Slashdot Mirror
Firefox 1.0.7 Released
hackajar writes "Firefox 1.0.7 has been released today. From the announcement "Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. There are also other security and stability changes, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.""
...are here here.
Also, from the Mozillazine article, looks like Portable Firefox has been updated as well.
And I'm posting this with 1.0.7, good times...
The Army reading list
Slashdot subscription: $10.00.
Getting to download the next version of Firefox before the site gets Slashdotted: priceless !
That's perfectly fits with yesterday's news about Mozilla foundation being more reactive to security fixes than M$.
And yet again, users of localised build were left in the cold.
Think about your grandpa, who doesn't know english. He can't use non-translated build and is left with vulnerable, older version.
Good work, Firefox developers!
:wq
I've tried to hammer 1.0.7 and see if I could reproduce the same crashes that happened in 1.0.6 and this issue *seems* to be fixed. Also, upgraded to (ewww!) Flash Player 8. Seems to be an improvement as well. (I say this because the previous issue usually happened on sites with Flash)
The british latest is still 1.0.6.
I can't understand why bugfixes, which wont change any of the text shown to the user (other than perhaps the version number), cannot be released for all locals at the same time.
HA! I don't have your insecure Linux problems. I run Windows!
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
Too many regressions caused by security updates, and people will turn off auto-update. That's the very reason that Microsoft moved to a monthly update cycle. Getting updates out quickly is important, but unless the security hole is being actively exploited, it's probably more important to make sure nothing else gets broken by the fix. If you convince people not to install updates, then you're in really big trouble.
Whoever corrects a mocker invites insult;
whoever rebukes a wicked man incurs abuse.
--Proverbs 9:7
Will middle-clicking to oplen a link in a new tab
ever show up in an official release for OSX? It's really retarded that I must rely on nightly betas in order to use this simple feature, in which case I can't use most of the plugins that made Firefox attractive to me in the first place. Very frustrating.
A sentence you'll never see on an Internet discussion board: "You know what? You're right."
From the trunk, every so often (less frequently in the last two years) branches are cut. These branches are the 1.x branches, and from them the stable releases are created. Currently we have the 1.7 branch as the long-lived stable-branch (MoFo is committed to keeping its builds from this branch updated with security fixes for a while yet, while not changing its functionality). Mozilla 1.7.11 and this release, Firefox 1.0.7, are made from this branch. Also expect upcoming Thunderbird 1.0.7 and Mozilla 1.7.12 releases.
The Aviary 1.0 branch is basically the same as the Mozilla 1.7 branch, but is referred to specifically when talking about Firefox and Thunderbird. (It's more a CVS branch tag than something you should know about.)
Then, only recently, the 1.8 branch was created. A number of must-fix bugs still present on this branch have been identified, and these are currently being worked on. Once that's all done, Firefox 1.5, Thunderbird 1.5 and SeaMonkey 1.0 (the successor to the Mozilla application suite) will be released from it.
Deer Park 1.5 Beta 1 and SeaMonkey 1.0 Alpha were releases from this newly formed 1.8 branch, to show what is being worked toward.
It's likely that version numbers of all products/projects will converge at 2.0 in 1-2 years - although this might come after Mozilla 1.7.11 or thereabouts, depending on the necessary functionality specified for Mozilla/Gecko 2.0 (so based on what the backend needs, not frontend functionality).
Of course, it's just as likely that this won't happen. I'd bet MoFo itself doesn't know yet. They're not all that good at planning ahead.
I've had a problem with Firefox lately (starting around build 1.04, which may just be coincidental with a new malevolent popup technique being invented) on both my Windows and OSX boxes. Specifically, there are certain ads that cause Firefox to crash hard, and they aren't just bad ads from porn sites. I've occasionally gotten them on Blues News and NY Times for example.
In some cases, I'm lucky to get an exception and can restart Firefox. However, in most cases, the application freezes. On OSX, I get the swirling beach ball of death and have to manually force quit Firefox. On windows, I can usually close Firefox, but only the main window closes. I still have to manually kill the process before I can start a new instance.
Since then, I've moved on to 1.5 alpha and it while I don't believe I am currently experiencing those problems, 1.5 alpha has a whole new set of problems all its own.
My question is... have these ad related crashes been fixed (or am I the only experiencing them)? I'd like us to the most stable version possible, but when 1.5 alpha is better than the 1.0x builds, I'm left wondering what went wrong...
If this isn't resolved soon, I just might have to give AdBlock another shot. I'm trying to be a good netizen, but when you're ads kill my browser, you leave me with little choice!
Bryan
but unless the security hole is being actively exploited, it's probably more important to make sure nothing else gets broken by the fix.
Enter the paradox: If the fix isn't released until a month, the security hole CAN and WILL be actively exploited.
In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?
I got this all the time too - apparently this isn't a Firefox problem but instead a memory leak in the Flash plugin.
r y.html
See here for workaround: http://fusion94.org/archives/2005/07/firefox_memo
That's not such a good idea in general. Installs from the distro are tested and signed (pretty sure not to be infected with viruses) whereas Firefox's update system assumes behavior of crappy OS like Windows that doesn't auto-update all programs as needed. Auto-update is a good idea but they should strive to work with existing update infrastructures when those exist. There is to much conflict between apt/yum/rug/whatever and Firefox's own update system and it does cause bugs and odd behavior sometimes. That doesn't make it a good idea to abandon the update infrastructure provided by your distro. :)
On the other hand I think distros need to recognize the need of users to install software at the user-level and make their packages and package mgmt system work better for that. As it is they tend to make it difficult to install packages just for a single user.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Heh, a list of many complex actions involving different user ID's, directories and other computer "magic" as seen from a users perspective, followed by:
i s-so-cool-i-kick-your-ass stuff - I know, i use linux and firefox. but that still doesn't make it an easy install. The distro install, incidentally, is pretty easy though, so just wait for the vendor updates mmmkay?
"The install was as easy as anything packaged by Vise or InstallShield"
Can you please pass some of that crack you seem to be smoking? I'm a big linux fan, but installing anything, not in the least a user install from firefox, does not compare with the "double click setup.exe" from vise or installshield.
And before all the fanboys knee-jerk with the security/spyware/virus/whatever-my-linux-kung-fu-
People who think they know everything are a great annoyance to those of us who do.
Someone seriously needs to mod the parent UP. This is a very insightful observation about one of the fundamental, systemic problems with desktop OSes (Linux-based and otherwise).
The fact that it is possible for an application to be installed by any mechanism other than the official method provided by the desktop/OS, thus straying from all standard conventions defined by the desktop/OS, means it's too easy for users to screw up and break things. The fact that an application must come with its own installation executable just illustrates how the desktop/OS is failing to provide the services the application developers need.
The desktop/OS should require a software package to provide a data-based manifest of installation actions it needs (generally similar to Microsoft's MSI/Windows Installer technology, but without the notion of Custom Actions), and the desktop/OS should execute the installation. And that should be the ONLY way for anything to get installed onto the system (unlike the architecture of Windows, where standalone installers such as InstallShield can still bypass the central MSI/Windows Installer way of doing things).
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
Symantec sells security software that covers up Microsoft vulnerabilities.
If everybody stopped using IE and Outlook, half of their business might go away.
Have you read my blog lately?