Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Update Kills Bugs, Adds Mac Support

Posted by ryuzaki0 on from the best-of-all-worlds dept.

Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox 1.5.0.2, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release."

8 of 232 comments (clear)

  1. "Fixes some security issues"? by YU+Nicks+NE+Way · · Score: 4, Interesting

    Sweet baby Jesus, it fixes 21 separate issues *all of which can be used to execute arbitrary code*! Did they have time to fix any vulnerabilities which were only "somewhat critical"?

    1. Re:"Fixes some security issues"? by Nasarius · · Score: 2, Interesting

      This is why Mozilla restricts access to security bug information. It's only an issue if it becomes public. By the way, I only count seven security-related bug fixes. Where are you getting 21?

      --
      LOAD "SIG",8,1
    2. Re:"Fixes some security issues"? by molarmass192 · · Score: 2, Interesting

      1%??? Ummm, FF has 12% market share and growing. My server logs show it closer to 20%, but then again we serve a specalized market.

      --

      Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
  2. Re:Themes and extensions keep working by sisukapalli1 · · Score: 2, Interesting

    Several extensions broke down. "Compact Menu" -- had to go to the home page to reinstall (Firefox said no updates found), "Cute Menus" broke completely. "Mnenhy" broke.

    BTW, the update installation caught me by surprise. When FF asked confirmation for update, I checked the option "later" (meaning, ask later). Next time I started, FF updated itself, and broke some extensions.

    S

  3. Re:It still leaks! by shawn(at)fsu · · Score: 3, Interesting

    if it doesn't work as well for you, something else is wrong.
    Just because it works fine on one machine is no guarantee that it will work just as well on other machines.

    I'm up to 80 megs used with only 4 tabs open (CNN /. Gmail, Milk&Cookies). I changed the setting in about.config weeks ago.

    Firefox doesn't release memory like it should. It jumped from 50 to 75 when I opened a new window to view a QuickTime movie, when I closed it the memory wasn't release. If I watch a wmv file it will routinely jumped in to the high 90's low 100's. I opened the same pages with IE and when I close the window with the QuickTime movie the memory jumps back down.

    --
    500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
  4. Re:Optimized Builds by tomstdenis · · Score: 2, Interesting

    How would SSE2 speed up rendering HTML?

    If you think about it your webbrowser is for the most part a on-the-fly compiler, parsing HTML, XHTML, JS, etc and compiling it into onscreen "stuff".

    Your question is like asking when GCC will support SSE2 natively to speed itself up.

    There may be a few graphic algorithms that can benefit from SSE2 but for the most part nothing else.

    Tom

    --
    Someday, I'll have a real sig.
  5. Re:LEAKS ARE NOT A FEATURE! by dveditz · · Score: 2, Interesting
    The developers say that the memory cache explains the leaks.

    THEY ARE LIEING.

    One developer blogged that the memory cache explains some of the leaks.

    We've also said bugs in popular extensions cause some of the leaks. http://kb.mozillazine.org/Problematic_extensions

    But anyone who watches the project will see that we know leaks are bugs and are actively fixing them. Look in bugzilla, or look at the change logs of recent releases, for example: http://www.squarefree.com/burningedge/releases/1.5 .0.2.html

  6. Re:Arguable by dereference · · Score: 2, Interesting
    Good grief; I must have fallen for a troll. Sorry, I really thought we were have a nice healthy discourse, but it seems you aren't listening except to yourself. I'm not attacking your precious browser, for crying out loud I use it myself. I'm just trying to get you to open your eyes just a bit wider.

    I'm simply trying to point out the difference between a vulnerability that could, theoretically, be used for arbitrary code execution, and one that IS being used daily for arbitrary code execution, drive-by installations, etc.

    Yes, I know; I understood that from the beginning. I never disputed this.

    Mozilla is the one being honest, but if you look at the sheer numbers and not the descriptions of the vulnerabilities, it often appears that FF has 3 times as many "critical" vulnerabilities as IE, when just the opposite may be true.

    Well, this is where I realized you weren't paying attention. I explained in three different postings that I was not just counting the damn vulnerabilities. This is all about the *severity* of the issues. Yes, it's all self-reported, and yes, Mozilla is over-reacting relative to Microsoft.

    So, I get your point, but I think you're still missing mine. These are bad flaws. No matter how much you want to spin it, or to discount it due to Mozilla's over-reaction tendencies, these are *still* really serious problems.

    My point is that we're wearing this cool shiny Firefox armor and feeling relatively invincible, but it's possible--just maybe--that we've got a false sense of security here.

    A false sense of security is often far worse than no security at all. Yes it will probably get better, and yes it will probably get better far faster than Microsoft could ever imagine, but we're definitely not there yet.