical flaws now fixed.

-clueless

(I need to create a login here, or did I do it previously?)

Re:It's in the details

[grommit]

And what does that "Check for Updates" do? That's right, it downloads the full installer to your desktop and executes it which is exactly the same as downloading it manually from mozilla.org except with a couple less mouse clicks. It still has to run the entire installer asking you if you want to re-create icons on the desktop/toolbar/start menu, do a quick/custom install and a few other things.

Re:It's in the details

[Threni]

> It still has to run the entire installer asking you if you want to re-create
> icons on the desktop/toolbar/start menu, do a quick/custom install and a few
> other things.

I have broadband. If it's just one click, I don't care how much stuff it's downloading and executing.

Re:It's in the details

[grommit]

Yes, I'm sure in your mind the world revolves around you but here in the real world, some people actually consider the situation of a person other than themselves from time to time.

You have broadband. Lots of people still don't. For instance, every time Firefox releases a new version, I have to burn it to a cd for a friend of my wife's at work so they don't have to sit around for an hour at home waiting for it to download.

Re:It's in the details

[Curtman]

some people actually consider the situation of a person other than themselves from time to time.

The Buddha says there is no you and there is no me, only "us". ;)

Re:It's in the details

[Dasch]

I don't care how much stuff it's downloading and executing

Then why aren't you using IE? ;)

Re:It's in the details

[radiophonic]

And every time you run 'windows update' you need to download 10M+ of updates. Every time you download a mp3...well, let's not go there.

I'm not saying you're wrong for complaining, I'm saying it's a moot point. Many, many programs are large nowadays and you need to learn how to use a download manager if you're still stuck on a modem.

Re:It's in the details

[daikokatana]

I have broadband. If it's just one click, I don't care how much stuff it's downloading and executing.

Apart from the fact that there are still a lot of people on dial-up, I think it can be considered bad practice to download stuff you already have (like 90% of the program you are trying to update or patch).

I have broadband as well, but I'd rather save the extra bandwidth and used megabytes (yes, my connection has a limit) for something else.

By the way - suppose this was an Oracle database where the installer would be several gigabytes, would you still download it again?

Re:It's in the details

[Dysan2k]

So that means, we have broadband.. I knew I was getting stiffed! Fork over your half of the cable costs, bro!

Re:It's in the details

[Curtman]

Fork over your half of the cable costs, bro!

Go get a wifi card. Most any one will do. People still pay for broadband?

Re:It's in the details

[antiMStroll]

Firefox is 5 meg. What did these people do fo XP SP 2? Not the 100% best solution granted but Firefox ix is far from the biggest hurdle for those still with low bandwidth.

Re:It's in the details

[joeljkp]

It also creates a mess of your Add/Remove Programs list (multiple entries).

Re:It's in the details

[juhaz]

No, it doesn't any more, that was fixed in 1.0.3

Re:It's in the details

[sznupi]

Low bandwith usually means low limits... (as for the dial-up it means 1h download; yes, I know theoretical max is higher, I had been achieving almost that when I had modem - but it was good, hardware modem; the modems people usually have are horrible...)
It usually comes to this unfortunatelly: many people simply won't upgrade because of this...

PS. And SP2 can be found in magazines... (not that I need it, SP4 more...)

Re:It's in the details

[joeljkp]

Cool, thanks for the info.

Re:It's in the details

[ncc74656]

Fork over your half of the cable costs, bro!

Go get a wifi card. Most any one will do. People still pay for broadband?

Without some form of net access feeding it, your wireless access point is about as useful as a paperweight. Without an access point or router, your wireless card is similarly useless.

Re:It's in the details

[soupdevil]

Not all of us live in cardboard apartments, with 25 other apartments within Wi-fi reach. And by the way -- the people you're leaching off of? They're paying for broadband.

Re:It's in the details

[Curtman]

Not all of us live in cardboard apartments, with 25 other apartments within Wi-fi reach.

But most of us have a window somewhere and/or exterior walls.

the people you're leaching off of? They're paying for broadband.

Yes. And I thank them very much. In my case its the university campus down the road. I don't even think they care, they advertise the damn thing.

Re:It's in the details

[Leiterfluid]

Let's compare apples to apples, though, shall we? Microsoft doesn't re-release a distribution of a product every month. Since 1.00, this is now the fifth update in as many months.

Re:It's in the details

[soupdevil]

I can't see, much less access any network in my neighborhood, and I live in an urban area. When I'm out and about with my laptop, I have noticed that most networks are now password-protected. This is much different from two years ago, when almost every network was wide open.
I used to run an open access point, but I had too many people abusing it with p2p, and trying to hack my internal network, etc.

Re:It's in the details

[NuShrike]

Did they fix the multiple GRE, and else, entries in the registry also? I'm kinda tired of manually going in there with regedit and cleaning it out.

Re:It's in the details

[MaDeR]

You're, of course, made this up. Ff still leave mess. Do not post if you're know nothing about it.

Re:It's in the details

[juhaz]

You're, of course, made this up.

That's "you made this up", not "you're". And no, I didn't make that up. I just installed both 1.0.3 and 1.0.4 over another version, and neither leaves multiple entries in add/remove dialog.

Ff still leave mess.

You, on the other hand, just did.

Do not post if you're know nothing about it.

Very good advice you should follow yourself. Makes it even more pathetic to be guilty of what you accuse others of, no?

Re:It's in the details

[the_mad_poster]

"Conservatives are people who had the conscience to abandon their liberalism." -- Ann Coulter

You'll get more bites. No, AFAIK Ann Coulter never said it.

You're welcome.

Re:It's in the details

[MaDeR]

If you have no trash in Add/Remove Programs, then hooray. Unfortunately, I still have trash - Mozilla Firefox 1.0.2 and 1.0.4 - (was 1.0.3 too but I somehow managed to remove this). Even if I can remove 1.0.2 - still new install of FF 1.0.4 leave trash. Maybe my computer plots against me - I don't care. I care about content of Add/Remove Programs.

It's about time!

It is embarrassing to encourage people to use Firefox and then when a security problem is announced they just let it fester like an open sore. Microsoft would have had something like this fixed in a matter of months. Or better yet they wouldn't have told anyone about the problems at all so therefore nobody could have exploited them. So rock on, you cancerous communists!

Will someone please...

[Viceice]

Will some one please post a .torrent? Highly apreciated thanks.

Re:Will someone please...

[Baramin]

You're obviousile eager to update your firefox rapidly, I suppose because of the security fixes of that new version.

But you're willing to download it from any source as you're requesting a torrent, which can contain a "modified" version ?

I fail to see the logic... I'd advise you to wait till you can download it from the main mirrors.

Re:Will someone please...

Don't the Mozilla peeps have the MD5 displayed on their site somewhere?

Re:Will someone please...

Looks like they have an official site for torrents, but it hasn't been updated since 1.0.1.

Re:Will someone please...

I would get a torrent. Then check the md5 sum. Simple and efficient.

'all javascript vulnerabilities'?

[DaHat]

That sounds awful ominous and near impossible... perhaps instead the line should be 'all known javascript vulnerabilities'?

Re:'all javascript vulnerabilities'?

[telecsan]

The statement did not intend that the set of vulnerabilities that were fixed encompassed the entire set of possible javascript vulnerabilities.

The actual intention was the reverse, the set of vulnerabilities that were fixed all belonged to the set of possible javascript vulnerabilities.

Re:'all javascript vulnerabilities'?

[hawaiian717]

That sounds awful ominous and near impossible

about:config
javascript.enabled = false

That will avoid all JavaScript vulnerabilities.

Oh wait, you want the web sites you visit to work?

Re:'all javascript vulnerabilities'?

[chis101]

What was meant was, all of the fixes they did were javascript vulnerability fixes. It should have been something like, Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all of which were javascript vulnerabilities

Re:'all javascript vulnerabilities'?

[brettlbecker]

Why did this get modded "insightful"?

The article merely stated that all of the critical security issues fixed with this update were java-related. It by no means says that this update fixes all java vulnerabilities.

Sheesh.

B

How to trigger the update

[MikkoApo]

Menu > Tools > Options > Advanced > Software Update > Click Check Now

Not very easily accessible, but at least its there :)

FF - starting to feel like IE

I just upgraded to FF 1.03. FF is strarting to feel like IE with all these security updates.

Re:FF - starting to feel like IE

[NetNifty]

I think if FF was starting to feel like IE, you'd be getting infected using vulnariblities which are still unpatched, but whether this is a result of MS's relatively slow patching routing (someone mentioned they only released patches once a month except in extreme situations) and Firefox not being limited by this, or Firefox patching quicker, or a combanation of both, I can't really say.

Re:FF - starting to feel like IE

[SenFo]

Are you concerned with the large number of reported security holes lately? Somebody please feel to correct me if I'm wrong, but I do believe that the Firefox developers moved security to their highest priority during the 1.0.x releases in an attempt to catch most of the severe holes before the release of 1.1.x. If this is true, they're probably actively pursuing potential security holes as aggressively as they possibly can and correcting them even faster. Internet Explorer, though somewhat quiet on the security hole announcements recently, still has a few major security holes that Microsoft has known about for a couple of years.

Re:FF - starting to feel like IE

[blueZhift]

Hmmm, if Microsoft had attacked bugs and feature enhancements for IE as aggressively as I've seen for the Firefox crew, maybe IE wouldn't be in the straits it is in today. As a developer, the whole IE thing has been a disappointment because in the early days it really looked like MS was going to bring something great to the table, but after they killed Netscape, they just let it drop.

So yeah, all of the reinstalling the whole Firefox package to get the fixes is a little bit clunky (just a little), but I expect to hear less and less about security holes in Firefox in the near future at this rate. Go Firefox!

Bleeding edge

[imipak]

Although I've been an enthusiastic mozilla/firefox user & supporter since the late 90s (yes I was browsing with a 'naked' gecko control, HA! :P) I was surprised to find I'd lost track of development to the extent that I didn't realise the trunk builds have a much more up-to-date gecko engine. The gecko in the 1.0.x series (inc. 1.0.4) are a year old! Those users who prefer livin' on the edge might prefer to get a faster, smaller, much less memory-leaky build from: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nigh tly/latest-trunk/

Re:Bleeding edge

[FidelCatsro]

For Mac users the Nightly builds also sorts a few problems .
The browser is much smother , the middle mouse buttons works for things like auto scroll , open in a new tab and close tabs.
Also the menu interface has been redone and is far more hetrogeneous to the os X enviroment.
I tried out 1.0.4 and the mac problems above seemed not to be fixed so the nightly builds do provide a far more comfertable browsing experiance on os X

Re:Bleeding edge

[Val314]

there are quite a few issues with the current nightly (but most of them are not that serious). See this post for some details

Re:Bleeding edge

[dtfinch]

I install them every morning.

Re:Bleeding edge

[DeadSea]

The nightly disabled ALL of my extensions. I just can't use firefox without extensions. I'm now on 1.0.4. Hopefully they will have the extension issues resovled by the time 1.1 is released for real.

Re:Bleeding edge

[masklinn]

They're not fixed indeed, current nightlies are "images" of the soon to become 1.1 which should be due by June (or July if the devs are as horribly behind schedule as they seem to be)

Re:Bleeding edge

[masklinn]

Let's check why it disabled your extensions:
Most of the current extension state that they are coded for Firefox 1.0 (or Firefox 0.9 to 1.0, more rarely 0.7 to 1.0).
Trunk builds (aka nightlies) are NOT Firefox 1.0, they're "soon to become" Firefox 1.1.
Extensions are therefore not allowed to run them because the extensions themselves state that they shouldn't run on FF 1.1.
You can go and edit your extensions files:

• Go to your profile folder (under windows it's %APPDATA%\Mozilla\Firefox\Profiles\randomgibberish .username)
• Go to the "extensions" folder
• Open the "Extensions.rdf" file in a text editor (notepad is ok, things like SciTE or UltraEdit work better though)
• Now check all those little "em:maxVersion" thingies, there is at least one for each extension (often more, when the exetension is also Mozilla and Thunderbird compatible)
• Bump the maxVersion to "1.1" everytime it says "1.0" or "1.0+"
• Save
• Restart firefox

Does work like a charm for releases (but may break your browser if an extension was REALLY broken by the update, you're doing that at your own risk mate), does probably work with nightlies too, just find out what version they identify themselves as.

rotfl

Talk about karma whoring...

Seriously, what's the point in banging together a link to the 2 most popular extensions, etc?

In related news...

[amichalo]

...FireFox downloads double to 100 Million!

Re:In related news...

You forgot the tag

Re:In related news...

[MrCopilot]

No!No! No.

I'm here to Kick Ass & Chew Bubble Gum, and I'm all out of bubble gum. Get it straight, or We'll send Roddy Piper over to see how much gum you have.

I now return you to your regular time wating activities.

Yes, but ...

[thinkfat]

... as soon as the first proof of concept evolves into a worm, they will experience what it means to be deployed on millions of internet-connected pc's of clueless users.

Rule #1: doesn't matter how fast you output a security update, if it's not being installed.

Unfortunately it's not enough for an update to _exist_.

Re:Yes, but ...

[Mr.+Underbridge]

Rule #1: doesn't matter how fast you output a security update, if it's not being installed.

Rule #2: Security updates tend not to be installed if they break things.

With MS, the cure was often worse than the disease. Also, this is one benefit of Firefox being a product the user has to go and get - if they can find Firefox once, they can probably go find it again. Firefox update helps too.

Re:Yes, but ...

[jmacleod9975]

How would a worm work on a browser? I am curious. Does firefox listen on a particular port while it is running?

Re:Yes, but ...

[jbarr]

And therin lies the double-edged sword. Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's. Yet, in order to ensure security, an auto-update feature really becomes necessary. Of course, Microsoft and the Mozilla Foundation as companies are viewed with very different levels of "trusts." Unfortunatly, not everyone will be satisfied.

Personally, instead of displaying the tiny unobtrusive update indicator as it currently does, I would love see Firefox do something like change the window color to red and display a system message dialog stating the problem with a link to the update. Maybe a good compromise?

Re:Yes, but ...

Rule #0: You can only install a security update if it exists.

There's absolutely nothing wrong with being quick about security updates. The Mozilla people are holding up their end of the stick nicely, thank you.

Of course, there's no pleasing some people.

Re:Yes, but ...

[david614]

I use Firefox on a mac (OS 10.4 Tiger on a Powerbook), and was unaware that there *was* an indicator that showed when updates were available. I just use slashdot to notify me of the updates (or some other online source). I guess I should pay closer attention. D

Re:Yes, but ...

[zero_offset]

With MS, the cure was often worse than the disease.

"Often" is an overstatement. There were serveral incidents but given the number of patches they've released, your comment amounts to flamebait.

Re:Yes, but ...

[tyler_larson]

... as soon as the first proof of concept evolves into a worm...

Point taken, but let's bear in mind that this POC can't evolve into a worm. It can't even evolve into an exploit now that the only site on the default whitelist no longer exists.

That's why they didn't put out a stop-gap fix release at the beginning of the week--the threat had passed completely.

Firefox developers got lucky this time--they could remove the threat with a simple server-side modification. With most vulnerabilities of this severity, that's not an option.

Re:Yes, but ...

[Curtman]

Unfortunately it's not enough for an update to _exist_.

True. But it's also not enough for a bug to exist either. It has to be _exploitable_.

Re:Yes, but ...

[Curtman]

Does firefox listen on a particular port while it is running?

If this bug were exploitable, then it could very easily install an extension (which is what this bug was all about after all). Once installed, it has access to all of XPCOM, including the networking stuff

Re:Yes, but ...

[srleffler]

Unfortunately, many users didn't go find Firefox once. They had someone more technically oriented install it for them.

The fact that Firefox security updates don't automatically install unless you notice and click on that red arrow in the upper right corner pretty much guarantees that a large fraction of copies will remain unpatched. When I've visited people for whom I installed Firefox 1.0 when it came out, I've noticed that none of them have noticed the red update icon or updated Firefox on their own.

If users have to go and get updates, many machines will remain vulnerable to security holes.

Re:Yes, but ...

[soulhuntre]

That about sums it up. On Slashdot any pro-MS statement is considered a "Troll", even if it's true.

Truth? We don't want no stinkin' truth!

Re:Yes, but ...

[daikokatana]

How would a worm work on a browser? I am curious. Does firefox listen on a particular port while it is running?

Why do you automatically assume that it is Firefox itself that becomes infected? Think about it this way: if Firefox could be used to smuggle the worm inside of the machine, it could run separately from the browser on it's own port.

Re:Yes, but ...

[Mr.+Underbridge]

"Often" is an overstatement. There were serveral incidents but given the number of patches they've released, your comment amounts to flamebait.

Is today nitpick day? I'd say "several" amounts to "often," in as much as both are rather ambiguous. I didn't say "always." So no it's not flamebait, if for no other reason than it wasn't SCREAMING, and the maker of said patches isn't here.

Re:Yes, but ...

[Mr.+Underbridge]

Unfortunately, many users didn't go find Firefox once. They had someone more technically oriented install it for them.

Certainly there's that fraction. But it's smaller than the fraction that didn't go get IE, said fraction being approximately 1.0 since it comes with any windows computr.

The fact that Firefox security updates don't automatically install unless you notice and click on that red arrow in the upper right corner pretty much guarantees that a large fraction of copies will remain unpatched. When I've visited people for whom I installed Firefox 1.0 when it came out, I've noticed that none of them have noticed the red update icon or updated Firefox on their own.

I do agree that the meaning of said red arrow could be better explained. The problem is how to implement that without suffering accusations of nagware ("Updates are now available!") or spyware (automatically downloading updates).

Re:Yes, but ...

[antiMStroll]

"Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive..."

They do? Seems to me the complaints hinged more on lack of trust regarding the information Microsoft pulled from machines and the inability to test patches in a production environment before roll-out to confirm applications didn't break. The latter's why some businesses still haven't rolled out XP SP2.

Agree with update indicator though, maybe add a startup notification and an option to update automatically.

Re:Yes, but ...

I know, thats why I'm stuck with Wndows 3.1... no auto upgrade exists for me so I'm totally screwed.

Re:Yes, but ...

I think the indicator is fine. It should just blink occasionally with a little tooltip next to it that says "updates are available -- click here". If one doesn't like it, they can always turn it off. It does a pretty poor job at calling attention to itself, but once you know what it's for, it's not so bad.

People who never change defaults usually use the firefox homepage, which will give them a whole page when it detects a critical update is needed.

Re:Yes, but ...

[thinkfat]

the stress should be on this POC. No guarantee that it's never going to happen again.

safe software is the exception. not the rule. this applies also to open source software

Re:Yes, but ...

[Ogive17]

I downloaded firefox as soon as it was "officially" released.

Now I consider my knowledge of computers and software as advanced, but I'm definately not an expert. I found the interface to be less friendly than IE and trying to change options was a chore. Also, until 3 days ago, I didn't know how to automatically update Firefox until I saw someone mention clicking the red arrow on the top right portion of the window. Now, I had gone to mozilla.org and downloaded the latest versions on my own, but this was a hassle. And if "I" didn't know about the auto-update, my grandmother, parents, sister, brother, and a few friends I've turned to Firefox are not going to know either.

Sometimes reading through /. posts, I am reminded of bleeding heart liberals or bible thumping conservatives with how people treat OSS to M$. People are annoyingly blinded by their dis-like for the other side that they cannot see the whole picture. Sure Firefox is great, but it's not perfect and IE still has some advantages.

Re:Yes, but ...

[jmacleod9975]

ok, but then what port does it contact on the next machine? I am not saying there isn't a serious security problem. However, is this something that could spread as a worm? I thought a worm did not need any user interaction like going to a webpage. Maybe my definition of a worm is incorrect, or maybe I am not understanding the issue entirely.

Re:Yes, but ...

[Tony+Hoyle]

It does nag, albeit poorly.

You get a 'we have updates, click here' at (apparently) random intervals, popping up over the task bar.

Unfortunately it pops up for only a little over a second, so before you've decided whether to 'click here' it's already gone. It also has no identifier telling you it *is* firefox... when it happened to me first time I went through the whole AVG/Sbybot/Adaware cycle twice thinking I'd picked up some scumware.

Nowadays it's just frikkin' annoying, especially if you're not ready to upgrade - I only just went to 1.0.3 from 1.0.1 and that cause me to lose all my bookmarks as the upgrade trashed the profile (FF just hung on startup, only deleting the profile restored it). Not planning to go to 1.0.4 this fast....

Re:Yes, but ...

[zero_offset]

Both are relative terms. When used in relation to something numbering in the thousands (in this case, MS patches), not only are they not interchangable, they're very nearly opposites.

Re:Yes, but ...

You say the interface is "less friendly than IE", but what you really mean is: "I'm used to IE, and it's not identical to IE." I use FF exclusively on my computer, but on some computers sometimes, I have to use IE, and /I/ find the IE interface "less friendly than" FF, because I'm used to FF. It's all personal preference, neither is really better.

Re:Yes, but ...

[periol]

Sure Firefox is great, but it's not perfect and IE still has some advantages.

The only possible "advantage" IE has is the ability to run proprietary Microsoft pages. And that advantage is rapidly disappearing. More and more companies are coming out with standards-compliant intranet and internet applications.

Well, that and playing windows medial in the browser. Now that's a perk.

Re:Yes, but ...

[SimplexO]

Personally, instead of displaying the tiny unobtrusive update indicator as it currently does, I would love see Firefox do something like change the window color to red and display a system message dialog stating the problem with a link to the update. Maybe a good compromise?

Read about the proposed new software update coming in (much) later versions of Firefox. For those who can't be bothered to read anything, they have mockup screenshots.

Re:Yes, but ...

[ArielMT]

The Windows version of Firefox includes its own update notifier: a red up-arrow conspicuously placed next to the spinner. (All it needs to do is jump up and down like icons in a default KDE install.)

And unlike regular Windows updates, if the Firefox update fails due to insufficient user permissions (not logged in as Administrator), the installer is left on the desktop ready for the admin when the user calls the help desk about problems updating, saving bandwidth from another download.

It's true that it's not enough for updates to merely exist, but it's not like the Mozilla Foundation hasn't gone out of its way to all but force updates on Windows systems.

As far as *nix versions go, those distros that have Firefox in their repository already update Firefox as part of the distro's overall update process.

(I don't know about Mac OS versions. Any insight?)

Re:Yes, but ...

[paj1234]

Rule #2: doesn't matter how many times you tell people it's PCs not pc's, some still get it wrong.

Re:Yes, but ...

[ChoGGi]

you can use
browser.bookmarks.file
to change the location of your bookmarks file

Re:Yes, but ...

Also, until 3 days ago, I didn't know how to automatically update Firefox until I saw someone mention clicking the red arrow on the top right portion of the window. Now, I had gone to mozilla.org and downloaded the latest versions on my own, but this was a hassle. And if "I" didn't know about the auto-update, my grandmother, parents, sister, brother, and a few friends I've turned to Firefox are not going to know either.

That's funny... my 60-year-old mom figured it out by herself after I installed Firefox for her. I guess the "Update(s) available" tooltip cued her in about what the arrow was there for.

And if she figured it out and you didn't, then I guess she's smarter than you.

Re:Yes, but ...

[myowntrueself]

Wasn't there a critical security patch for Exchange server a while back that silently reconfigured your mail server into an open relay?

Nice one, MS!

Re:Yes, but ...

[daikokatana]

Ah, sorry, now I understand it. Technically it would not be considered a worm as such, I think, but as with many technical terms they get interchanged a lot without good reason.

For more (basic) information on worms and virii, see http://computer.howstuffworks.com/virus1.htm .

Re:Yes, but ...

[bill_mcgonigle]

Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's.

Are you kidding? I turn it on everywhere there isn't a professional IT shop tending computers. That includes all family and most small businesses. Microsoft may not be perfect about its patches but they're a heck of a lot better at it than your typical user would be.

A Microsoft patched machine can expect to go TU every couple years - an unpatched machine is TU forever.

Firefox speed.....

[SammysIsland]

Back in the day when I first downloaded FireFox, one of my favorite parts of using it was how fast it would load up the first window when opened. It was almost instantaneous.

The more I use it, the longer this actions takes. It doesn't matter if I clear cache and cookies, un-install plugins, or just plain uninstall and reinstall the browser.

Is it simply the newer versions that cause it to load so slowly? My roommate has the same problem. Is anyone else experiencing this and is there an answer?

Responses greatly appreciated. Thanks.

Re:Firefox speed.....

[gothzilla]

Yes. Each version gets slower. I have a 1.4gig cpu and 512 megs of ram. If I minimize firefix and work in another program for 10 or 15 minutes then restore the firefox window, I can wait anywhere between 20 and 45 seconds for the window to come up and I can hear the hard drive chugging away like mad.
It crashes regularly, at least once a day, as well. I installed firefox on 15 computers here at work and it's the same on each one. The employees actually asked if they could start using IE again because firefox was just way too slow in some situations.
Regardless, I keep upgrading thinking it will be fixed soon. There's nothing like false hype over eye candy. It's pretty, the plugin system whoops major butt, but as a whole firefox just simply is not worth the hype it has recieved, which is why it's called "hype".

Re:Firefox speed.....

[Dusabre]

Um...

You have some serious problems with your computers.

Really.

Firefox is a lot faster than IE. It should never take 20 and 45 seconds for a window to come up. More like a second. Firefox is tiny and doesn't take up much memory - if your hard disk is chugging consider a defrag.

Firefox doesn't crash unless it starts interacting with something like java or Flash. It can go a little crazy then but that's because of incompatibilities that also crash IE.

On consideration...what you're describing is IE behaviour - so let me bequeath you the title of
cleverly disguised TROLL or MS SHILL.

Re:Firefox speed.....

If I minimize firefix and work in another program for 10 or 15 minutes then restore the firefox window, I can wait anywhere between 20 and 45 seconds for the window to come up and I can hear the hard drive chugging away like mad.

Well this is what you get for using an utter shit OS that can't even manage its memory or scheduling properly.

Re:Firefox speed.....

Yeah, i've similar. i think it's because the main binary (winxp) is 6.32MB and it takes a bit to load all that up into mem.

Re:Firefox speed.....

[cgibbard]

Check your Extensions, there are a few of them which cause large startup slowdowns. I seem to recall SwitchProxy in particular having this problem on my machine.

Re:Firefox speed.....

No, this a well known issue with Firefox. It's exacerbated by having less RAM and a slower drive, but still a FF issue -- especially if FF is leaking memory.

See Bug 76831: Slow startup after long periods of inactivity (minimized window or other).

So, it seems that YOU ARE THE TROLL/SHILL.

Re:Firefox speed.....

[gothzilla]

memory usage:
Firefox - 38meg
avengine - 22meg (antivirus)
IExplore - 11 meg
outlook - 9meg
winword (with doc loaded) - 3.8 meg
excel (with sheet loaded) - 2.8 meg
IE + Outlook + Word + Excel Firefox

This is obviously some strange usage of the word "tiny" that I was previously unaware of.
(Mandatory hitchhikers referance)

I run O&O defrag as well and it constantly keeps my drive defragged in the background. Even with a fragged up swapfile, 512 meg of ram keeps that from being an issue.

When speaking of features, nothing beats firefox. When speaking of stability and mem usage, it's not worth the hype.

0.9 whooped major butt. I had NO problems.
1.0 crashed and the mem usage became as issue
from there it's just gotten worse.

So basically I can use 0.9 and love it to death but be subject to security issues just like IE or I can keep it upgraded and secure and put up with crashes and lockups. How does that make this a superior product?

Re:Firefox speed.....

[slacktide]

Ditch the real-time defrag. That's what sucking up all your extra ram.

Re:Firefox speed.....

[gothzilla]

Then why is Firefox the ONLY program that it happens to? If it was a windows issue then it would happen to more than just one program. I'm the entire IT Dept so I do kinda know what's going on.
Find quality software that functions the way we need and can do what we do here that runs on *nix and I'll switch from windows. Until then please keep your holier-than-thou comments to yourself because no OS or browser or anything is so amazingly wonderful that it makes all others obsolete.

Re:Firefox speed.....

[SammysIsland]

I had originally switched to FireFox in the beginning becuase of the built in tabbed browsing. I never really had any issues with IE to begin with.
I will probably switch back to IE when 7 comes out, because it should have tabbed browsing.
FireFox's support of plugins is nice, but when a prog takes even 10 seconds to load with a 3.06 p4 and 512 ram, something is seriously wrong!
I think Acrobat loads faster. What does that say?

Re:Firefox speed.....

[gothzilla]

It's using 2 megs of ram right now. When it's active it uses 10 or so. I have 512. When it's running you can't tell. Apps run the same speed, programs open just as fast. That's not it. EVERY program I run runs just fine. Firefox is the only one that gives me issues and its not just on my computer, its on any of the workstations I've put it on. Security is more important than speed so I make my users deal with it.

Re:Firefox speed.....

[Fencepost]

There are apparently some known issues with Firefox not correctly releasing memory, a.k.a. memory leaks. Most of them seem to be cross-platform, so it's not just interactions with one particular OS.

You can find out more by looking through Bugzilla.

Re:Firefox speed.....

[gothzilla]

Firefox 0.9 was teh roxors. I'm just gonna keep upgrading until they make it sweet like it used to be. (Or until another browser takes the good parts of FF and puts them in a stable browser.)

Re:Firefox speed.....

[Leigh13]

memory usage:
Firefox - 38meg
avengine - 22meg (antivirus)
IExplore - 11 meg

I see a lot of comments about the memory footprint that Firefox occupies. I used to worry about that too, until I discovered that Firefox dynamically allocates memory usage depending on how much you have available. So try not to get hung up on how much RAM Firefox seems to be sucking up, because chances are it's only taking from what's available. I noticed this in practice when I added another 256MB of RAM to my system and Firefox's mem usage grew accordingly.

Check out this thread for more: Memory leak ? - MozillaZine Forums

Re:Firefox speed.....

[That's+Unpossible!]

Firefox - 38meg
avengine - 22meg (antivirus)
IExplore - 11 meg

When speaking of stability and mem usage, it's not worth the hype.

Ummm... right. Now count the memory usage of all the DLLs IE requires which are loaded into memory as part of Windows (after all, it is embedded). That 11MB does not include that. Once you factor that in, I'd wager it is much closer to the Firefox footprint.

1.0 crashed and the mem usage became as issue

And as for stability... I can't tell you the last time an official release of Firefox crashed on me. I find that most people with crashing issues have done something fucked up to their system.

Just my opinion.

Re:Firefox speed.....

[Rallion]

I reinstalled Windows a few weeks ago, just because I like the feel of a clean registry, and the first thing I did was to install Firefox. I loaded it up and went to Fark. It...well, it didn't crash, but it hung and I had to end the process. I also frequently have problems with the process not closing.

As for the memory, not five minutes ago I just had nothing open but the download window. Out of curiosity, I checked the mem usage on firefox.exe, to find that it was 69MB physical/81MB VM. That's just way, way too much, especially since it's just downloading one file.

I would be using Opera, because it's both more stable for me and has a MUCH smaller footprint, but I don't like that it costs money and web browsers (like OSes) are an area where market share affects usability.

Re:Firefox speed.....

[Blakey+Rat]

Hah! My MacOS X build gets hung-up on Fark Photoshop threads all the time. I thought it was just me, or just on OS X... good to know that other people have the same problem.

Re:Firefox speed.....

[That's+Unpossible!]

I loaded it up and went to Fark. It...well, it didn't crash, but it hung and I had to end the process.

1. What version of Firefox?
2. Any Firefox extensions installed?
3. Did you start with a clean profile, or import an old one?
4. Did you install Firefox into a clean directory, or was it into an existing directory?
5. Are you running any network security software?
6. Is your company using a firewall/filtering device on the network?

And that is just preliminary questions regarding software/networking. Other things to check include motherboard firmware updates, memory tests, etc. Often programs will use the same areas of memory and you'll run into strange problems due to bad memory modules.

The problem is not just some firefox stability issue, since I use it all the time and it is rock solid. This implies something is different about your system that is causing the instability, or it could be a bug rendering whatever page you were on that it hung on, but if this is a continual crashing problem, I am guessing the former.

As for the memory, not five minutes ago I just had nothing open but the download window. Out of curiosity, I checked the mem usage on firefox.exe, to find that it was 69MB physical/81MB VM. That's just way, way too much, especially since it's just downloading one file.

My primary response to this is, memory is cheap and abundant nowadays. However, it likely wasn't using 69MB of memory just to download a file. Presumably you had been browsing quite a bit before hand, and things are cached in memory.

Like it or not, browsers are huge, complex programs that allow you to browse huge, complex data mines, and they require many resources. Just because IE hides its usage well doesn't mean anything.

Re:Firefox speed.....

[Emetophobe]

Heh, right now firefox is using 88mb, but I have 8 tabs open. Usually when i'm browsing porn sites, I have between 30 to 50 tabs open at a time.

I have 2.66ghz p4 with 1gb of ram though, and firefox runs amazingly fast even with a HUGE amount of tabs loaded. The initial load is sometimes slow I will admit, but slow as in 5-10 seconds isn't a problem for me. I bet it has to do more with plugins and extensions that possibly slow down the load by a few seconds.

Re:Firefox speed.....

[Emetophobe]

Firefox is a lot faster than IE.

No it isn't. Firefox loads up slightly slower then IE, and that makes sense.

IE6 is several years old now, with no new features added in a long time. Computers have gotten faster, while the memory footprint for IE has stayed the same, and of course, IE is built into the operating system.

Firefox 1.x is new, has more features and loads more plugins and extensions. It makes sense that firefox loads a bit slower then internet explorer if you think about it.

I rather wait 10 seconds for firefox to load, over 1 second for internet explorer. It's worth the wait.

Re:Firefox speed.....

[Emetophobe]

Firefox currently says its using 88mb for me with 8 tabs open.

If I minimize firefox, the memory footprint goes down to 1mb (it may take a couple min/maxes to notice this).

Now when I restore firefox, it says its using 26mb instead of 88mb, with the same 8 tabs still loaded. This has to do with firefox keeping recently viewed pages in memory for speed I'm guessing, and when you minimize, it flushes it to disk. This is just a possibility, I'm not a firefox programmer so I can't say what they're doing for sure.

Very interesting..

Re:Firefox speed.....

[apdt]

About the "memory leak" and other things, have a look at this article. (Start reading about a third of the way down).

the particular options you'll be interested in are browser.cache.memory.capacity and config.trim_on_minimize

Have they fixed the memory leaks too?

Not a troll, im serious.

Search google, this is an error which never gets fixed.

(PS the config.whatever.thingy = 16000 thing doesn't work for me)

If you have a different solution, thanks in advance :)

Re:Have they fixed the memory leaks too?

[ssj_195]

A whole swathe of them have been fixed in 1.1. Note that the 1.0.x series tend to be security fixes and minor bug-fixes only, so you won't be seeing these fixes in any of the 1.0.x updates. If you want to live life on the bleeding edge (and have none of your extensions work ;)) try downloading a nightly - there are apparently quiet a few speed & responsiveness tweaks, in addition to less memory leakage.

Re:Have they fixed the memory leaks too?

Thanks again, Ive found a /. article about 1.1 features, apparently they have done a lot of leak fixes.... YEY

http://slashdot.org/article.pl?sid=05/05/07/225425 8

Teh O.P.

Re:exe crashes explorer when viewed accross SMB sh

Actually crashes even when viewed from memory sticks (which I remember working last time) or accessed over SMB by DOS. Must be something to do with 7zip executables.

Can anybody reproduce?

Good summary...

Now if only when IE fixes are announced they could be accompanied by suc a straight forward post on /. instead of the usual alarm/hype/fud.

Re:Great

[finkployd]

Bullshit. Microsoft fixes a lot of problems quickly but the monthly release schedule that they have moved to means that you'll only get those patches every four weeks unless it's critical.

Oh yeah, well Firefox fixes problems BEFORE THEY EVEN HAPPEN. Of course, due to their policy of not violating the flow of space time they are forced to wait a few days to release the fixes.

See how convincing that arguement sounds?

Finkployd

news?

[Errtu76]

Disclaimer: I like firefox. I use firefox.

Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:

product | version | last update
firefox | 1.0.4 | today

Re:news?

[Omega697]

It's news because of all the media hype that the latest security holes had gotten. Plain and simple. It's only fair that if the media is going to shout "looky looky, it's got bugs too," that we get to shout "yeah, but watch how fast we fix them."

Re:news?

[Spy+der+Mann]

Can't you (slashdot) create a seperate field where...

Dude, this is slashdot. We've been whining for them to fix the rendering problem for months. Have they done anything?

Consider /. to be more like a "drop it, let it grow with the rain" kind of forum.

Re:news?

[webphenom]

This is "news" because the Firefox (and Open Source, and Anti-MS and...and...and...) community is DESPARATELY trying to "validate" this "new" browser as the second coming.

I mean, come on people. This is at least the third rendition of the original Netscab suckbrowser codebase. How many times are you going to chew up and spit out that thing before people finally realize "IT IS JUST A BROWSER". Get over it already. Remember Mozilla, the IE killer?

So, now that FireFox is just as "secure" as a MS product, and the product is beginning to show signs of sluggish browsing, what other reasons do we have to switch? Tabbed browsing???

Mmmmmkay.

Re:news?

[globalar]

Most of the time, Firefox updates are not very important. However, the exploits which 1.04 fix were highly publicized.

I saw many IT magazines, mostly targeted at management, with significant space (even a few covers) devoted to the exploit. It is an example of the Firefox (and Mozilla) team's committment that a patch came out so quickly. This is very important, as it shows open source products can compete in the very tough browser market.

The progress of Firefox is now being watched by many - opponents and supporters alike. Firfox is under the spotlight and responding the serious issues - especially security, which has plagued IE - is crucial for the browser's future success. This is more about PR and brand recognition than security.

Re:news?

Why is this news?

It's new information and it affects a lot of us.

Re:news?

[STrinity]

It's news because of all the media hype that the latest security holes had gotten.

That explains the coverage for 1.0.4, but what about 1.0.1, 1.0.2, and 1.0.3? Every incremental update makes Slashdot's front page.

Re:news?

[babbage]

I like how all the other replies get hung up on the throwaway "why is this news" comment, but none draws attention to the brilliant product release schedule suggestion. Why not do something like this? Hm?

I've been browsing Slashdot without the slashboxes for years now, but I'd turn them all back on just to get one that did what you're describing here. Heck, you could even set up different ones for different sections, so the main page would get the cross-platform and most-popular items (Firefox, Linux kernel, OSX release, etc) and the sections would get ones that were appropriate to them (e.g. the Apple one could have versions of Safari, Firefox, Camino, iTunes, OSX, etc; a Windows one (say, why is there no Windows section?) could have recent hotfixes, service packs, etc.

As a bonus, the "last update" item could link to the article about the most recent release, while the "product" link can link to a search for all the release articles for that product. And with everything bundled up there, the release articles could be moved off the front page and we'd get less of this whining about new releases not being newsworthy events.

I don't suppose there's any chance that this could be implemented, could it?

mac mouse

[JonDavies205]

i think all are middle click on the mac. I dont like the mac mouse, its designed to be simple..i know, but its too simple and its no good for browsing!

MIRROR

[agoodm]

http://files.photojerk.com/alan/ffox104setup.exe

TROJAN IN LINK

It deleted my hard drive! I opened my computar case and it was gone! Very mysterious!

Re:TROJAN IN LINK

[agoodm]

lol trojan in link. I dont think so, virus scan it if you are parenoid.

Re:exe crashes explorer when viewed accross SMB sh

[Mercano]

While I have had crashes, when I browse to the samba shared folder with the FireFox or Thunderbird installers, Explorer will show the default program icon (the empty window) and lock the folder window up for a while before showing the actuall installer icon (the box and CD) and becoming interactive again. Tis anoying. It also takes an unusual amount of time to get the first window of the installer after I double click the icon.

Javascript Problems

[loganjw]

Upgrade to 1.0.4 still doesn't fix JavaScript issues. My biggest frustration with FF is how some links that reference JS popups do not work. Anyone know why? I wouldn't think it would have to do with the JS code, but maybe so? For example, clicking on any of these thumbnails is supposed to open a larger image but it just opens a blank window.

http://www.anders-bookstore.com/index.cfm?Fuseacti on=Catalog.PerfectSeason

Re:Javascript Problems

[octaene]

loganjw, the Javascript pop-up windows work just fine for me... I'm using Windows XPSP1...

Re:Javascript Problems

[loganjw]

I'm on XP SP2 but that shouldn't be it either. I think maybe it's an extension b/c I've had these JS popups work before. Maybe it's the Tabbrowser Extension that is somehow killing them?

Re:Javascript Problems

[loganjw]

Ok, nevermind all this. It's the damn Tabbrowser Extension! Wish I could delete /. comments.

Re:Javascript Problems

[Emetophobe]

Hehe, I'm glad you figured it out =) I was going to reply and say that those images load fine for me.

OT: I had a similar problem with loading images in firefox, only this was with google maps. The google maps wouldn't display anything, just a blank page. I searched all over to find a solution, but couldn't find anything. It turns out it was one of my firefox options.

Under Tools->Options->Web Features there is the option titled "Enable Javascript" with an "Advanced" button on the right side. I had long ago disabled all the options in there, thinking it was more secure and i'd have more control if javascript wasn't able to do all those things.

Well anyway, all I had to do was enable "Change Images" and google maps worked, I still have all the other options disabled though (for now).

Re:exe crashes explorer when viewed accross SMB sh

Someone correct me if necessary, but I believe it has something to do with AV scanning. Simply opening an explorer window with the setup exe produces a noticeable delay, and it doesn't matter if the file is on a remote drive or removeable media ... probably choking on the 7zip as explorer tries to extract resources from the file.

At least CNET has announced the upgrade

[csoto]

The same Dawn Kawamoto who wrote about the vulernabilities on CNET on the 9th has now written about the new release.

Right you are.

[RLW]

Absolutely. This point can not be stressed enough. M$FT is not innovative, M$FT is not responsive to its users, M$FT is not cooperative with anyone, and M$FT is not not your (or anyone else's) friend. It is lazy where there is nothing to prod it into action. It is aggressive beyond the limits of the law where it believes some else is cutting in on it's 'action'. It is arrogant, belligerent, and conceited. I for one don't trust it. Neither should you.

Update conflicting with my firewall?

[uther28]

I have norton internet security installed on my computer and when I installed the new update for firefox I can no longer access the internet with firefox (using IE right now, something which I would like to stop as soon as possible). When I disable norton's firewall firefox works. Anyone have this problem as well and maybe know how to fix it?

Re:Update conflicting with my firewall?

You probably need to go into your firewall settings and configure it to allow the new executable to access the net. Norton will see this as a different program and AFAIK each application specifically needs to be granted access with NIS.

Re:Update conflicting with my firewall?

How the hell is this interesting? Since when is this a n00^^^^tech support forum? What kind of slashdotter uses Norton products anyway?

Re:Update conflicting with my firewall?

[Emetophobe]

It probably doesn't recognize the new firefox binary.

Whenever I upgrade firefox, Zone Alarm recognizes that it changed and asks me to allow it to connect to the internet (it was already allowed previously). Because the binary changes, zone alarm doesn't recognize it anymore and you have to re-allow it.

I don't know if norton firewall works anything like zone alarm, but that might be the problem.

Doing the .exe shuffle

[carambola5]

I can't run the executable "firefox.exe" at work because it "has been disabled by the administrator." Solution? Rename to firefox2.exe.

The only pain comes when firefox is updated... it leaves the firefox2.exe executable from the previous installation, and adds the new firefox.exe to the install folder. It then becomes a dumb little task to update all the icons and shortcuts scattered about my system.

Wish there was some way to specify, during install, the resulting executable name. Of course, I have to be one of the maybe twenty people in the world who needs this, so maybe it's not worth the miniscule bloat.

Re:Doing the .exe shuffle

[suwain_2]

The real question is... Why has your administrator disabled firefox?

Re:Doing the .exe shuffle

[h4rdc0d3]

... or you could delete the old firefox2.exe, and rename the new executable to firefox2.exe and you wouldn't have to edit any icons or shortcuts.

Re:Doing the .exe shuffle

[Imagix]

Or... convince your administrator that you should be allowed to use firefox....

Re:Doing the .exe shuffle

[carambola5]

That's exactly the point. Deleting the old firefox2.exe and renaming the new one from firefox.exe to firefox2.exe is what I do. Unfortunately, the installer overwrites all the old links and shortcuts to make use of "firefox.exe"

Re:Doing the .exe shuffle

[One+Childish+N00b]

No, the real question is what sort of incompetent admin is doing application screening by *filename*, for Chrissake?

Re:Doing the .exe shuffle

Write a script, stupid.

delete firefox2.exe
move firefox.exe firefox2.exe

Re:Doing the .exe shuffle

[goldfndr]

During install, there are checkboxes for whether or not to create new links/shortcuts (Start Menu, Desktop, Quick Launch). Have you been unchecking them when you install?

On second thought, it looks like bug 245392 still exists in 1.0.4 and won't be fixed until 1.1. Ouch.

Doesn't anybody care about security anymore?

Browsed nested at +4 and not 1 negative comment about firefox. So let me spell it out for you boys: Firefox is shit. It's a program designed on the principle that more shit features is better than security and reliability. Who cares about feature when 1.0 means:
* It's the only remote security hole on my linux laptop.
* By default, middle-clicking on a void space sends whatever is stuck in the clipboard over to google. That's fucking smart. You miss middle-clicking that link, you miss that middle-click paste, you end up wherever google throws you. You were on a secure SSL webpage, tough luck. By default, shitty features override security.
* Memory usage go up and up and up. Does anybody realize that means that firefox 1.0 stability was worst than Windows 95. I could make it unusable in less then two hours of intensive internet on dial-up!
* Keyboard shortcuts works only 95% of the time on linux. See when changing tabs, sometimes the focus of the keyboard remains on a hidden tab. But hey, who uses the keyboard. Is it fixed?

Firefox is one thing: The other shitty browser. I don't see why people recommend it against IE (i don't have that choice, I use linux). Security is not there. That was firefox only potential selling point: Secured browser, there will be updates later, to correct glitches, add some capability, or whatever.
Instead it's some shit-ridden garbage: Look you can have tabs. And there is some inferior intelligence autocomplete that mainly gives you the last URL you typed (how fucking useful). And if you middle-click somewhere, google will throw you god-knows-where (given that quite a few people are unable to use the right-click, that's quite useful). And you can install extensions (hopefully not the stealth one, crafted by some virus/worm writer). But most of all you will have to keep an eye on security warnings and updates.
That's quite a sell for Mom and Pop.

Re:Doesn't anybody care about security anymore?

I post plenty of AC stuff about the sad state of security. It's usually ignored or modded down.

Let's face it: the IT industry is full of incompetent people. If some of those people go work for Microsoft or some go work on an open source project, what difference does it make? Licenses don't create security, *thinking* does.

When Firefox was first being pushed as a replacement for IE, I rolled my eyes. Do people *really* think it's going to be different? Does the language it's written in allow buffer overflows? Yes. Is the structure of the browser highly complex and bloated? Yes. Does it value convenience over security? Yes.

Sure, open source is better than closed source. But not along the security, performance, or reliability axes.

I think it's also sad that the best we can do is hope for "faster updates" than IE. Like you say, nobody cares about "zero security holes" any more. They just throw out some shit and count on "responsible disclosure" to get it fixed AFTER it's shipped.

It's just sad.

Meanwhile Microsoft's Patch Yesterday

[Master+of+Transhuman]

leaves several vulnerabilities at LEAST as serious as the Firefox ones open UNTIL NEXT MONTH!

Who said something about "time to patch" favoring MS?

Firefox: vulnerabilities announced Monday.
Patched by Thursday morning.

Microsoft: vulnerabilities announced months ago.
Patched - "Next month - maybe".

Re:Meanwhile Microsoft's Patch Yesterday

[Colonel+Angus]

Not the best argument. Firefox has outstanding vulnerabilities from 2004-08-30. It's rated Less Critical, but still.

That said, kudos to the team though for the quick update to such critical issues.

Just install the US Version on top

[prandal]

None of the locale-specific stuff should have changed. Works for me.

well, it's up to the user

[c-reus]

thinking back when I was using Windows XP SP2 (the service pack being the only patch because I really didn't like the idea of autoupdating) I recall having maware problems maybe once or twice, during that half-a-year time, I had only one virus. (I have one virus on my Gentoo box now too, but I cant get it to work...).

Anyway, I haven't quite understood how bad hte security holes are, but I'll emerge the update "just in case".

The fact that popular browsers are being searched inside out for security holes is inevitable -- I'm just glad the existence of the breach was announced and fixed so quickly.

Re:well, it's up to the user

[Emetophobe]

I have one virus on my Gentoo box now too, but I cant get it to work..

There's linux viruses now? Thats news to me...

Re:well, it's up to the user

[c-reus]

It's a windows virus. I haven't yet heard of or met any Linux virus.

Nightly build....

As far as I could tell Mozilla had a fix before the exploits where made public. I downloaded the nightly trunk version of FF a couple of days before the exploits went public and found that the issue was allready resolved =)

Re:Yes, but ... or, as an incentive

No, what they should do is offer a Free iPod! (tm) for those patching their systems.

Funny and yet sad...

[Moridineas]

In a law school class, the professor was praising Firefox (for it's ability to do tabbed browsing, as well as it's right to left language support)..a student mentioned a news report that earlier the week new vulnerabilities had been found...everyone cynically laughs--Firefox, just like IE...

kinda sad how inured people have become to bugs--they expect them.

Sigh

[AEton]

I'm getting really tired of this cycle:

1) Update Firefox (reinstall)
2) Run updated version of Firefox happily!
3) Close Firefox
4) Reopen Firefox - wait! It's hung apparently in the middle of loading extensions!
5) Delete all extensions from %APPDATA%\Mozilla\Profiles\gibberish.default\exten sions
6) Reopen Firefox - yay! it works!
7) Reinstall all extensions from [currently swamped and apparently insecure] update.mozilla.org
8) Wait a few months for next update; rinse; repeat.

I'm sure it has to do with a broken extension, but I'll be buggered if I can figure out which. Oh well! It beats the competition!

Re:Sigh

Yeah, repetitive tasks always suck without scripts. It's too bad you're not on Linux. Of course, you could write a Perl script or, *shudder*, a batch file to speed up the updating process.

Re:Sigh

[Emetophobe]

Can you list all the extensions you use?

I have never had any extensions problems, when I upgraded from 1.03 to 1.04 I didn't even have to reinstall any extensions. Heres the full list of the ones I use:

Adblock
Disable Targets for Downloads
DictionarySearch
Tabbrowser Preferences
Forecast Fox
Flashblock

Yes but...

Firefox made claims that their browser was secure and had security built in from the start. It is right and proper that such a claim, used to convince the public to choose it as a browser be held up to scrutiny.

Now the Firefox partisans will claim that this incident reveals that the response time of the Firefox developers supports their claim.

I would say that the jury is still out. Security problems existed and the Firefox marketing was bullish to suggest you were safe. Now we may know that target is unachievable, but it was a core part of the marketing. Firefox directly attacked its competitors on safety, so it needs to prove itself safer

See this article for how people are reacting:
http://www.pcmag.com/article2/0,1759,1775806,00.as p

The lack of background updates is a real issue. Before Windows Updater the biggest problem MS faced was unpatched machines. Those unpatched Firefox machines are a real issue.

So the jury is out on the Firefox teams security claims.

Of course Firefox may have otehr good features, but they need to be held accountable for their claims.

Ubuntu

My ubuntu automatically updated itself yesterday.

Here's a nickel kid. Go buy yourself a real OS.

must be...

[Run4yourlives]

the only time 've ever had an issue is when the user agent extension buggered up.

Check the mozilla forums.

Re:must be...

Ya know, instead of manually deleting all of your plugins, you could go "safe mode" and delete your extensions one by one and relaunch firefox to see which one it is.

If you have switchproxy, it's probably that one.

Re:Great

[masklinn]

Actually, had you really followed the story that bug had been discovered less than a week before being disclosed by a third party.

The bug was discovered and filled in Bugzilla by the discoverer
It was kept hidden while the Foundation was working on a fix (quite common for grave security issues)
a few days later (5? i think?) a third party (not the discoverer, not the foundation) fully disclosed the bug to the public
And the Foundation now releases the fix.

The bug has NOT "sit" for months in BZ, and the discoverer, being a member of the Full Disclosure list, wouldn't have allowed it anyway.

Additionally interresting informations

[masklinn]

It should be noted that 1.0.4 also features a JS bugfix which hastes said JS execution by around 20%.

May sound like it suck... if you don't know that the whole XUL thing (basically everything in firefox but the Gecko engine itself: interface, extensions, userscripts, ...) is pure Javascript.

Annoying

[TrevorB]

I don't mind the freqent updates.

I don't even mind having to download the entire application again from scratch.

What really gets me is the checkbox at the end of the install process "Use Firefox as my default homepage". What if I actually *like* the homepage I've already set up?!

Perhaps I've fallen into the "Next > Next > Next > Finish" trap, but I'd like to see this checkbox turned off by default, especially if I need to reinstall the software every few weeks.

Re:Annoying

See bug 263595 (remember mozilla doesn't allow direct linking to bugzilla from /. -- copy and paste link)

Re:Annoying

[quiddity]

easy, add this to your user.js file

user_pref("browser.startup.homepage", "file:///E:/directory/file.html");
or
user_pref( "browser.startup.homepage", "http://www.google.com/");

then next through with impunity

Not the concept but the implementation

[WebCowboy]

And therin lies the double-edged sword. Just about everyone on /. complains about Microsoft's auto-update feature saying that it's intrusive, and they don't want some company to have control of what is installed on their PC's.

I have no problem with the concept up auto update--I like having the latest stuff on my workstation. The problem is the IMPLEMENTATION of auto-update.

Mozilla's doesn't bring enough attention to it (however, contrary to some other posters arguments I have found it is NOT hard at all--my retired-farmer parents who are decidedly not experts picked it up immediately once they knew what the icon was).

Microsoft's auto-update is TOO intrusive. Given most /.ers tend to be libertarian-minded and tech-savvy, the combination makes Windows Update annoying and offensive to this audience--indeed it is annoying to all but casual and beginning users. Plus, Win Update is not nearly transparent enough--it gives little to no indication of what data it is sending to or receiving from your PC, nor does it indicate when it checks for updates. The default settings are for it to do everything without intervention, confirmation or notification--OK for home users but a nightmare for sysadmins (which is why corporate standard install images often turn off auto-install of updates).

Here is what I would suggest for auto-update:

1. Make more of it driven by applications rather than the OS--more "distributed"--and contain the OS auto-update solely to kernel, system binaries/libraries, basic shared components.

2. Allow the process to be automatic, but make it more TRANSPARENT. Check for updates at predictable intervals (on login, maybe at midnight,etc) and have an unobtrusive but clearly labelled status box indicating what is happening (like when your buddy logs into your IM but in plain language says "retrieving list of updates" etc).

3. Allow for more granularity in settings for expert users or operation tailored to corporate deployments, and put in the control panel an easy-to-find "turn it all off" button. Windows has this "system restore" crap which comes in really useful when you want to re-install those worms and trojans accidentally, and the option to turn it off is buried in the most illogical place on Me, and it isn't much better under XP.

4. How about being more responsive with bugfixes Microsoft? Mozilla is non-profit and manages to fix critical issues within a week, and the process is quite transparent. Microsoft makes you wait at least a month 'till the next regular update cycle, and the process of making and testing fixes is pretty much unknown outside of Microsoft.

Just a few suggestions--there are more, but my point is that MS pretty much as long a way to go as Mozilla in this dept. A lot of MS's challenges have to do with the basic architecture of Windows being flawed (it is too monolithic, so bugs can have wide-ranging effects as can the patches).

As I am not a regular Mac OSX user, I am curious on how that platform handles updates. Could MS and F/OSS people learn something here?

Re:Not the concept but the implementation

[mbaciarello]

As I am not a regular Mac OSX user, I am curious on how that platform handles updates.

Your wish is my command...

OS X 10.3 has a panel in System Preferences where you can choose how often to check for updates (defaults to weekly on a fresh install, IIRC.) It also has the option to automatically download "important" updates in the background - this usually corresponds to security-related fixes and point-point releases. There's also a "Check now" button, and the Apple (system) menu has a direct link to this preference panel.

Feedback is in the form of a window which pops up when updates are available, with a listing of all available updates also telling you whether a patch is going to force you to reboot. You use checkboxes to select downloads. You also get a brief description of what the fix does (that's usually pretty much useless, though.) I don't know if the automatic download feature gives feedback to the user as I don't use it.

Most, if not all applications from Apple are included in this "Software Update" utility. I'm not aware of any other vendor delivering updates through this route.

Mozilla. k Thanks

[baadger]

If Slashdot wasn't so eager to sniff Firefox's hind leg this post would, and should, have mentioned Mozilla 1.7.8 as being released too.

Re:Mozilla. k Thanks

[gahzinia]

Sort of like
http://it.slashdot.org/comments.pl?sid=149222&cid= 12508196
posted Thursday May 12, @08:59AM

Your comment posted at Thursday May 12, @01:17PM.
Shame you can't read previous posts.

Gmail acting screwy

[FCon4]

Anyone else notice Gmail acting up ever since upgrading? Everytime I send/reply, etc., it drops me back to a compose screen after hitting [Send] (although the message does go out). If I go to the Inbox from that screen, it asks if I want to discard.

OT: Your Sig

I usually find that Bush-bashing gets a +1 Insightful.

Disclaimer: I voted for neither Bush nor Gore nor Kerry. I voted Libertarian.

Re:Great

No, but I can see how it has absolutely no relevance to the point I made.

I thought my statement was clear enough even for someone as obtuse as you appear to be, but let me break it down further.

The parent poster made the comment that Microsoft had not released a patch so quickly since the blaster worm. My response was that this has more to do with Microsoft's arbitrary second-Tuesday-of-the-month release schedule than with their competence at releasing patches in a timely manner. Even if they have a fix for a hole the same day it is announced, we probably won't get it until the next monthly release. See, not that difficult to understand. Note that this is not meant to be a defense of those times when Microsoft has suppressed announcements of known vulnerabilities or taken a long time to actually fix a problem.

from the department of redundancy department...

[sean.peters]

perhaps instead the line should be 'all known javascript vulnerabilities'?

Do you really mean to tell me that you read the line "all javascript vulnerabilities" and thought that they had fixed even the vulnerabilities they didn't know about? Do you really think ANYONE would come to that conclusion?

It's not possible to fix unknown problems (except maybe by accident), so adding "known" to that expression is pointless.

Sean

Re:Great

I agree, but that's a different argument than the one that I understood the parent poster to be making. If you'll remember, Microsoft used to release patches constantly before they switched to their current monthly schedule. I guess they decided that it was better for their reputation.

Re:Great

[finkployd]

Obtuse, well you sir are a festisio. See I can make up words too :P

My point is that it from a user's perspective, it is completely irrelevent when microsoft claims to have fixed the problem, all that matters is when they release the fix. They can claim they fixed it quickly and had to wait for the arbitrary release date, or they can claim they fixed it a year ago. None of that matters one bit. For whatever reason, their history of timly releases simply sucks. They can excuse it however they want.

Finkployd

linux build still 1.0.2?

[thermal_noise]

Yep. 1.0.4 still says 1.0.2 if you install
over an old 1.0.2.

Great QA.

Amen!!!

[crhylove]

Amen!!!

Re:exe crashes explorer when viewed accross SMB sh

[exKingZog]

Had exactly the same - a colleague copied FF onto his desktop (a redirected folder, actually located on a server share), and then whenever he clicked or right-clicked on it, the PC locked completely. Weird.

Tablet PC bugs in firefox fixed?

[-Harlequin-]

Any news on whether 1.1 is also supposed to fix the non-standard text input windows that makes Firefox just about the only mainstream app that doesn't work properly in XP tablet edition?

(Most of the time, XP can't detect the text input box because it doesn't comply with the standard, meaning you need to use a keyboard rather than the pen, and on a tablet, you don't always have a keyboard...)

What about the 1.8 branch?

[AnotherScratchMonkey]

I've been running 1.8 with the newer Gecko engine to be deployed in FF 1.1, and see no sign of a new release for it. Is 1.8b not vulnerable, is it being ignored, or is its patch just really slow in being released?

Technically oriented?

[Propaganda13]

Yeah, it's real hard to click next.

I think a lot of people are like me. They installed Firefox and maybe an extension or two. I didn't read anything, and didn't notice the arrow until the last /. article. I know the basics of a web browser, and look through the menu for the options, other than that I didn't care to investigate further.

Re:Technically oriented?

[shaitand]

That puts you in the technical elite when compared with the average user.

Mozilla Rushes Fixes; Microsoft Doesn't Gloat

[webphenom]

The Mozilla Foundation has moved quickly to patch three critical issues in its browsers that were discovered just last weekend. FireFox 1.0.4 and Mozilla 1.7.8 were released today to patch vulnerabilities that could have allowed malicious users to execute arbitrary code. The development has caught some attention in the blogosphere thanks to a post about the security issue from a blogger for Microsoft, itself no stranger to security problems and patches. In a recent post, Dean Hachamovitch, Internet Explorer's IE Product Unit Manager, wrote that browser security is an industry problem, in a bid to adjust the script usually that casts the issue as Microsoft vs. Mozilla, or us versus them.

"The only us versus them distinction I want to make around security is to put responsible software developers, security researchers, and customers together as 'us' and malicious (whether it's intentionally or not) software developers, security researchers, and their customers together as 'them.'"

Credit: http://www.internetnews.com/dev-news/article.php/3 504661

Still no icon for tens of millions of win9x users

Sigh.

Even the lamest most amateur shareware/freeware I've used can get the taskbar/windows icon showing properly.

But it's "not a priority".

Pathetic.

no wonder firefox has so many downloads...

[3seas]

I have attempted numerious times to DL it only to get a partial dl when firefox says its done....

So I then tried using wget only to have it not give me the linux version but instead insist on giving me the windows version.... and it persist in dling the wndows version even after exiting the shell...

during all of this I have noticed more and more language versions come online...

Maybe they need to slow up and get it right...

I really don't need nor can I use windows version on Linux... And yes, I did in fact tell wget to get the linux version...

Starting to sound like IE

[DerekJ212]

Ive been a faithful Firefox user for a while, however, with all these pathches, i am starting to become disheartened. Arent all the things we complain about IE patchable? The whole point is if it was done well, it would not NEED all these patches. Perhaps I am off base, but after a few more patches, I might have to start looking around. Derek

As always...

[MaDeR]

Installer not only loads whole installer, but still leave garbage in Add/Remove Program. I hope that some ff dev read this: you're fucking idiots.

Moox 1.0.4 is out

Looks like MOOX has released his versions of Firefox 1.0.4. At the moment, there English and quite a few localized builds popping up on his website. YOu can find out more here: http://moox.ws/