Slashdot Mirror
Firefox 1.0.7 Released
hackajar writes "Firefox 1.0.7 has been released today. From the announcement "Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. There are also other security and stability changes, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.""
...are here here.
Also, from the Mozillazine article, looks like Portable Firefox has been updated as well.
And I'm posting this with 1.0.7, good times...
The Army reading list
Download it now if you're impatient, or wait a day or two for it to appear in the browser updates, as usual.
I've tried to hammer 1.0.7 and see if I could reproduce the same crashes that happened in 1.0.6 and this issue *seems* to be fixed. Also, upgraded to (ewww!) Flash Player 8. Seems to be an improvement as well. (I say this because the previous issue usually happened on sites with Flash)
From the trunk, every so often (less frequently in the last two years) branches are cut. These branches are the 1.x branches, and from them the stable releases are created. Currently we have the 1.7 branch as the long-lived stable-branch (MoFo is committed to keeping its builds from this branch updated with security fixes for a while yet, while not changing its functionality). Mozilla 1.7.11 and this release, Firefox 1.0.7, are made from this branch. Also expect upcoming Thunderbird 1.0.7 and Mozilla 1.7.12 releases.
The Aviary 1.0 branch is basically the same as the Mozilla 1.7 branch, but is referred to specifically when talking about Firefox and Thunderbird. (It's more a CVS branch tag than something you should know about.)
Then, only recently, the 1.8 branch was created. A number of must-fix bugs still present on this branch have been identified, and these are currently being worked on. Once that's all done, Firefox 1.5, Thunderbird 1.5 and SeaMonkey 1.0 (the successor to the Mozilla application suite) will be released from it.
Deer Park 1.5 Beta 1 and SeaMonkey 1.0 Alpha were releases from this newly formed 1.8 branch, to show what is being worked toward.
It's likely that version numbers of all products/projects will converge at 2.0 in 1-2 years - although this might come after Mozilla 1.7.11 or thereabouts, depending on the necessary functionality specified for Mozilla/Gecko 2.0 (so based on what the backend needs, not frontend functionality).
Of course, it's just as likely that this won't happen. I'd bet MoFo itself doesn't know yet. They're not all that good at planning ahead.
http://ftp.mozilla.org/pub/mozilla.org/firefox/re
Mac OS X
http://ftp.mozilla.org/pub/mozilla.org/firefox/re
Windows
http://ftp.mozilla.org/pub/mozilla.org/firefox/re
I'm using 1.0.7 on OS X, and as I commented previous, I think the issues I had are fixed. (at least from what I can tell so far) I had the same issues as you describe. All my attempts to reproduce the swirling beach ball of death are unsuccessful, thankfully.
So you're saying that Firefox is string 750MB of data it got off the web?
Well, let's see, my DSL is quite fast, it is 6mbits/second actually (lucky me). That means that Firefox is storing the equivalent of 1,000 seconds or about 20 minutes of continuous downloading. For other people it could be easily double that.
Why doesn't that seem entirely correct to me? I'd know if I sat through 20 minutes total downloading.
BTW, IE doesn't soak up as much RAM, and it's pretty damn fast.
Firefox probably needs to look at more memory-efficient caching.
http://lkml.org/lkml/2005/8/20/95
1) Web pages don't take tens or hundreds of MB
2) Other browsers such as IE don't have this problem
Do any of the devs run tools like BoundsChecker over their code?
I got this all the time too - apparently this isn't a Firefox problem but instead a memory leak in the Flash plugin.
r y.html
See here for workaround: http://fusion94.org/archives/2005/07/firefox_memo
http://www.mozilla.org/mirrors.html
That said - yes, the firefox installer sucks donkey balls.
This has been an area that has received a lot of attention, and you should have no complaints about it anymore come 1.5
What about the Seamonkey Project?
That's not such a good idea in general. Installs from the distro are tested and signed (pretty sure not to be infected with viruses) whereas Firefox's update system assumes behavior of crappy OS like Windows that doesn't auto-update all programs as needed. Auto-update is a good idea but they should strive to work with existing update infrastructures when those exist. There is to much conflict between apt/yum/rug/whatever and Firefox's own update system and it does cause bugs and odd behavior sometimes. That doesn't make it a good idea to abandon the update infrastructure provided by your distro. :)
On the other hand I think distros need to recognize the need of users to install software at the user-level and make their packages and package mgmt system work better for that. As it is they tend to make it difficult to install packages just for a single user.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
It doesn't matter what groups you are in (or who owns the directory). Barring things like a suid firefox (which is a sign that someone needs to learn more about how *nix works) and sudo (which is a sign that someone might need to learn more about how *nix works), it runs as the user who launched it.
Check your 'about:config' to make sure the 'accessibility.browsewithcaret' setting is set to 'false'
Now I have a version of Firefox that runs as me instead of running as root, which I'm sure is a lot more secure than the way I had it last time.
I don't think so.
Normally, you install as root, and run as user.
This means, that, as a user, you cannot damage your installation.
Now, you run as the same user that installed it.
This means that you can damage the installation as well.
while I am using Opera right now (I downloaded it back when they had the party where they gave away free codes), I doubt I will keep it. While some pages that didn't work for firefox do work for Opera, I have noticed the oposite as well...and the pages that don't work for Opera are more important to me than the ones that don't work for firefox. Opera has also crashed on me several times, and I have never had a problem with firefox crashing.
I honestly don't care about the whole open source thing. I don't have a problem with companies keeping their source private. Hell, they wrote it. However, it seems to me that firefox is simply a better product that either IE or Opera.
The "Extremely Critical" problem listed on Secunia is actually only a problem for a small percentage of users. (not to discount it, just pointing out that it's not for all users). In case anyone is interested, the problem is simply that the Firefox launching script that shipped with previous versions doesn't verify input. This means that it processes
http://local`rm -rf $HOME1`host
through the shell, which of course is bad. However, the key points here are
a) It only affects the Linux/Unix platform
b) It only affects the user Firefox runs as
c) It only works if you are calling Firefox from an external application (i.e. clicking a link in a webpage won't do it), and that application has to do no checking of the arguments.
For example, if I try to load the link above in KDE, the url is processed by KDE before it is passed on to the Firefox launch script, and gives me an error that the host does not exist rather than actually executing the command.
In regards to the rest of your comment, it's silly to think that any development process is free of bugs. The idea behind with Open Source is simply that more people looking at the code means more people finding bugs. This may or may not be true. The point is, Open Source advocates don't claim OSS is free of bugs or security holes, just that it's a better model to find and patch bugs because you have an army of people looking at the code. In theory, you'd expect even MORE bugs to be found in OSS, but also for them to be patched faster.
Vulnerabilities will still be found, and they will still exist - people make mistakes. You make assumptions and mistakes when you code, like assuming someone isn't going to pass in a link with `rm -rf $HOME` embedded in backticks. That will always happen, no matter what the software is, or who writes it, but what matters is how you can respond to it. I don't believe that either Microsoft or Mozilla is doing all that great in that sense. Mozilla may take a giant leap forward once binary patching is available for updates - we'll see. I'm not defending the Mozilla foundation or bashing Microsoft here, but I do take umbrage to the insinuation that finding bugs means Open Source is a bad development model.
On Windows, I switched from:
Netscape -> IE -> Mozilla -> Firefox (in 2004) -> Opera 8.5 (yesterday)
I wish Firefox 2.0 would incorporate some of the featuers of Opera and the next release of Opera would take some from Firefox.
After a day of using Opera 8.5, I've decided to make it my primary browser. I'm hoping Firefox 2.0 is good enough for me to switch back.
But there are some Firefox 1.06 features that I really miss in Opera 8.5--but not enough for me to go back to Firefox 1.x.
For example, the SEARCH feature in firefox where every matching instance of the word/phrase is highlighted on the page. Also, the COOKIES prompt that comes up (disabled by default in Opera) is simpler in Firefox--it doesn't have as many dropdown choices on what to do--Opera should make a less-advanced dialog available like the one in Firefox. And I got used to the tab pages being below the address bar in Firefox--Opera should let user place tabs there too in case they don't like the new position (I didn't like it for a few hours but now I prefer it).
In terms of what I'd like to see Firefox take from Opera:
1. no more random 100% cpu hogging on Windows that I got with Firefox = 1.06
2. speed. Opera feels snappier (on a 500mhz pc)
3. the nifty auto-hiding dropdown panel that appears when clicking on the address bar, which includes bookmarks, top-10 list, amazon search, etc.
4. ability to quickly change browser identification (IE vs Mozilla vs Opera) by selecting a menu--no need to edit config or dig into dialogs for this. for example, I keep it on Opera except when visiting sites that require IE. I'm guessing IE will show a jump in marketshare starting this month because Opera 8.5 defaults to identifying itself as IE.
Both Firefox 1.07 and Opera 8.5 are currently far superior to IE6--lets see what IE7 brings.
Obvious flamebait, but I'll respond nonetheless.
None of this is targetted toward consumers. These are just the internals, known only to developers, and confusing none but a handful of geeks on sites such as this.
End users are only ever exposed to "Firefox 1.0", "Firefox 1.5" e.a. (Not even the Deer Park betas - the publicity and marketing around those are carefully limited to only get up to the circle of powerusers who're competent enough to be useful testers.)
No this is not a "fact" of life. The problem here is that when the page is GONE, the memory is not released. If I open a big graphic file, and then close the tab, I expect to see the memory released, not LOST.
My god, this post is as useless as your comment...
If you have any extensions installed, try disabling them and see if that fixes the problem.
The shareholder is always right.