Slashdot Mirror
Firefox 1.0.7 Released
hackajar writes "Firefox 1.0.7 has been released today. From the announcement "Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. There are also other security and stability changes, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.""
It's like saying it's "New and Improved".
The british latest is still 1.0.6.
I can't understand why bugfixes, which wont change any of the text shown to the user (other than perhaps the version number), cannot be released for all locals at the same time.
That is not a problem, it is a feature that has already been explained in this article. Hint: try going to http://download.mozilla.org/?product=firefox-1.0.7 &os=win&lang=en-US
Will middle-clicking to oplen a link in a new tab
ever show up in an official release for OSX? It's really retarded that I must rely on nightly betas in order to use this simple feature, in which case I can't use most of the plugins that made Firefox attractive to me in the first place. Very frustrating.
A sentence you'll never see on an Internet discussion board: "You know what? You're right."
I've had a problem with Firefox lately (starting around build 1.04, which may just be coincidental with a new malevolent popup technique being invented) on both my Windows and OSX boxes. Specifically, there are certain ads that cause Firefox to crash hard, and they aren't just bad ads from porn sites. I've occasionally gotten them on Blues News and NY Times for example.
In some cases, I'm lucky to get an exception and can restart Firefox. However, in most cases, the application freezes. On OSX, I get the swirling beach ball of death and have to manually force quit Firefox. On windows, I can usually close Firefox, but only the main window closes. I still have to manually kill the process before I can start a new instance.
Since then, I've moved on to 1.5 alpha and it while I don't believe I am currently experiencing those problems, 1.5 alpha has a whole new set of problems all its own.
My question is... have these ad related crashes been fixed (or am I the only experiencing them)? I'd like us to the most stable version possible, but when 1.5 alpha is better than the 1.0x builds, I'm left wondering what went wrong...
If this isn't resolved soon, I just might have to give AdBlock another shot. I'm trying to be a good netizen, but when you're ads kill my browser, you leave me with little choice!
Bryan
FWIW, there's no updated version of the Mozilla Suite, either - anyone who's using that is, well, stuck. I know that the Mozilla people want everyone to use Firefox, but this kind of "we don't care" attitude is just as arrogant as Microsoft's.
I'm seriously thinking about switching to Opera, myself. It's faster, it uses less memory, it's more standards-compliant, and now it's free, too - I honestly don't know what's keeping me, outside of laziness, maybe.
I hope some of the Mozilla people (Asa etc.) read this and think about it. Do you hear me? This kind of attitude will not convince Seamonkey users to switch to Firefox, it will convince them to switch to something else entirely because you're making it clear that you don't give a shit about them! You have a big problem, and it will come back to bite you sooner or later, so you'd better start working on it - or at least acknowledge that it exists.
quidquid latine dictum sit altum videtur.
That's simply unacceptable. Whether the reason is good or bad, and I'm understanding of the bandwidth issue and the costs associated, we're leaving potentially millions of machines open to exploit. Hardly a claim to a more secure future.
I can't wait until 1.5 goes live and we can ditch this stupid unmodular system that we've been 'graced' with.
You want to know who isn't running Firefox 2.x? They spell it "definately" and "rediculous".
but unless the security hole is being actively exploited, it's probably more important to make sure nothing else gets broken by the fix.
Enter the paradox: If the fix isn't released until a month, the security hole CAN and WILL be actively exploited.
In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?
Then do what I do: don't use your distro's tools to install Firefox, use their Linux installer and install to a subdir in your user directory.
/home/mydir called firefox106. Last time I installed as root there so I had to remove the directory as root.
I had my Firefox 1.0.6. installed in a directory under
Then, as me, I set up a directory called Firefox107. I made a directory under that one called Firefox as the installation area for the install of Firefox 1.0.7. I then downloaded the Linux installer for 1.0.7 directly from mozilla.org. I untarred/gunzipped the installer into the Firefox107 directory. It made a firefox-installer directory under Firefox107 where I then clicked the firefox-installer script to start the install process. Again, I installed as me, not as root. The install was as easy as anything packaged by Vise or InstallShield. I pointed the installer to the Firefox directory. Badabingbadabangbadaboom!
Now I have a version of Firefox that runs as me instead of running as root, which I'm sure is a lot more secure than the way I had it last time. Next time there is an update, I can just do the same thing. Create a new directory for the new version to live, download the installer from mozilla.org, delete the old one, run the installer. Easy.
Knowledge is power. Knowledge shared is power multiplied.
I been searching everywere for a HP-UX port. What I don't understand is that mozilla has builds for OS2 but not for HP-UX. I don't know you guys but I think HP-UX has way more active users than OS2.
I know there is a "official" HP mozilla build. But I like more firefox (slimer and faster). Specialy because my desktop is not that fast (PA8500 400mhz).
BSD licensed software can't be stolen....
I noticed some of these too. Quite annoying. Instead of using Adblock or something similar, first try downloading a good hosts file for blocking ads. Info and links
My beliefs do not require that you agree with them.
Apologetic fanboy.
This Firefox release is an opportunity for me to ask a question I've been thinking a lot about lately: on GNU/Linux, is the web browser a package that's better handled outside of the context of the distribution's package manager? I'm running Gentoo right now, and I love Portage, but there will at least be some delay between the Firefox release and a new ebuild being available. And in order to emerge this new release I'd need to sync my Portage tree again, which I don't have any other particular need to do right now (once or twice emerge sync has caused me problems, usually because it causes me to subsequently update some package that I originally emerged with USE flags set that I neglected to add to my make.conf).
Anyhow, the basic idea is that Firefox is a package that has to be updated at specific times, and I know when those times are, and they aren't necessarily times that my system as a whole needs to be updated.
There are few other packages that depend on Firefox; all I can really think of are plugins and extensions. Plugins don't typically require a specific FF version, and I get my extensions centrally from mozdev. So can you guys think of anything I'd lose by unmerging FF from Portage, installing a stub in its place, and just using the official builds from mozilla.org? Besides the potential optimization? (I would say integration and consistency with the overall system in terms of file placement and stuff, but... that doesn't seem to happen anyway. It's not an easy thing to fit a huge X application into Unix directory conventions based on the concept of many small programs doing one thing well...)
The main other package to which I'd apply this type of thinking is OOo. I wouldn't apply it to KDE or Gnome (though I don't directly use either) because they contain many useful libraries, and I feel that the handling of libraries is a real strength of package management systems. Can you guys think of any other packages that might not be best handled by package management?
The worst that should ever happen is that you lose any new data (from this morning until now).
The really important data is usually kept inside databases that the user does not have rights to delete.
Wiping out your home directory is only "annoying" (unless you have an important meeting in a few minutes).
Infecting the system is "BAD" because then EVERYONE's data is vulnerable AND you cannot trust last night's backups. You must go back and find out when you were infected and, in some cases, recreate ALL of the data that was in those databases since that point.
Sure, the user might be pissed that his spreadsheet was deleted by the "cool screensaver" that he just tried to download AND he has a meeting with the division president in the next 15 minutes
but that don't mean jack when the CFO notices that none of the numbers match for the last 3 months anymore.It's not a "miracle cure" but it does protect the most important information the company has.
Ideally, the user's home directories will be set to non-execute so that crap they download won't destroy their data.
Even with both of those in place, I still get people who DELETE THEIR OWN FILES and need them restored from the night before.
Security is all about IDENTIFYING the risks and REDUCING them.
I can reduce the risks of everything else to a point below that of regular human stupidity. But nothing will ever save you from that.
As it curently is, Firefox 1.5 beta isn't for everyone. I installed it an ran it when it was launched and I simply can't use it. It just segfaults at startup without warning what caused it.
I don't know if this problem is frequent or if there is a fix for it but at least that little showstopper made it impossible for me to try 1.5.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.