Slashdot Mirror
Firefox Updated to 1.0.4
Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.
yes, I know the arguments behind it...but it would be relly nice if update didn't involve simply downloading installer (on mine 128kbps it's so so...and on slower?)
One that hath name thou can not otter
These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!
9/11: Never forget it was a false-flag operation
Posting from 1.0.4 right now. Funny thing, after I upgraded and restarted the browser, I still had the "updates available" little red arrow on the top right corner of the browser. After checking for upgrades (and finding none), it's disappeared. Bug? Leftover registry entry or config file from 1.0.3?
---- Take the Space Quiz!
This guy at work noticed I was using firefox (he's an IE user), and said, slyly, "You know, there's a couple of really bad security holes." Good think FF fixes their holes faster than MS.
Next time I try to help a friend out I'm not suggesting firefox. I'm suggesting Netscape! Wwwait.
Firefox 1.0.4 was posted sometime between 11 and 11:30PM last night EST. I got it about 11:40 :D (Yes, geek alert)
That aside, with all of these newfound vulnerabilities popping up so often, could Firefox become (later down the line) the new Internet Explorer? May seem highly unlikely now.. but as the New York Lottery says...
"Hey, you never know."
It should be noted that the Mozilla Suite has also relased an update, 1.7.8.
Mozilla.org will probably get hammered!! Here's a google cache of the Firefox Mirror List
And while you're at it don't forget those extensions:
FoxyTunes: http:www.iosart.com/foxytunes/firefox/
AdBlock: http://adblock.mozdev.org/
Or you can just go get more at: update.mozilla.org
Happy Browsing!
Unfortunately there's no British English version of 1.0.4 yet.
It'll appear in the list of locales here when it's ready, but it looks like we limeys are stuck with 1.0.3 (or speaking American English) until then.
v4sw6HPU$hw5ln6pr5$ck4ma8u7LMO$w2m6l7DL$i2e3t4MWb9AHKMRTen5a29s0r1p-5.88/-8.36g5CST
While I don't care for the update process, I am exceedingly impressed that Mozilla makes fixes so quickly, and doesn't try to hide them (like another browser company has done in the past). Professionalism...very nice to see this from Mozilla. Kudos!
I'm not a troll, but I play one on Slashdot.
I copy the exe installer into a folder on a windows share, explorer crashes when I access the folder from certain clients. Same happened with 1.0.2 but not with 1.0.3
I wildly guess it's a race condition or something arising from reading the embedded icon resourse as that doesn't show? No I don't really have a clue what causes it.
All machines are fully patched W2K, thank buddha for memory sticks!
Why can't we have extensions that don't die just because they changed the release number?
Extension authors can't keep up.
Mozilla Update is slow to update itself.
and Users like me are left looking to google for help.
Silly me thought Mozilla Update there to centralized things.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.
Damn. Can't upgrade to 1.0.4 since the English (British) version is not available yet :(
Can't be installing the American version ;)
"Why take life seriously, you're not coming out of it alive anyway."
I don't know this as fact, but I think it is all in what time your browser checks for updates. I can't tell for sure, but I think it is set to do a random check (mayhapps it even checks every so many days and yours is still not showing an update as others are because you installed so many days after they did)...
I dunno..
---
telnet://sinep.gotdns.com -- Telegard BBS -- Enjoy!
bork bork bork!
Just because the problem was only announced on security sites a week ago, does not mean it had not existed for years in the Mozilla codebase, plain for all to see. Microsoft on the other hand quietly releases fixes, then discloses what they fix. Practice has taught them one thing about vunerabilities, and that is that the sooner you release the fix the sooner the wolves will start chasing down the stragglers. In cases where a flaw is announced before a patch is out, the lag time for Microsoft isn't too shabby.
Until Firefox has an upgrade mechanism that doesn't feel like extracting teeth, the Microsoft approach, regrettably is going to win out.
-Steve
As a system admin for our company, every new Firefox release means that I will have to go around to 150 workstations and manually reinstall the browser again to keep it up to date. I wish there was some sort of way to remotely update the browser on all machines or a way to patch vulnerabilities without a full reinstall.
What does it matter if they fix it and we don't have it? I don't care whether it's fixed for them, I want it fixed for me.
Does middle clicking on a link open a new tab for OS X yet? The last I heard you had to patch FF to enable this feature. Middle clicking works fine on Safari, it's one feature I really miss when using FF on OS X.
--- if y cn rd ths y cn gt a gd jb n cmptr prgmmng!
My wife pointed out an article on Google News (that I had already seen earlier) showing that Firefox had some security vulnerabilities. She winced because I had just converter her to Firefox. I told her not to worry. I said, "Mark my words, there will be a security fix within a week." Well, today the fix was released and she was impressed. Not only has the Firefox development team improved the product, but they have made my wife happy! Life is good!
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
You can check for updates from Tools>Options>Advanced>Software Updates. If you use some themes, e.g. Littlefox, there is a button next to the Firefox home page 'circle' that you can click to check for updates.
As for your observation regarding the red flag, I believe The Mozilla Foundation had disabled that feature on the website because of one of the critical flaws now fixed.
-clueless
(I need to create a login here, or did I do it previously?)
That sounds awful ominous and near impossible... perhaps instead the line should be 'all known javascript vulnerabilities'?
Help Brendan pay off his student loans
Not very easily accessible, but at least its there :)
I switched to Firefox because I was sick of using IE. Ever since I've switched, AdAware has found ZERO spyware/malware incidents!
To IE's meager defense, I'm sure there might have been a setting somewhere that might have tightened up the holes, but switching to Firefox has been easier. Plus, I'm addicted to the tabbed browing.
Why are there only 19 people folding@home for slashdot?
Although I've been an enthusiastic mozilla/firefox user & supporter since the late 90s (yes I was browsing with a 'naked' gecko control, HA! :P) I was surprised to find I'd lost track of development to the extent that I didn't realise the trunk builds have a much more up-to-date gecko engine. The gecko in the 1.0.x series (inc. 1.0.4) are a year old! Those users who prefer livin' on the edge might prefer to get a faster, smaller, much less memory-leaky build from:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nigh tly/latest-trunk/
...FireFox downloads double to 100 Million!
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
... as soon as the first proof of concept evolves into a worm, they will experience what it means to be deployed on millions of internet-connected pc's of clueless users.
Rule #1: doesn't matter how fast you output a security update, if it's not being installed.
Unfortunately it's not enough for an update to _exist_.
You're obviousile eager to update your firefox rapidly, I suppose because of the security fixes of that new version.
But you're willing to download it from any source as you're requesting a torrent, which can contain a "modified" version ?
I fail to see the logic... I'd advise you to wait till you can download it from the main mirrors.
There's no place like 127.0.0.1
MyBlog
Back in the day when I first downloaded FireFox, one of my favorite parts of using it was how fast it would load up the first window when opened. It was almost instantaneous.
The more I use it, the longer this actions takes. It doesn't matter if I clear cache and cookies, un-install plugins, or just plain uninstall and reinstall the browser.
Is it simply the newer versions that cause it to load so slowly? My roommate has the same problem. Is anyone else experiencing this and is there an answer?
Responses greatly appreciated. Thanks.
Disclaimer: I like firefox. I use firefox.
Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:
product | version | last update
firefox | 1.0.4 | today
Renders sites better? Actually IE renders sites very badly, the fact that some sites depend on ie's buggy rendering is disturbing enough. Firefox will render any site closer to what the site's html/xml code is specifying.
IE doesnt support xhtml atall, and only manages to render an approximation of it when you set the mime type to incorrectly identify it as html.
Also, you are more vulnerable to cross site scripting attacks when using ie.. mozilla will correctly url-encode requests, while ie will not.. therefore when the server returns the data, it will be url-encoded and mozilla won't accept any malicious html tags.. Also mozilla actually supports HTTP (ie doesnt, heres why) and uses the mime-type to work out how it should render a file.. ie on the other hand ignores it (the HTTP rfc 2616 states that any tool supporting http will use the mime type if one is present) so if an error is returned as text/plain and contains html tags, ie will render the html tags (leading to possible malicious code or cross site scripting etc) whereas mozilla will render it as plain text like it should.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
It deleted my hard drive! I opened my computar case and it was gone! Very mysterious!
Boy, I cannot agree with you more. If you have half a clue, then IE is easy to make secure. I just went into Tools - Internet Options and set the Security policy to Restricted Sites, turned on popup blocking (after I obviously installed SP2), set my Privacy level to High (because everyone except an idiot knows this is how to disable Cookies), and then installed all the hot fixes from MS. If you are too lazy to maintain your software properly then you shouldn't even have a computer. Just get a Mac or something.
It's like all those people who complain about safety problems in cars. My Pinto is safer than almost every car out there. All that with almost zero risk of theft. I strapped some padding onto the rear bumper and put some steel reinforcement plating around the gas tank. There is almost no risk to myself or my passengers of a ruptured fuel tank, all because I took the time to fix an inherent problem in the design of the ... wait .... err ... I gotta go.
Well, generally I agree with you. However, when it comes to correctly rendering UTF-8 pages, specially with Arabic characters, firefox has some very well known bugs that have not been fixed now for ages. The most annyoing one is a bug in rendering arabic decimal number: It shows all numbers like 1.4 as 4.1! Of course, IE renders such pages perfectly.
Of course, there were settings you could change that would fix that. They were in Advanced>Settings>Options>Burning>Defaults>Input. You just had to uncheck "Always burn with error correction (may cause some discs to burn slower)" which simply fixed the garbled data, and "Always burn with high-precision laser" (so you don't get coasters). Checking those 2 boxes results in the application working perfectly every time.
Would anyone use that? No! People would laugh it off and comment on just how stupid it is. Why IE gets a free pass for almost the same transgressions is beyond me. Oh, wait, no it isn't -- it's because people started using it years ago and are afraid of changing to something better because it's "different." "I've already got those boxes checked."
I have norton internet security installed on my computer and when I installed the new update for firefox I can no longer access the internet with firefox (using IE right now, something which I would like to stop as soon as possible). When I disable norton's firewall firefox works. Anyone have this problem as well and maybe know how to fix it?
I can't run the executable "firefox.exe" at work because it "has been disabled by the administrator." Solution? Rename to firefox2.exe.
The only pain comes when firefox is updated... it leaves the firefox2.exe executable from the previous installation, and adds the new firefox.exe to the install folder. It then becomes a dumb little task to update all the icons and shortcuts scattered about my system.
Wish there was some way to specify, during install, the resulting executable name. Of course, I have to be one of the maybe twenty people in the world who needs this, so maybe it's not worth the miniscule bloat.
IWARS.
People, in general, disappoint me. Politicians even more so.
leaves several vulnerabilities at LEAST as serious as the Firefox ones open UNTIL NEXT MONTH!
Who said something about "time to patch" favoring MS?
Firefox: vulnerabilities announced Monday.
Patched by Thursday morning.
Microsoft: vulnerabilities announced months ago.
Patched - "Next month - maybe".
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
It should be noted that 1.0.4 also features a JS bugfix which hastes said JS execution by around 20%.
...) is pure Javascript.
May sound like it suck... if you don't know that the whole XUL thing (basically everything in firefox but the Gecko engine itself: interface, extensions, userscripts,
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Please do pay a visit to the CSS Zen Garden and compare IE renderings to FF renderings.
the Special Effects Designs are the most interresting ones in terms of IE sucking badly, BTW...
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
If Slashdot wasn't so eager to sniff Firefox's hind leg this post would, and should, have mentioned Mozilla 1.7.8 as being released too.
As I am not a regular Mac OSX user, I am curious on how that platform handles updates.
Your wish is my command...
OS X 10.3 has a panel in System Preferences where you can choose how often to check for updates (defaults to weekly on a fresh install, IIRC.) It also has the option to automatically download "important" updates in the background - this usually corresponds to security-related fixes and point-point releases. There's also a "Check now" button, and the Apple (system) menu has a direct link to this preference panel.
Feedback is in the form of a window which pops up when updates are available, with a listing of all available updates also telling you whether a patch is going to force you to reboot. You use checkboxes to select downloads. You also get a brief description of what the fix does (that's usually pretty much useless, though.) I don't know if the automatic download feature gives feedback to the user as I don't use it.
Most, if not all applications from Apple are included in this "Software Update" utility. I'm not aware of any other vendor delivering updates through this route.
Yeah, it's real hard to click next.
/. article. I know the basics of a web browser, and look through the menu for the options, other than that I didn't care to investigate further.
I think a lot of people are like me. They installed Firefox and maybe an extension or two. I didn't read anything, and didn't notice the arrow until the last