Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netscape Releases Security Update

Posted by Zonk on from the at-least-they're-prompt dept.

daria42 writes "Less than 24 hours after releasing Netscape 8, Netscape has released a security patch bringing the browser up to version 8.0.1. The patch address security vulnerabilities in version 1.0.3 of the Firefox code on which Netscape is based. The update comes amid online criticism from Firefox developers that the browser was insecure."

25 of 159 comments (clear)

  1. No thanks by Anonymous Coward · · Score: 2, Funny


    i prefer to get my browser from the organ grinder, not the monkey

  2. software and bridges by Virtual+Karma · · Score: 4, Insightful

    Don't you think it is wiser to wait 24 hours longer (or maybe a week or so) and then release a quality product rather than issue patches. Imagine if civil engineers started doing the same with buildings and bridges.

    --
    fuvoo: watch something
    1. Re:software and bridges by AKAImBatman · · Score: 5, Informative

      That's the luxury software developers have that civil engineers don't. Its not exactly possible to go back and fix a mistake you made while building a multi-million dollar bridge.

      That's what you think. New structures are found to be unsound all the time, which usually requires that the structure be patched in some form or another.

      Take the case of the London Millennium Bridge which suffered from Resonant vibration (a common problem with suspension bridges). It wasn't planned for because it was assumed that such vibrations couldn't happen from mere pedestrian traffic. The solution was to retrofit 37 fluid-viscous dampers and 52 tuned mass dampeners.

      In short, don't think that engineering is that much different from software. They're quite similar, to the point of being frightening.

      --
      Javascript + Nintendo DSi = DSiCade
  3. Netscape's Original 8.0 Release by Anonymous Coward · · Score: 5, Informative

    ZDNet Australia has a scathing report on problems with Netscape's original 8.0 release, which shipped with known critical security bugs. ZDNet notes that several key Mozilla devs have lashed out at Netscape, including Firefox lead developer Ben Goodger, who posted a live exploit of the known vulnerability. Gervase Markham, another Mozilla employee found Netscape's claim that Firefox 1.0.4 is "outdated" ridiculous. Ali Ebrahim, another contributor commented that Netscape's claim of "more security choices" is based on a false premise. To their credit, Netscape has since released Netscape 8.0.1, based on Firefox 1.0.4 which plugs the most severe known issues, though the question still remains as to why they released 8.0 in the first place if it contained such severe security issues.

    1. Re:Netscape's Original 8.0 Release by aliebrah · · Score: 2, Insightful
      The reason they released it was it was all they had. They didn't have time to test and integrate a new version. It's the firefox people's fault for having the vulnerabilities, I think they're just trying to distract from their own failings.

      This is frankly a load of bollocks. If Netscape is going to harp about their commitment to security, then holding off release to include the fixes from Firefox 1.0.4 would have been the only right thing to do.

      Sure, the problems existed in Firefox itself, but Netscape has chosen to (a) base it's products on Firefox, and (b) tout security as a primary feature. Nobody has forced them to do it, least of all the Mozilla Foundation.

      What you're seeing Firefox devs say has nothing to do with a smokescreen. It's simply an observation that Netscape, the company who offers "more security choices" than anyone else chose to release a product with known critical vulnerabilities instead of waiting a single day to patch them. As they've demonstrated, it only did take them that long.
  4. Why didn't they wait? by drsmack1 · · Score: 4, Insightful

    I did not understand why it was based on 1.03 anyway; were they completely unaware of what was going on at the firefox project?

    --

    Humor from a Genetically Molested Mind

    1. Re:Why didn't they wait? by Reducer2001 · · Score: 2, Insightful

      What were they supposed to do? They have to do a code-freeze sometime. If they would have waited until 1.0.4 was out, then we would all be screaming that they should have waited until 1.0.5 was out. You know that another security bug will be found in Firefox again. They can't just keep holding off releasing a product because of security exploits that haven't been discovered yet.

      --
      When you get to hell -- tell 'em Itchy sent ya!
  5. I don't get it. by Nytewynd · · Score: 2, Insightful

    What is the deal with Netscape 8? It sounds like they basically downloaded the source code for Firefox, recompiled it, and then distributed it as something new.

    First, why isn't Firefox going after Netscape and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?

    I think I might get the Firefox code myself and create a browser called LOL-I'm-Really-Just-Firefox. It will be huge.

    --
    /. ++
    1. Re:I don't get it. by Jarnis · · Score: 3, Informative

      As long as you abide by the license of the code, you can do that. Open source and all that...

    2. Re:I don't get it. by Soybean47 · · Score: 2, Informative
      First, why isn't Firefox going after Netscape

      Firefox is open source.

      and second, why would anyone start using Netscape when Firefox knows their own code better and fixes it faster?

      Now, you've got me there. Uh...brand recognition? Maybe?
    3. Re:I don't get it. by justforaday · · Score: 4, Informative

      The big deal with Netscape 8 is that it offers the choice of using the IE or Firefox/Gecko rendering engine on different pages. For instance, you can have it set to display /. using the Gecko engine, while using the IE engine to render your company's intranet page (you know, the one that requires that you use IE for "full functionality"). The main reason for it, however, is for the brand recognition that AOL gets out of it. Of course, the dual-rendering ability will only complicate matters for Joe Sixtooth.

      --
      I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  6. Re:Browser boys are back by Soybean47 · · Score: 4, Insightful

    Are the browser wars really back? Has anyone tried the new Netscape? Given that they pretty much peaked around 4.7 or something like that, or earlier depending on who you ask, I just don't see any reason to even try it. What is Netscape likely to give me that Firefox can't?

  7. 3 != 44 by dereference · · Score: 2, Informative

    There were only 3 bugs fixed in 8.0.1, not 44! See the Release Notes for yourself.

  8. Show offs! by khendron · · Score: 4, Funny

    Netscape just wanted to show off how they can produce patches faster than Microsoft and Firefox.

    The promo goes like this: "Miscrosoft leaves holes unpatches for weeks, maybe months. Firefox sometimes takes a few days. But *we* can produce a patch in less than 24 hours! Na na!"

    --
    Life is like a web application. Sometime you need cookies just to get by.
  9. In other news... by kniLnamiJ-neB · · Score: 4, Funny

    Netscape released a statement saying that people who downloaded the browser labeled 8.0 actually got a mis-labeled copy of 7.9.9.9.9. The new version 8.1 will actually be 8.0 and the following patches labeled 8.1.1, 8.1.2, and 8.1.2.1, which will be released daily starting tomorrow, will be relabeled as 8.0.1, 8.1.0, and 8.1.2, respectively. ***NO CARRIER***

    We apologize for the above post. Those who were responsible for sacking those who were just sacked, have been sacked.

    --
    Windows isn't the answer... it's the question. NO is the answer!
  10. Re:Browser boys are back by Stibidor · · Score: 4, Informative

    As I recall from yesterday's news, one thing Netscape will give you that Firefox does not is "a toggle which allows switching between Mozilla and Microsoft's rendering engines as needed." The Best of Both Worlds(TM)

    --
    http://nerdfortress.com/
  11. Huh? by bsquizzato · · Score: 2, Interesting

    Why did Mozilla release Netscape 8, based on Firefox 1.0.3, AFTER they had released the fix? (1.0.4) Why wouldn't they just wait an extra day? Now there will be vulnerable Netscape 8's floating around if people aren't consciencious enough to check for updates daily.

    1. Re:Huh? by Zontar+The+Mindless · · Score: 4, Informative

      > Why did Mozilla release Netscape 8...?

      Um, Mozilla didn't release it -- AOL did.

      --
      Il n'y a pas de Planet B.
  12. Re:Before the first day was out, no less! by Buran · · Score: 2, Funny

    I got a page like that one when trying to use a brand-new nightly, released THE NIGHT BEFORE, when trying to visit the Firefox extension list page. I had to hack my user-agent string to explicity claim to be 1.0.4 even though I was using a NIGHTLY OF THAT BROWSER, and it wouldn't let me in.

    Yeesh. Some coder needed a good tongue-lashing that day.

    --
    i am a soviet space shuttle
  13. Re:Browser boys are back by Gallandro · · Score: 2, Interesting

    Another thing from yesterday's post (Linked in previous comment): The netscape browser seems to come with a lot more 'features' built in than firefox. And many of those features can be quite difficult to disable. One user reported that Netscape would not stop asking him if he wanted it to remember his passwords, even after unchecking "remember passwords" boxes in 3 different places in his preferences.

  14. Re:Browser boys are back by It+doesn't+come+easy · · Score: 2, Funny

    Firefox also has the best of both worlds...hehe

    --
    The NSA: The only part of the US government that actually listens.
  15. Rather embarassing by Phil246 · · Score: 2, Insightful

    Regardless of the reasons why - For a software company to release a patch for a product they released 24 hours ago is , to say the least embarassing.
    I would imagine there are quite a few red faces around netscape today

  16. gross misuse of the term by gosand · · Score: 2, Insightful
    Imagine if civil engineers started doing the same with buildings and bridges.

    Imagine if software developers were held to the same standards as engineers.

    I get tired people comparing software development to real engineering when developers refuse to follow the same rigorous standards that engineering disciplines have to follow. There are some software engineers out there, but most of the people with that title are simply software developers. Not that every piece of software needs to be engineered, but way too many "software engineers" have no business using the word engineer when they refuse to follow any type of rigorous process around software development.

    Again - most software doesn't need to be engineered, but some does. The term "software engineer" is grossly misued most of the time.

    --

    My beliefs do not require that you agree with them.

  17. Really a patch or complete download? by klui · · Score: 2, Interesting

    I'm really curious if this is indeed an incremental patch or Mozilla's idea of one--namely a complete download of the product.

  18. Automatic updates by POWRSURG · · Score: 2, Informative

    I installed Netscape 8 the day it came out for testing purposes. I saw this story, went to Netscape with their default skin and found they had nothing similiar to the Firefox's red ! to alert me that updates were necessary. I went to Tools->Advanced->Software Update and found Automatically Download and install updates was checked by default, so I checked my UA string to find it was still Netscape 8.0. Went back to Software Update and ran Check Now and it did not find any updates. Switched to their other theme (I do appreciate it coming with two themes provided for users to choose from) and found no icon next to that throbber either (as one might expect). Will this be turned on/fixed in the future, or was the functionality for this in the 17 MB minimum hard drive space system requirements difference between it and Firefox?

    This coupled with the fact that Firefox themes/extensions do not work and the fact that it has twice the recommended system requirement for processor speed and memory (which seems accurate as it seems slower than Firefox and I am somewhere in between Firefox and Netscape's recoomended CPU speed) are just a few of the reasons I will not switch back.