Slashdot Mirror
Firefox Update Kills Bugs, Adds Mac Support
Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox 1.5.0.2, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release."
I just installed it. The memory leak hasn't been fixed. In fact, it's gotten worse!
This time around, almost all extension and theme authors got the version dependency right, so unlike after the previous update, your extensions and themes won't be disabled. It's a security update, so do install it.
haha, no, seriously.. i'm joking
..*ducks*
Peace, Love, Unity, Respect
From Burning Edge:5 .0.2.html
http://www.squarefree.com/burningedge/releases/1.
- Memory leaks
- 321283 - Using Find causes documents to leak.
- 323532 - Leak when using history autocomplete.
- 323377 - Lots of leaks in nsInternetSearchService.
Numerous times would I come home to see Firefox using over a gig of memory and eating up about 40% of my proc cycles. A quick quit/restart of the app would fix it, but still -- I regularly close tabs and don't develop long histories on multiple open tabs, so it didn't make any sense.I just hope that those leaks are the ones I was actually experiencing...
Sweet baby Jesus, it fixes 21 separate issues *all of which can be used to execute arbitrary code*! Did they have time to fix any vulnerabilities which were only "somewhat critical"?
SeaMonkey was updated to version 1.0.1 for security reasons too
s /
http://www.mozilla.org/projects/seamonkey/release
The original poster might want to read this: Firefox "Memory Leak" is a Feature
Just to clarify, Firefox has long had Mac support. This distribution adds Universal Binary support so that Firefox is now native for Intel Macs.
It's nice to see that the update notifier now prompts you with options. I would rather this approach than the previous way of updating at startup without any warning or choice.
- Andrew
I meta-moderate because I care.
But the good news is, that about:config trick where you minimize your window, then maximize it again still works.
Anyone who has used both extensively have an opinion on the comparison?
Don't blame me; I'm never given mod points.
It did it again.
I have firefox set to inform me that theres an update.
In my eyes that update check should only occur when I open a window, NOT when I'm in the middle of typing.
I saw a flash of something whilst I was typing and realised I had inadvertantly accepted a popup box.
I want to set Firefox to inform me of updates, but make sure it only does that when opening a new window or tab (so it knows I'm not actively typing).
liqbase
Mozilla/Firefox still ignores the ALIGN attribute within a COLGROUP element:
<colgroup align="center">
This is a longstanding bug yet to be fixed.
Uhh, every Cocoa app supports built-in spellchecking using the system spell-checker. Don't believe me? Get a real browser.
Yeah. The noscript extension is very nice. I'll miss that if I downgrade. Actually, I hadn't considered Camino. But upon looking at the site, it appears to be a version downgrade with built-in spellcheck and ad-block. Which, if I'm already considering a downgrade to 1.0.x, I might as well try that out too. Thanks for the suggestion.
Ah. I see. You're here to help me learn what is a "real" browser and what is not by linking to a commercial product. You are a walking advertisement with an anchor tag. Most helpful.
It may have to do with the presumption of the developers that folks smart enough not to use the default IE in windows are so smart they don't need a spell check. The fact it was in 1.0.x was an oversight.
Hmmmm, I could use autocorrect for typing my own last name in more than just Word. Put the accent marks in automagically.
The world is made by those who show up for the job.
Why? Look's like you spell fine to me, aside from "actaully."
It's poetry with a beat behind it! And guns! They're like beatniks with automatic weapons.
Be careful with this line of reasoning. All along there's been this mantra of "Firefox is inherently more secure, and would be even if it were the dominant browser" spouted continuously. Well, I happen think the GP makes a great point about this, and your reasoning seems to fly in the face of the mantra. Don't get me wrong--I'm one of these said spouters--but I'm honestly feeling more than a bit hypocritical at this moment. These are some damn serious issues, and it's not just a handful.
Now, I suspect the reason for this is that the Firefox community as a whole (users and developers) are far more pre-disposed to actually finding and publicly disclosing such bugs. My guess is that we really only see the tip of the IE iceberg in terms of security.
However, we still can't have it both ways; these are indeed very critical bugs, and to dismiss them otherwise may seem beneficial, but it's actually a great disservice.
actaully, my speeling is attroshious. I also need help with grammer and punktuation mark's.
help me firefox team, your my only hope!
Lack of a Firefox 1.5.x spellcheck extension is "Offtopic" in a forum about the recent firefox 1.5.x update?
I'm not to serious into the Firefox vs. IE vs Opera debate. What i do know is i like tabs (in browsing, in chats, etc) and I like firefox because of the fact that when going to sites with code that installs USUALLY you get a nice popup saying "Do you want to save or open this file". When you are playing with Acess, MS project server, Slashdot etc, you don't alway have the attention to make sure you pages aren't installing programs for you. In my opinion the great test will be if this new version doesn't crash so often when i Use it to view MS project using IE tabs.
OT, but /. should really think about a better way to target the advertising. I don't think anyone is interested in "Comparing prices on Mozilla".
If the release includes changes other than security fixes, wouldn't it be better to call it 1.5.1? In fact, Firefox 1.0.8 has been released too, and it increments the third rather than the fourth number for similar changes. Maybe Firefox developers want to convince users that the changes from 1.5 are really tiny? But it's not true, judging by the release notes.
Yes, we all know. The developers say that the memory cache explains the leaks.
THEY ARE LIEING.
Everyone needs to understand that. They are lieing.
Opera has a far superior memory cache feature for going forward and backward. Yet it doesn't leak up to 1GB of memory in a day's worth of use.
The Firefox memory leaks are a BUG, and not caused by any feature (other than poor memory management). They're caused by poor design and sloppy coding, period.
Firefox "kills" bug in headline, never to be seen again! Might as well call it Firefox Raid. While "IE has flaws" usually in headlines. Not like either of them is even close to being infallible, nor will they ever be, but I guess with the extremely biased editors this is to be expected.
The new release could have patched a hole that would have otherwise let the browser rape you in your sleep. Note the headline, when it's Firefox it reads "kills bugs". You'll never see that with an IE patch headline.
I'm sure "SlashdotMedia" will improve on all the wonders that Dice Holdings blessed us all with
Does anyone know of any SSE2 etc. optimized builds available? The Mozilla forums seem to have died.
1.0.8 for many platforms is at: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/rele ases/1.0.8
Here's the URL I got it from:
reclaim leaked memory
In case this poor bastard's site gets Slashdotted, here's the trick:
1. Open Firefox and go to the Address Bar. Type in about:config and then press Enter.
2. Right Click in the page and select New -> Boolean.
3. In the box that pops up enter config.trim_on_minimize. Press Enter.
4. Now select True and then press Enter.
5. Restart Firefox.
Once you've restarted, and been using FF awhile, minimize it, then bring it back, and the system (under Windows, anyway) will have reclaimed leaked memory (often LOTS of it). A new notice on that page says this works with Thunderbird, too, so I'll have to try that when I get to work.
Have your young programs been making memory messes lately? Then you should try Pampers for programs, and if you have a program between versions 2.0-10.0 then try Pampers for Big programs... :P
Firefox is reported to pass the ACID2 test as well. Though it's just a development branch and there's still a load of work to do, it's nice to see they are finally getting to the finish.
This is the one that I was looking for (Yahoo! Mail Beta randomly crashes, causing the loss of whatever email is being written)
8 3
https://bugzilla.mozilla.org/show_bug.cgi?id=3226
-=Lothsahn=-
That the mozilla.com english firefox download link goes to some archive.hk site. Incredibly creepy. I'll be waiting a few days before updating, just in case.
Those are features!
-- Tigger warning: This post may contain tiggers! --
...if Firefox hadn't updated itself before I got to read the article.
-g.
That's 10% of what market--all Internet-connected computers on the planet? I think not. It's only 10% of some arguably small subset of all possible users. I've seen many logs of consumer retail sites showing Firefox represents more like 3% of the market (8% if you include Mozilla/SeaMonkey plus Netscape). And I'd further hypothesize that the Firefox users are biased, due to self-selection, to be more security aware and more likely to run other defensive utilities. Even it it were 10%, it's not even close to IE. Recall the days long ago when all the trade rags were saying Macs would never become dominant because software developers would always prefer to target 90% of users (on Windows), not the 10% on Macs. Well, advances in cross-platform development have helped, but indeed Macs are still (a dozen years later) nowhere near being dominant.
I don't know anyone whose computer is full of spyware because they use FF, but almost everyone I know who regularly uses IE complains how slow their computer is, and I look at their browser and there are 3 search bars that they have no idea where they came from or how to uninstall them.
Your anecdote, weak as it might be, actually supports my arguments, both above and in my GP post. You are jumping to the conclusion that a causal relationship exists, whereas I disagree. I'm much more inclined to say this is true only because the Firefox users represent a significantly different subset of all users, who are more aware of the security risks/benefits.
The reality is, FF discloses a vulnerability that ~could~ be exploited, then promptly fixes it, while IE doesn't disclose serious vulnerabilities that ~ARE~ being exploited and ~doesn't~ fix them. There are still ultra-critical IE exploits that have been in the wild for over a year, still resulting in drive-by installations, for which there still isn't a patch.
I agreed with this point already in my GP posting.
I feel and ~am~ much safer using FF and will continue to do so. All you have to look at is the reality, I've NEVER had a single piece of spyware installed since using FF (3 or 4 years). The same could not be said when I used IE, and cannot be said of friends that insist on still using IE.
Once again, beware of drawing such conclusions from the somewhat limited set of data you have. By all means continue to use Firefox and feel (and indeed become and stay in general) safer. But please note that this still does not mitigate the security implications of the existence of such a large number of critical bugs.
I just wish that it had told me which extensions will no longer be working *before* it did the update. You have to install the update before it tells you. Some extensions can be updated. Some will be killed.
I lost AniDisable and AutoForm. I'm going to miss AutoForm.
Progress has a price.
Development version of SpellBound works on Firefox 1.5.0.x.
1 30&start=0
http://forums.mozillazine.org/viewtopic.php?t=351
End of Line.
. ..
The google toolbar also has a spellchecker. I've basically been using it just for the spellchecker.
This is one of the nice things about Camino (as a Cocoa application, it gets access to OS X's builtin spellchecking)
Ditto for Safari and OmniWeb. Actually all three work with my spell-checker, grammar-checker, dictionary/thesaurus, language translations, text transformations, scripts, speak text, encryption tools, md5 checksums, text statistics (word count, char count, pages, etc.), Web lookups, XML processing tools, content summarizer, and a probably few other system services I've forgotten. The fact that Firefox can't use standard services is the reason I don't use it as my everyday browser. It is nice that it maintains cross-platform capabilities, but unless other platforms catch up to OS X for services I don't want to be limited to the abilities of the least common denominator. Services are, in my opinion, the most overlooked advance OS X has brought to my workstation.
So do you have a link to the page?
I'll probably be modded down for this...
It would be interesting to see how many times the automatic update is downloaded. At first glance it seems like that might be a good way to get some sort of idea as to how many people really are using Firefox.
also leaves your firefox unable to get to the web. I had to restart my PC twice before firefox could connect again - oddly enough, it somehow also managed to wipe out gmail notifier, MSIE, outlook, etc. Basically, I was teleported back to the B.I. (before Internet) there for awhile this morning.
I am still running Firefox 0.8 because all of the recent versions still have serious focus stealing problems under linux/enlightenment. I have filed bug reports (confirmed by others) but they've mostly been ignored for a couple years so I have given up.
It bugs the hell out of me because 0.8 is so outdated and insecure..
This doesn't reclaim anything. All it does is trim the working set which results in less RAM usage being reported and, will be more likely to page the memory to disk. If you use your system for awhile with the application minimized, it will likely be very unresponsive once restored.
If anyone's vulnerabilities ~should~ be actively exploited it's FF's, because the source is read and there is full disclosure on the vulnerabilities. But I know of almost none that have been, and none that were widespread.
How many people do you think are really "reading" the source. And when I say read, I don't mean downloading the source, opening up a couple files in vim just to check it out, then build it and be on your merry way. And I'm not talking about average C++ programmers either. I'm talking about C++ programmers that actually understand the codebase. It's probably not as many as the usual open source groupthink claims.
That said, I still trust Firefox more than IE. And I'm pretty much "locked-in" to it with the tabs and especially the extensions. I still haven't found a modern browser that renders as fast as IE though - if you don't count Dillo.
Not to be pedantic, but the GP has a point: "leaked" memory is memory the program doesn't know about anymore, lost in the bowels of the machine. This memory is being used to cache the pages in history (to make the "back" functionality faster). It isn't leaked, it's working as intended.
Now, whether this is the right thing to do or not is pretty contested, but that's the design.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
This is one of the nice things about Camino (as a Cocoa application, it gets access to OS X's builtin spellchecking), but it might not stack up will against the current build of Firefox in terms of other features. There is always spellbound. I've been using the development version (which works with Firefox 1.5) and I have found it to be excellent. It may be nicer to have built in spell checking but spellbound is a good alternative. (And it works on most OS's)
"A witty saying proves nothing." -- Voltaire
This update scared the hell out of me. I couldn't tell if a 3rd party app had mysteriously been installed or if it was a trusted update from Mozilla... There was no information available in the popup itself and the update/release notes had not yet been released, we're not loaded into a tab or window and had not hit the web or cleared my ISP's cache. Yet, I get a popup telling me that, basicly, I may or may not be fucked if and when I permit Firefox to reload. It's important to facilitate end user verification and awareness of what a trusted 3rd party is about to do to their machine.
This is bad protocol. Many (and I mean MANY) 3rd party nightmares identify themselves as proper patches for trusted titles. Firefox's update looked exactly like several of them. It's IMPORTANT TO CLARIFY WHO YOU ARE AND WHAT YOU'RE DOING. This could be resolved in any number of convenient, non-frightening, ways (All of them, too obvious to list).
It would be of tremendous value to the more paranoid side of geekdom if Mozilla/Firefox also forced release notes to load at the time of notification of an update. It took me more than 4 hours to give in and run a complete system backup to dvd... all because my browser wanted a restart.
With every new release, CPU usage goes up by 10-20% in my system (ubuntu linux). I'm getting sick of this. May be with Dapper (clean install), I should upgrade myself to epiphany... The heat burns my private places now (laptop). aie aie
When are they going to fix the bug where the developers just keep on throwing new stupid crap features into Firefox and won't fix bugs that annoy real people? That's the biggest farkin' bug.
maybe if they would have taken the time to write bug-free code the first time, they wouldn't have to come out with a new point release every few weeks.
Camino actually does not benefit from inline spell checking. While the text boxes look move native than in Firefox, they are still drawn by Gecko and are not the standard form elements seen in other Mac OS X applications. I believe the developers are in the process of making the text boxes (more) native, but unfortunately the current release of Camino is lacking this feature.
That comment it only a troll because it hurt your little OSS feelings. Everything I said is true. The FF may be more secure but it for sure has some really issues on the memory front on the Mac. On the PC I have not had problems with it. So unless you have used it on the Mac and know it to not do what I am saying how is it a troll? Oh its a troll because you don't agree. I get it.
OMG Ponies!!! with Glitter!!!! I miss Pink
I've never experienced the memory leak issue with my firefox, but for those that do - maybe this clarifies some things.
And for those that are really tight on memory there is always lynx ;)
And when you gaze long enough into the code, the code will also gaze into you.
You just havent figured that out. Firefox on nwindows and Linux operate the same. On a MAC geez. ANd Safari sucks
Thy punctuation appearest perfect to me but for "mark's." Thy problem seemest to me to be either in thy grammar or thy spelling, but in grammar, thy problem seemest to be in thy capitalization. Thy spelling, though, scarest all who readeth it.
(end shakespearean)
In plain English, that translates to: Except for the possessive on "marks" that you have wrongly placed, your punctuation looks perfect. The only grammar problem I can find in the parent post is that you're not capitalizing the beginnings of sentences, but your spelling is, like you said, "attroshious" (sic).