Firefox Update Kills Bugs, Adds Mac Support

Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox 1.5.0.2, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release."

It still leaks!

I just installed it. The memory leak hasn't been fixed. In fact, it's gotten worse!

Re:It still leaks!

How do you mean? More is less?

Re:It still leaks!

[IcEMaN252]

A bad extension, maybe?

Re:It still leaks!

[IamGarageGuy+2]

I love the browser but the memory leaks are the biggest problem IMHO. I have faith that it will be fixed eventually, but it still gets irritating after extensive browsing.

Re:It still leaks!

[FudRucker]

no problems here with memory leaks using the build from mozilla's ftp, (installed on slackware-10.2)

Re:It still leaks!

[somersault]

Isn't the memory 'leak' just the caching of pages, that you can disable by typing about:config in the title bar, and change "browser.sessionhistory.max_entries" to a lower value? Firefox keeps the last few pages in memory to increase speed when you browse to a previously used page.

Re:It still leaks!

[PyroPunk]

Something that other tabbed browsers (Safari, Opera, IE7) can do just as fast, or faster, without the caching.

Re:It still leaks!

[rehtonAesoohC]

+5, Informative? O.o

Where are the screenshots? The description of the errors? The leaks experienced before the update? I don't quite understand how that qualifies as informative...

Re:It still leaks!

[Dan+Ost]

Could you be a little more descriptive of the memory leak problems that your experiencing?

What platform are you on?
What version of Firefox are you running?
What extensions to you have enabled?
What types of things are you doing when you notice the memory increasing?
Are you legitimately using more memory or is it actually a leak?

C'mon, man, give us something useful.

Re:It still leaks!

[hal9000(jr)]

I have found most of the memory leak issues are when using Java applets. Oh, and parsing a 35Mb XML file, memory usaged soared to over 1.5 GB and kept climbing.

Re:It still leaks!

[quokkapox]

What is this memory leak people keep talking about? What kind of bizarre sites are you people visiting? I have had 60 tabs open in two separate windows for weeks, mostly I use tabs as a way of keeping stuff around that I *might* read someday. I use seesionsaver so that everything comes back as I left it after I quit. I only quit every few days, or if I need to restart windows. Firefox with 60 tabs open consumes about 200-300 megs of memory, and that's with *heavy use*, reloading some of those pages, posting forms here and there, loading random sites with flash video and java applets and gmail and ajax and whatnot.

Every so often I quit firefox and restart it, mostly when I need to restart because the host OS forces me to (Windows XP is a drag sometimes).

Fact is, firefox works pretty well considering what I throw at it. If it doesn't work as well for you, something else is wrong. I have a 512MB laptop. Firefox is rock-solid stable for me. I run adblock, flashblock, google web accelerator, bugmenot, nukeanything, and a couple other minor extensions.

Re:It still leaks!

[Rakishi]

Can people stop saying this BS, it's like all the FF fanboys shoved their collective heads into sand and are yelling "la la la, I can't hear you firefox is perfect." Here's a hint, ignoring problems doesn't make them go away, it simply makes other people switch browsers.

Yes, FF has memory leak problems, it doesn't release memory properly as everyone affected has noticed by now. Otherwise it wouldn't be using 400mb with one window open and no previous pages in that window. It also wouldn't go down to 50mb when I save the session and then restart the browser+reload the session. Well unless keeping track of where my windows are positioned required 300mb of ram, because that is about the only thing I notice losing when I do this

As someone else said, the biggest piece of evidence is simple. Other browsers which have the same feature seem to mysteriously now be horrible memory hogs (after previous windows are closed)..Maybe the FF devs simply can't code.

Re:It still leaks!

When you close those 60 tabs, firefox should free the memory. It doesn't.

Re:It still leaks!

[somersault]

I was just saying what I saw in an article here - someone replied to me with a link to the story.

Other browsers which have the same feature seem to mysteriously now be horrible memory hogs
Well there you go then - what's so 'mysterious' that keeping the last 50 (50 was the default on my session history) browsed pages in RAM? I am not denying that it could have other memory leaks, but I have never looked into the matter, and have no issues with FireFox myself..

Re:It still leaks!

[quokkapox]

Who cares? If I close 20 of them and open 40 more, it's still not a problem. I have to quit every few days anyway, or if I decide to install a new extension, and sessionsaver makes that painless. I have never seen firefox consume more than 400MB and that's with heavy, heavy use with maybe 100 tabs open. Opera does better, and I use it too (simultaneously), but still, it's not a problem.

Re:It still leaks!

[shawn(at)fsu]

if it doesn't work as well for you, something else is wrong.
Just because it works fine on one machine is no guarantee that it will work just as well on other machines.

I'm up to 80 megs used with only 4 tabs open (CNN /. Gmail, Milk&Cookies). I changed the setting in about.config weeks ago.

Firefox doesn't release memory like it should. It jumped from 50 to 75 when I opened a new window to view a QuickTime movie, when I closed it the memory wasn't release. If I watch a wmv file it will routinely jumped in to the high 90's low 100's. I opened the same pages with IE and when I close the window with the QuickTime movie the memory jumps back down.

Re:It still leaks!

[everphilski]

When you close those 60 tabs, firefox should free the memory. It doesn't.

Who cares?

Seeing as that memory is now lost and unusable you **should** care. It is a sign of sloppy design anyways and the other two (Opera and IE) don't seem to have problems with memory leaks...

Re:It still leaks!

[jrmcferren]

Yeah, but how often does it dump over to the pagefile?

Re:It still leaks!

Firefox was a leaker before it had its fancy cache system (the old one in 1.0 that was slow still ate memory).

MSIE doesn't have this problem. Neither does Opera.

If I close a tab of which I had a large browsing history associated with it, I would expect all the pages associated with it to be destroyed too. Obviously not.

Firefox has some serious technical issues and there is no way to try to pretend its somehow not happening or somehow not limited to Firefox.

Re:It still leaks!

All platforms.

All versions since 1.0, at least.

Tried even disabling all extensions.

Browsing webpages for a length of time.

I would say its a leak. Why else would FF eat near a gig of ram with no tabs open and staring at a blank page?

Re:It still leaks!

This is partly due to the way that malloc() works. IE uses different processes so that the memory gets returned to the operating system when the process ends. Firfox can not return memory to the OS once it is allocated. It can however reuse the memory it already allocated for caching in the future. In otherwords, programs memory use always goes up, it never goes down. But that doesn't make it a leak. If opening/reopening the same page makes it go up for long periods of time then its a leak. Just opening a new page is just it brk()'ing more memory from the OS.

Re:It still leaks!

[TheLongshot]

I'm glad it works for you.

I use Firefox 1.5 at work. The only extentions I currently have on it is GMail Notifier, and IE View. On average, it will crash twice a day, and before then, become rather unstable. (Can't change tabs, freeze when accessing pages.) Some sites also trigger this behavior. (BoardGameGeek comes to mind.)

Opera, which I use at home, seems to work a bit better, tho every couple of weeks it will crap out on me. At least there, Opera will recover from that and I can still look at what I was looking at.

Funny thing is, as much as IE gets bashed, it is pretty much a model of stability in comparison to the competition.

Re:It still leaks!

[somersault]

"If I close a tab of which I had a large browsing history associated with it, I would expect all the pages associated with it to be destroyed too. Obviously not."

I wouldnt expect that, since there is an apparent feature that FF keeps a certain number of previously visited pages in memory, regardless of which tab they were viewed in. If you expect it not to save the pages, then set the cache to store 0 pages.

Re:It still leaks!

[Dan+Ost]

Set browser.sessionhistory.max_total_viewers to 0 and see if that helps. If it does, then
you're not dealing with a memory leak (or at least, not an accidental one...they put this
in there on purpose).

I'm running 1.5.0.1 on gentoo linux (no gnome or kde) and experience no memory leak. I often
leave it running for days and, while my memory footprint varies with usage, it doesn't appear
to be behaving baddly (memory usage always approaches a base level after I finish most of my
browsing).

Re:It still leaks!

[fimbulvetr]

But...but...but
XML and Java APPLETS are teh BESTEST thing ever!! How could they possibly cause problems? They are the glue of the internet! Fast, efficient guarenteed to work everywhere and anywhare!!!!

Heretic!

Re:It still leaks!

[llamadillo]

You bring up a good point.

I think the ultimate, best-case solution to this would be if software development companies would make the source code for their products available to the general public. Maybe they could call it "Open Source," or something along those lines. Yeah, that's got a nice ring to it.

That way, instead of just bitching on a message board that a free product doesn't work exactly the way someone wants it to, they could step up to the plate and actually show the world how they could make a better product.

Won't that be the day.

Re:It still leaks!

[Iaughter]

Seeing as that memory is now lost and unusable you **should** care. It is a sign of sloppy design anyways and the other two (Opera and IE) don't seem to have problems with memory leaks...

That's odd, I thought that Opera and Safari were the "other two" ...

Re:It still leaks!

Maybe if there wasn't a free *good enough* browser that works, albiet leaks like crazy so you have to shut it down and restart it every 4 hours, then a company would be able to develop a *actually good* web browser. Yeah, maybe then people would be ok with paying $10 for a decent browser. But when something that mostly works is free? no way.

Oh, yeah, and just hop right in there and fix those leaks huh? This has been a known issue for several years and the firefox team can't seem to fix it despite lots of trying. So I'm sure that as someone who doesn't know the code base I could hop right in and patch it up. Maybe 5 min right? No three month curve to learn the code first or anything....

Just cause something is possible (me or any other non dev fixing the code) doesn't mean that it is feasible.

Re:It still leaks!

[Mattwolf7]

Yeah, but that isn't a Firefox issue, the plugins are not getting unloaded after they are being used. I have the same problem on my Linux box with the Adobe Acrobat plugin, it is not Firefox's fault, the plugins are written badly and don't unload themselves.

Re:It still leaks!

[aCapitalist]

I've had Firefox easily consume in the 700 meg range (and maybe 35 tabs or so max). I've got 2 Gigs, but that's still a hefty chunk of ram. I tend to read a lot of PDF docs and someone up further on this page said that the Adobe plugin isn't releasing its memory. But my question is does Firefox even care about the cache value that you set?

Re:It still leaks!

[gnud]

Heard of free(3)?

Re:It still leaks!

[larry+bagina]

That will be the day. I've submitted patches to the mozilla team and had them rejected (without reason) or entirely ignored. FF/Mozilla is a large, complicated , monolithic application. It takes some serious time to understand how it works, the implications of a code change. (Plus it takes a while to rebuild).

Fact is, the Mozilla Foundation is making mad cash from google searches and ads. They have plenty of full time coders and support staff. If "open source" is nearly as successful as /. likes to group-think, those pro mozilla coders would be out of a job.

Re:It still leaks!

Hell, firefox leaks even when I'm NOT using it! I always have a gmail tab open, and FF memory usage will climb over the course of a day if I forget to shut down before going to work. There shouldn't be any caching of stuff going on in gmail (aside from the few images etc), so memory usage should stay flat.

Re:It still leaks!

[Schraegstrichpunkt]

This wouldn't be a problem if Firefox was rewritten in XML and JavaScript...

Oh wait, it was!

Themes and extensions keep working

This time around, almost all extension and theme authors got the version dependency right, so unlike after the previous update, your extensions and themes won't be disabled. It's a security update, so do install it.

Re:Themes and extensions keep working

[christopherfinke]

This is because the maxVersion in the extensions for 1.5.0.1 in the majority of cases is 1.5.0.*, so if your extensions work with 1.5.0.1 and 1.5.0.2, they'll be compatible with any future security upgrades for this branch.

Re:Themes and extensions keep working

[sisukapalli1]

Several extensions broke down. "Compact Menu" -- had to go to the home page to reinstall (Firefox said no updates found), "Cute Menus" broke completely. "Mnenhy" broke.

BTW, the update installation caught me by surprise. When FF asked confirmation for update, I checked the option "later" (meaning, ask later). Next time I started, FF updated itself, and broke some extensions.

S

Re:Themes and extensions keep working

Unfortunately, I just upgraded from 1.0.6, only to find that the extension update feature now sucks in new and unexciting ways.

Namely, it does a great job of detecting updates, but when you actually go to do the update, you get zero feedback on whether it's working or not. They apparently folded the extension updater into the extensions menu, so now you don't even get a listing in the download manager to indicate whether something is happening or not (which, in my case, it isn't).

Oddly enough, though, when I exit Firefox after trying to update the extensions, it does warn me that there are N downloads in progress that will be cancelled if I close. And I get to click on the close button a half dozen times, depending on how many extensions it's trying to update.

Re:Themes and extensions keep working

Apparently, xpinstall.enabled is inaccessible from the options menu in 1.5.x, which it wasn't in 1.0.x. Not having feedback when a download isn't working, though, is a problem, as is the lack of a menu item for toggling xpinstall.enabled without having to go into about:config.

Re:Themes and extensions keep working

[Ark42]

You didn't read the message when you clicked later. The message said that an updated was already downloaded and ready to be installed. It asksed if you wanted to install it now (and restart Firefox now) or install it later (when you next restart Firefox).

In the options under Advanced/Update the default is "Automatically download and install the update" but you can change that to "Ask me what I want to do" if you want. Of course, the "Warn me if this will disable extensions of themes" box is also checked by default, but I'm not sure how much that works. I think it just checks if the extension disabled itself because of the maxversion flag it has set maybe. That doesn't mean it will work for sure though, since extension authors can't predict these kind of things.

Re:Themes and extensions keep working

Keyconfig not working X-(

Oh Sweet Baby Jebus

This update called in a gang of niggers to rape my wife. Worse yet, it still leaks memory like /. does nerds.

Re:Oh Sweet Baby Jebus

HahahahahahahahahahahahaLOLOLOLOL11!!!!!!1!!!!!!!! !!!!!!!!+1
best comment so far +1

Patch

[Ryz0r]

Download the patch here!

haha, no, seriously.. i'm joking

..*ducks*

Re:Patch

While we're on the topic, does anybody know of a good ad-blocking program for IE?

Re:Patch

[christopherfinke]

does anybody know of a good ad-blocking program for IE?

Yeah, this one is pretty good.

See? I can be funny too!

Re:Patch

[bvimo]

And Opera http://www.opera.com/ is even better. I'm being serious.

Re:Patch

Better at what? Because it certainly is NOT better at rendering HTML...

Re:Patch

[Thuktun]

Better at what? Because [Opera] certainly is NOT better at rendering HTML...

Which do you mean, standard HTML/CSS or HTML hand-tweaked to look good in a browser with less than stellar support for the standards?

Re:Patch

[AgNO3]

Wow that fixed everything. Before My computer was dull and boring and a little to fast. You know software would load so fast that I did not have time to even go get a cup of coffee. But now thanks to this like. I get to see a plethora of new and exciting products that will enhance my sex life. My wife really appriciates this. My system as slowed to a crawl and now I have plenty of time to grab a cup of coffee or even walk up to the beach for a few minutes. This update is Great. I should have installed it sooner. Now Can I also get this update for the Mac. I hear you can't get this update for the Mac or Linux. WTF. this is the greatest update ever. :-D

Thanks for the link. Pay no attention to the 2 very large men I have sent to thank you. Really get in the car with them. Don't mind the plasic lined trunk.

Re:Patch

[masterzora]

HTML/CSS that validates with w3c and looks perfectly fine in both Firefox and IE.

Re:Patch

[miro+f]

don't be fooled by the fact that Opera passes the Acid2 test, it means nothing.

Look at how older Opera versions rendered Acid2, that shows more accurately how good their rendering is

all they fixed was the specific issues tested in Acid2, not the entire HTML rendering engine

Re:Patch

[YttriumOxide]

XSL Transformations would be a nice start...

Re:Patch

[Fordiman]

Signature result: #REF!
(unless it's nonstatic cellular automata, in which case, the result is a blinker)

Re:Patch

[Fordiman]

ooh, I dunno, anything that uses all of DOM Level 1? Firefox, AFAIK, is the only browser to fully implement DOM 1. The others (Opera 7+, IE 6+, Konqueror 3.2+, Safari from OSX 10.2+) have 'sufficient' support for it, but Firefox has had stellar support for DOM level 1 since 1.0.

Do yourself a test. Write a page with a custom tag in it; call it <beer>. Now, check out which browsers will enumerate it using getElementsByTagName('beer') and which won't.

What's that? Only firefox handles it correctly? Surely not!

Yeah. I hate using <object>s for my custom tags; it just annoys me. But that's browser compatibility for you.

Re:Patch

[amavida]

I use Outpost Firewall (agnitum.com).

It incorporates very good content blocking into IE as well as spyware filtering along with it's excellent Firewalling.

All you need is a decent Antivirus scanner & you're pretty much covered.

What's new in Firefox 1.5.0.2

[anandpur]

From Burning Edge:
http://www.squarefree.com/burningedge/releases/1.5 .0.2.html

Re:What's new in Firefox 1.5.0.2

[Wannabe+Code+Monkey]

264787 - [Mac] Ctrl+Tab and Ctrl+Shift+Tab Next/Previous Tab Keyboard Shortcuts no longer work (worked in Firefox 1.0.x).

Thank God! I've been waiting for this, I couldn't for the life of me understand why this no longer worked on the mac version. I also just found out that you can change firefox's keybindings to be emacs-like on any platform. Actually that article shows you how to change the keybindings to be like anything you want, they just use emacs as an example.

Re:What's new in Firefox 1.5.0.2

[minuszero]

Ctrl+PgDn / Ctrl+PgUp still worked (does same thing).

Nevertheless, yes nice to have the 'normal' ones back too.

Re:What's new in Firefox 1.5.0.2

[Wannabe+Code+Monkey]

Ctrl+PgDn / Ctrl+PgUp still worked (does same thing).

Yeah, but I've got a powerbook, so that would be Ctrl+fn+uparrow, just too many keys (okay, the real reason is that I didn't know about it, but it's still too many keys).

Re:What's new in Firefox 1.5.0.2

[NMerriam]

Oh fantastic! I hadn't thought about it much, but I had noticed the tab shortcuts were broken and assumed it was because of Tab Mix Plus or something and didn't really investigate. Glad to be able to navigate like a grown-up again! :P

Re:What's new in Firefox 1.5.0.2

[Lord+Flipper]

Yeah, but I've got a powerbook, so that would be Ctrl+fn+uparrow, just too many keys

I don't get anything using Ctl+fn=PageUp or Down

On a powerbook and the only function I have on arrow keys is Cmd+Up and Cmd+Down for top of page, end of page. How can you use the keyboard to scroll one screen at a time? Cmd+Leftaarrow or RightArrow switches to back and forth in history, and that's it over here. Any help, greatly appreciated.

Some leaks fixed

[EggyToast]

Here's the big ones, IMO, from a mac user's perspective:

• Memory leaks
• 321283 - Using Find causes documents to leak.
• 323532 - Leak when using history autocomplete.
• 323377 - Lots of leaks in nsInternetSearchService.

Numerous times would I come home to see Firefox using over a gig of memory and eating up about 40% of my proc cycles. A quick quit/restart of the app would fix it, but still -- I regularly close tabs and don't develop long histories on multiple open tabs, so it didn't make any sense.

I just hope that those leaks are the ones I was actually experiencing...

Re:Some leaks fixed

[bahwi]

They fixed a serious bug that was affecting me in the moz branch, that was ported over to the xulrunner nightlies. Apparently I was creating too many JS Obj's and crashing out the system. Now it works perfectly with my thousands of javascript objects, mwa-ha-ha. =)

But seriously, it's a CRM app loading stats from an XML source on the server side, and when using E4X you get an XML Object for each XML file(or entry, depending) so it's easy and quick when running yearly stats to generate a bunch of objects. But now it works like a charm, smooth, and fast. The only prob is it's a 1.8.0.2 nightly, not a release. But working is working.

Re:Some leaks fixed

[renoX]

I doubt it, it happen to me also and I'm not using Find or history.
I'm not sure about nsInternetSearchService though..

Re:Some leaks fixed

[Chris_Jefferson]

I have been using the pre-release versions of this update, and have not been able to get the memory usage to spiral out of control like it used to, except if I open a lot of realplayer streams (before anyone wonders why I ever would, I often listen to bbc news online). However, the memory leak from realplayer is no worse than before, just more visable than before as other bugs have been fixed :)

Re:Some leaks fixed

[switchfutguy]

I have the same problem with that. So I installed sessionsaver and it works great. Everytime I reboot or something goes wrong all of my tabs are saved and still open when I start firefox again. Check it out

https://addons.mozilla.org/firefox/436/

Re:Some leaks fixed

[Richard+W.M.+Jones]

What gets me is that they effectively started over in 1998, but still chose a language which doesn't have garbage collection (or a bunch of other basic features). I mean, what programmer sits there worrying about who owns a piece of memory anymore?

Rich.

Re:Some leaks fixed

[xestrel]

Are these leaks the reason that firefox is so abysmally slow on my mac? I love firefox on Windows, but it seems really unresponsive on a (1.5 GHz 512 MB ram) mac portable. Most of the time, it freezes up with the spinning ball of death on page load, and eventually (after a few seconds) displays the page. During that time it's impossible to even move the page, let alone read other pages. So - no page loading in the background while I read things for me. This problem seems to not have been fixed in this new release. Ah well... i guess it's safari for me still. I guess I go run away with my firefox support questions elsewhere...

-x

Re:Some leaks fixed

[aCapitalist]

What gets me is that they effectively started over in 1998, but still chose a language which doesn't have garbage collection (or a bunch of other basic features). I mean, what programmer sits there worrying about who owns a piece of memory anymore?

Is HotJava still around, maybe you could try that? But seriously, what did you expect them to use - Java? Or let me guess, some uber-functional language like Haskell? But even to this day, there's really not a really great crossplatform alternative to C++. In a piece of software like Mozilla, I still wouldn't trust Java's GC to do the right thing.

Re:Some leaks fixed

[mattkinabrewmindspri]

Firefox is memory-hungry and you're running with very little memory to begin with.

If you got some more memory, maybe 1GB, that would probably make everything faster.

Re:Some leaks fixed

[Richard+W.M.+Jones]

Well, if you follow the link in my signature, you'll get a good idea of which language I'd recommend. And yes, it's impure functional.

What you say about Java is right -- but just because one garbage collected language sucks badly does not imply that all GCs are bad.

Interestingly, rendering engines as powerful and complete as Gecko have been written in functional, garbage collected languages. The most advanced is PrinceXML which is written in Mercury, which is not just "uber-functional", but a logic programming language too - a bit like Prolog :-) Check out some of the amazing rendering examples on their website. And yes, it even passes ACID2.

Rich.

Re:Some leaks fixed

Garbage collection does not prevent memory leaks you fool.

Re:Some leaks fixed

Huh? You are the fool I think.

Re:Some leaks fixed

[aCapitalist]

Thanks for the response Rich. I've playing around with Clean (a pure functional language) lately, and I'm waiting for the "uber-cool" VS2005 (they've got a VS2003) Haskell plugin. And even though I'm just a math (open up 300 tabs from wikipedia about functional/math) fanboy these days, I have seen some nice human reasoning arguments for functional languages.

That said (besides hacking Ruby), I have two side interests. One is deployment and one is the psychology of computer programming. The deployment aspect I'm sure you can understand, but I think the psychology of how programmers reason in various turing-complete syntaxes is vastly under-studied.

Re:Some leaks fixed

[Cinder6]

Yeah, I'm glad about the memory leak fixes (who wouldn't be?) but I'm really glad about the Gmail and Yahoo Beta crash fixes. Those were my biggest pet peeves.

Re:Some leaks fixed

[renoX]

The thing is: even with 1 GB memory Firefox is quite often slow..
OK, it's a memory hungry program but using 150-200 Mo in a computer with 1 GB shouldn't be a problem, I think that Windows memory management has a problem too.
Or it may be another FF flaw..

"Fixes some security issues"?

[YU+Nicks+NE+Way]

Sweet baby Jesus, it fixes 21 separate issues *all of which can be used to execute arbitrary code*! Did they have time to fix any vulnerabilities which were only "somewhat critical"?

Re:"Fixes some security issues"?

With only 1% of users on Firefox, they can hardly be considered critical. Any vulnerability in Internet Explorer is automatically 99 times as bad, due to its user base.

Re:"Fixes some security issues"?

Considering how much Firefox gets touted as being superior to M$IE, I'm concerned about the sheer number of "arbitary code execution" fixes were in this 0.0.1 version increase. Maybe it's not as secure a codebase as the foundation thought?

How does a browser that doesn't even run activex GET arbitary code exploits???

Re:"Fixes some security issues"?

[geoffspear]

If there's only one user of a piece of software, a bug that allows execution of arbitary code is still critical.

Next you'll be telling us that any bug in Windows is merely "serious", not "critical", as the DoD isn't running Windows on the systems used to control nuclear weapons launching, and that "critical" is too strong a word to describe anything that couldn't possible result in the annihilation of all life on the planet.

While we're at it, why not redefine "bug" as "a flaw in software that will literally kill the user" and claim that Firefox is completely bug-free?

Re:"Fixes some security issues"?

[Zocalo]

I suspect that some of these are bugs found by HD Moore of The Metasploit Project in Firefox last month - some details here. We can probably expect a similar slew of updates from Microsoft in a future "cumulative update" for Internet Explorer since there were more than 50 brand new flaws (not all critical) found in IE as well.

Take a close look at the techniques used, and it's no wonder those "criminal cracker gangs" we keep hearing about have no apparent problem coming up with fresh 0-day exploits to sell if they are applying something like this. The only defence against this is going to be that you ship robust code that you can guarantee will handle any malformed data gracefully from day #1. That's going to take some getting used to in places like Redmond, WA where the "if it compiles, ship it" approach seems to have been the standard for so long.

Re:"Fixes some security issues"?

Because programmer errors cause exploits, not ActiveX. Don't swallow the groupthink you read on Slashdot.

Re:"Fixes some security issues"?

[Nasarius]

This is why Mozilla restricts access to security bug information. It's only an issue if it becomes public. By the way, I only count seven security-related bug fixes. Where are you getting 21?

Re:"Fixes some security issues"?

[YU+Nicks+NE+Way]

That's what I thought, too, but, in fact, no. Per Secunia's summary of sources:

1, 9, 10, 12, 18, 20) shutdown
2) Igor Bukanov
3) Bernd Mielke
4) Alden D'Souza
5) Martijn Wargers
6) Bob Clary
7) Tristor
8) Michael Krax
11, 14, 21) moz_bug_r_a4
13, 16) TippingPoint and the Zero Day Initiative
17) Claus Jørgensen and Jesse Ruderman
19) Georgi Guninski

Metasploit isn't mentioned anywhere.

Re:"Fixes some security issues"?

[molarmass192]

1%??? Ummm, FF has 12% market share and growing. My server logs show it closer to 20%, but then again we serve a specalized market.

Re:"Fixes some security issues"?

[Blisshead]

18% for us, and we sell yarn! Grandma knows what's up.

Re:"Fixes some security issues"?

[CTho9305]

Actually, MFSA issues 09-19 were fixed before this release - the only new ones for the 1.5.x branch are 20-29.

Re:"Fixes some security issues"?

[WilliamSChips]

ActiveX is a programmer error.

Re:"Fixes some security issues"?

[YU+Nicks+NE+Way]

I don't think so. Looking at those in detail, Moz claims they were fixed on 4/13/2006, not earlier. That would mean they were still alive until 1.5.0.2 came out -- not that they were fixed in previous versions.

Re:"Fixes some security issues"?

[Kelson]

No, many of those were fixed previously in the Firefox 1.5 series, and the fixes have just now been backported to the 1.0 series.

If you look at MFSA2006-19 for instance, it says:

Fixed in: Firefox 1.5
    Firefox 1.0.8
    Thunderbird 1.5
    Thunderbird 1.0.8
    SeaMonkey 1.0
    Mozilla Suite 1.7.13

That's literally Firefox 1.5, not Firefox 1.5.0.2, which means that the bug was fixed months ago in the latest stable releases of Firefox, Thunderbird, and Seamonkey. The reason this advisory is dated April 13 is that the older releases -- Firefox 1.0.x, Thunderbird 1.0.x, and the Mozilla Suite -- just got updated with the fix.

Re:"Fixes some security issues"?

[MarkByers]

Where are you getting 21?

Here.

Re:"Fixes some security issues"?

[spectrumCoder]

Since there's no such thing as a 100% secure browser codebase, why criticise Mozilla for security bugs? It's an unrealistic expectation - personally, I'm very happy having the application feature of "less security bugs than the competition!".

Re:"Fixes some security issues"?

[shawb]

I could imagine a significant proportion of elderly people running Firefox. For a while the elderly were the stereotypical victims of many confidence scams, so people getting old take precautions to watch out for the usual signs. Throw that on with many news sources talking about hackers and the like, and you form a healthy dose of paranoia. They start doing a little research on what to do to secure your system, or they ask their tech support/IT professional grandkids what to do to be more secure. In some cases, grandma just wants to be able to email, send photos, find recipes and, well, purchase yarn. They know very little about computers, so again the grandkids are called in to set up the computer, and the grandkids set it up in such a way that they hope will lead to less visits to fix the computer (installing Firefox and removing the IE shortcuts.)

Re:"Fixes some security issues"?

[hkmwbz]

"I'm very happy having the application feature of "less security bugs than the competition!"."

Really?

Re:"Fixes some security issues"?

[ChrisDolan]

With only 1% of users on Firefox, they can hardly be considered critical. Any vulnerability in Internet Explorer is automatically 99 times as bad, due to its user base.

On MY computer, Firefox has 100% market share, so a Firefox security bug is infinitely worse than an IE bug. Don't downplay security bugs.

Re:"Fixes some security issues"?

[dveditz]

> I suspect that some of these are bugs found by HD Moore

Nearly all of the flaws were found by long-time Mozilla contributors who were actively looking for security flaws.

Of the externally reported ones three were vulnerabilities submitted by the Zero Day Initiative from anonymous researchers. All were fuzzer-based and one used code from the Metasploit Project, but "anonymous" doesn't seem Moore's style.

Re:"Fixes some security issues"?

[klenwell]

Speaking of security issues, what risks are there with using extensions? I assume extensions listed on mozilla's site are vetted by the community if nothing else. But what about some of these extensions that come from third-party sites or give you that little unrecognized source warning when you start to install them?

I've googled this and even raised this question on /. before:

http://slashdot.org/comments.pl?sid=180970&cid=149 72782

but never got what I'd consider a compelling answer.

Anyone know a good blog or webpage that answers this question?

Tom

Re:"Fixes some security issues"?

[Jason1729]

How many Schroedinger's cats does it take to change a heisenbulb?

I'm uncertain.

Re:"Fixes some security issues"?

[Fordiman]

Theoretically, a firefox extention could destroy your computer, invite a virus, even spy on you and call home.

Though, as you said, official extensions get vetted by the community - if there's a serious infraction, you can bet it'll be caught within the day of its posting, either by someone getting a broken computer, or just some dude poking in a cool extension's source code.

Though, I wouldn't be surprised if there is a spybot extention lurking around, calling home on port 80 under firefox's executable name to get around firewalls.

SeaMonkey too

SeaMonkey was updated to version 1.0.1 for security reasons too

http://www.mozilla.org/projects/seamonkey/releases /

wokka

[kongit]

All I have to say about this is wokka wokka.

I haven't noticed any difference in this update. no noticeable bugs for me before, none noticed so far.

spellcheker pleeze!

[maynard]

There are no spell check extensions available for the mac. aspell check is not supported. I'm actaully going to downgrade back to 1.0.x in order to get spellcheck working again.

Re:spellcheker pleeze!

[geoffspear]

This is one of the nice things about Camino (as a Cocoa application, it gets access to OS X's builtin spellchecking), but it might not stack up will against the current build of Firefox in terms of other features.

Anyone who has used both extensively have an opinion on the comparison?

Re:spellcheker pleeze!

[menace3society]

Uhh, every Cocoa app supports built-in spellchecking using the system spell-checker. Don't believe me? Get a real browser.

Re:spellcheker pleeze!

[maynard]

Yeah. The noscript extension is very nice. I'll miss that if I downgrade. Actually, I hadn't considered Camino. But upon looking at the site, it appears to be a version downgrade with built-in spellcheck and ad-block. Which, if I'm already considering a downgrade to 1.0.x, I might as well try that out too. Thanks for the suggestion.

Re:spellcheker pleeze!

[maynard]

Ah. I see. You're here to help me learn what is a "real" browser and what is not by linking to a commercial product. You are a walking advertisement with an anchor tag. Most helpful.

Re:spellcheker pleeze!

[Isotopian]

Why? Look's like you spell fine to me, aside from "actaully."

Re:spellcheker pleeze!

actaully, my speeling is attroshious. I also need help with grammer and punktuation mark's.

help me firefox team, your my only hope!

Re:spellcheker pleeze!

[hawaiian717]

Development version of SpellBound works on Firefox 1.5.0.x.

http://forums.mozillazine.org/viewtopic.php?t=3511 30&start=0

Re:spellcheker pleeze!

[frogstar_robot]

The google toolbar also has a spellchecker. I've basically been using it just for the spellchecker.

Re:spellcheker pleeze!

[99BottlesOfBeerInMyF]

This is one of the nice things about Camino (as a Cocoa application, it gets access to OS X's builtin spellchecking)

Ditto for Safari and OmniWeb. Actually all three work with my spell-checker, grammar-checker, dictionary/thesaurus, language translations, text transformations, scripts, speak text, encryption tools, md5 checksums, text statistics (word count, char count, pages, etc.), Web lookups, XML processing tools, content summarizer, and a probably few other system services I've forgotten. The fact that Firefox can't use standard services is the reason I don't use it as my everyday browser. It is nice that it maintains cross-platform capabilities, but unless other platforms catch up to OS X for services I don't want to be limited to the abilities of the least common denominator. Services are, in my opinion, the most overlooked advance OS X has brought to my workstation.

Re:spellcheker pleeze!

[T3hFish]

This is one of the nice things about Camino (as a Cocoa application, it gets access to OS X's builtin spellchecking), but it might not stack up will against the current build of Firefox in terms of other features. There is always spellbound. I've been using the development version (which works with Firefox 1.5) and I have found it to be excellent. It may be nicer to have built in spell checking but spellbound is a good alternative. (And it works on most OS's)

Re:spellcheker pleeze!

[dn15]

Camino actually does not benefit from inline spell checking. While the text boxes look move native than in Firefox, they are still drawn by Gecko and are not the standard form elements seen in other Mac OS X applications. I believe the developers are in the process of making the text boxes (more) native, but unfortunately the current release of Camino is lacking this feature.

Re:spellcheker pleeze!

Thy punctuation appearest perfect to me but for "mark's." Thy problem seemest to me to be either in thy grammar or thy spelling, but in grammar, thy problem seemest to be in thy capitalization. Thy spelling, though, scarest all who readeth it.
(end shakespearean)
In plain English, that translates to: Except for the possessive on "marks" that you have wrongly placed, your punctuation looks perfect. The only grammar problem I can find in the parent post is that you're not capitalizing the beginnings of sentences, but your spelling is, like you said, "attroshious" (sic).

Yeah

[springbox]

The original poster might want to read this: Firefox "Memory Leak" is a Feature

Re:Yeah

Relabeling bugs and technical flaws is not new and not funny. It is the type of thing your software engineering professor jokes with you about in class but doesn't expect you to take seriously.

Seriously, fanboys, other browsers don't have these isssues. Firefox does. Its embarassing to see everyone here pretend that these problems don't exist. There is no excuse for Firefox to eat near a gig of ram with nothing open. NONE! This is not a feature.

Re:Yeah

[starwed]

Also interesting is this thread in the mozillazine forums.

Mac Support

Just to clarify, Firefox has long had Mac support. This distribution adds Universal Binary support so that Firefox is now native for Intel Macs.

Re:Mac Support

[default+luser]

And a good thing, too.

Don't get me wrong, Rosetta is decent (for an emulator), but Firefox has just been ungodly slow on my Intel Mac Mini. I've been waiting for an official Intel build.

Re:Mac Support

Yeap... Another dumb headline easily prevented with the insertion of a single word, in this case "Intel" before "Macs".

Re:Mac Support

[tonigonenstein]

Or even better, two : "native intel" mac support

Re:Mac Support

Yeah, and those fat binaries are getting really fat. ;-)

Re:Mac Support

[jafac]

Does this fix the plugin problems that intel/mac users have been experiencing?

Re:Mac Support

In the early '90s, around the time that Apple introduced the PowerMac, people who ate too many Big Macs were fat. Then in the late nineties they were obese. In the early '00s, they became genetically predispositioned to being ponderositically challenged. Now they are "universal".

Re:Mac Support

[egghat]

Do you know if the automatic upgrade downloads the universal binary or do you need to do a fresh install?

Bye egghat.

It is nice

[endrue]

It's nice to see that the update notifier now prompts you with options. I would rather this approach than the previous way of updating at startup without any warning or choice.

- Andrew

Re:It is nice

[LiquidCoooled]

It still updates in the middle of use.
The default button is still focused and easy to accept.
If it only displayed this update message upon startup/New tab/window then I wouldn't have a problem, but if it detects an update mid session then it pops up then taking away focus.
I personally prefered the update throbber in the top right.

Re:It is nice

[endrue]

That's true - I forgot about the throbber. I like the throbber idea but the update always crashed on me back in "those days".

- Andrew

Re:It is nice

I personally prefered the update throbber in the top right.

The throbber is useless for people who don't know what it is (most people using Firefox). No one seemed to know that they were supposedly to click on it for updates. I like the new mechanism much better, I don't have to go and make sure people are updating Firefox.

Re:It is nice

[jthill]

But popping a focused "accept" button at random times is near criminal, no matter who does it. Yah, go ahead. "Redundant". I say that bears saying until everyone on the planet is sick of hearing it, and then saying it some more. Kind of like telling kids to look both ways before crossing the street.

still got memory leaks out the wazoo

[Tumbleweed]

But the good news is, that about:config trick where you minimize your window, then maximize it again still works.

Re:still got memory leaks out the wazoo

[drinkypoo]

I haven't heard of this one yet. Are you saying that opening about:config, then minimizing and restoring will somehow clean up leaked memory? Or something neater?

Re:still got memory leaks out the wazoo

He's saying he doens't understand the difference between VM space usage and resident size.

Annoying update message

[LiquidCoooled]

It did it again.
I have firefox set to inform me that theres an update.

In my eyes that update check should only occur when I open a window, NOT when I'm in the middle of typing.
I saw a flash of something whilst I was typing and realised I had inadvertantly accepted a popup box.

I want to set Firefox to inform me of updates, but make sure it only does that when opening a new window or tab (so it knows I'm not actively typing).

Re:Annoying update message

[jbeaupre]

I believe IE just had that bug fixed and now makes users actively accept activeX bits.

It's a joke! Laugh!

Re:Annoying update message

[ppz003]

I always prefered that little green/blue/red arrow in the top right corner. But some people never know what that means, so maybe it should still slap them with the popup on next start-up or an new tab.

Just my 2 cents.

Re:Annoying update message

[pen]

The pop-up is a good idea, but I think that it should have that delay feature that other pop-up dialogs have (where the buttons are disabled for a few seconds.)

Re:Annoying update message

[Anthracks]

As far as I know, it does have that feature, for the exact reasons people are complaining about here. So either it doesn't work, or the delay needs to be more like 5-10 seconds than 1 or 2. Either way, if it bothers you check Bugzilla for an existing bug on it, and if it's not there go ahead and file it.

colgroup bug still exists

Mozilla/Firefox still ignores the ALIGN attribute within a COLGROUP element:
<colgroup align="center">

This is a longstanding bug yet to be fixed.

Re:colgroup bug still exists

Try:

<colgroup style="text-align : center">

Use CSS and XHTML. Welcome to 99'.

Re:colgroup bug still exists

[ZeroExistenZ]

Neither is bug 279867 fixed which is older then a year.

Re:colgroup bug still exists

[hclyff]

Maybe it's because there isn't supposed to be an 'align' attribute?

http://www.w3.org/TR/html4/struct/tables.html#h-11 .2.4

Re:colgroup bug still exists

[hclyff]

I'm taking that back, it is there actually, my bad. Still I don't see any use to it, w3 encourages CSS defined display logic for so many years, why don't do it the 'right' way?

Re:colgroup bug still exists

[Sr.+Pato]

You have no idea how much that bug bugs me. I mean, it's one of those insignificant things: easy to get around, doesn't really cause *that* much of a problem, but it's just there. Mocking you. A little itch under the skin that no matter how much you scratch, it doesn't stop.

Re:colgroup bug still exists

Sorry, but that doesn't work. It is part of HTML 4.01 specs.

Re:colgroup bug still exists

[NickFitz]

If you follow the link you gave, you'll find the "align" attribute listed in the "Attributes defined elsewhere" section. (Although, as has been pointed out above, anybody using presentational attributes such as "align", which has been deprecated for 8 years now, really needs to realise that the technology has moved on.)

Re:colgroup bug still exists

[CTho9305]

Maybe because the Mozilla Foundation is smart enough not to take big risks with security releases? They got a lot of heat with 1.0.x from distributors, since they included more fixes than just the security fixes and major stability fixes, so now the 0.0.0.1 increments will only fix very very low risk (or very high-impact) issues in security releases.

It might seem like a fix is simple, but when you have a really large codebase and millions of web pages doing strange things, it's very easy for a "simple fix" to significantly change rendering results. Sure, in this case you personally would like the change, but imagine if you had a corporate intranet which for some reason depended on that specific alignment being unsupported. You distribute the security update, and suddenly it looks wrong. You'd be flaming the Mozilla Foundation for changing non-critical things in a minor point release.

That's why old branches are supported (i.e. Firefox 1.0.x) long after a new release is available - people don't want to have to worry about non-critical changes breaking things for point releases.

Re:colgroup bug still exists

[NickFitz]

And whoops, you already corrected yourself while I was off checking my facts. Oh well, serves me right for showing off :-)

Re:colgroup bug still exists

Because the "right" way doesn't work either.

FireFox takes "text-align" very literally, in that it will only center or right justify text or text-inline elements like img tags. There is NO WAY to align other elements (for example, block-level elements not at 100% width) other than the align tag. THIS IS STUPID.

Re:colgroup bug still exists

You won't see fix for that untill version 3.0. They don't make that kind of fixes to the stable gecko branch, which is used by 1.5 and 2.0 (not yeat released).

Re:colgroup bug still exists

There is no align attribute.
Learn HTML before you use it.

Re:colgroup bug still exists

You should take your own advise and read the html 4.01 specs.

Re:colgroup bug still exists

[MauricioC]

Not a bug. Ian Hickson explains:

http://ln.hixie.ch/?start=1070385285&count=1

Re:colgroup bug still exists

Piss off, you just haven't done your homework properly. Setting the side margins of a block-level element to auto is what you need to center them, and it works perfectly.

Re:colgroup bug still exists

you, like a couple others here, have obviously never used colgroup before. it's funny how so many people like you discuss about subjects in which they have limited knowledge but attempt to sound like they know what they are talking about and make a fool of themselves.

Reason

[jbeaupre]

It may have to do with the presumption of the developers that folks smart enough not to use the default IE in windows are so smart they don't need a spell check. The fact it was in 1.0.x was an oversight.

Hmmmm, I could use autocorrect for typing my own last name in more than just Word. Put the accent marks in automagically.

Hold on there

[dereference]

With only 1% of users on Firefox, they can hardly be considered critical. Any vulnerability in Internet Explorer is automatically 99 times as bad, due to its user base.

Be careful with this line of reasoning. All along there's been this mantra of "Firefox is inherently more secure, and would be even if it were the dominant browser" spouted continuously. Well, I happen think the GP makes a great point about this, and your reasoning seems to fly in the face of the mantra. Don't get me wrong--I'm one of these said spouters--but I'm honestly feeling more than a bit hypocritical at this moment. These are some damn serious issues, and it's not just a handful.

Now, I suspect the reason for this is that the Firefox community as a whole (users and developers) are far more pre-disposed to actually finding and publicly disclosing such bugs. My guess is that we really only see the tip of the IE iceberg in terms of security.

However, we still can't have it both ways; these are indeed very critical bugs, and to dismiss them otherwise may seem beneficial, but it's actually a great disservice.

Re:Hold on there

[DigitalRaptor]

Here's the difference:

If anyone's vulnerabilities ~should~ be actively exploited it's FF's, because the source is read and there is full disclosure on the vulnerabilities. But I know of almost none that have been, and none that were widespread.

FF has at least 10% market penetration, which is a HUGE number of computers, more than enough for some hacker to make money on.

I don't know anyone whose computer is full of spyware because they use FF, but almost everyone I know who regularly uses IE complains how slow their computer is, and I look at their browser and there are 3 search bars that they have no idea where they came from or how to uninstall them.

The reality is, FF discloses a vulnerability that ~could~ be exploited, then promptly fixes it, while IE doesn't disclose serious vulnerabilities that ~ARE~ being exploited and ~doesn't~ fix them. There are still ultra-critical IE exploits that have been in the wild for over a year, still resulting in drive-by installations, for which there still isn't a patch.

I feel and ~am~ much safer using FF and will continue to do so. All you have to look at is the reality, I've NEVER had a single piece of spyware installed since using FF (3 or 4 years). The same could not be said when I used IE, and cannot be said of friends that insist on still using IE.

Re:Hold on there

There are Firefox vulnerabilities in the wild. Not very many, but they do exist.

Re:Hold on there

[hkmwbz]

"But I know of almost none that have been, and none that were widespread."

That's because Firefox isn't a big enough target to bother about, and Firefox users tend to be more tech savvy than IE users too.

Re:Hold on there

That is a fair enough comment, however I think no matter which browser / project / os you use you are going to get some major vulnerabilities. The thing that is most important to me is how quickly they get fixed. If Firefox has 10 vulns to every 1 vuln of I.E's (i'm not saying this is the case at all), then I would still run Firefox if i knew that my 10 vulns were all fixed before a patch for my 1 I.E vuln.

This is "Offtopic"?

Lack of a Firefox 1.5.x spellcheck extension is "Offtopic" in a forum about the recent firefox 1.5.x update?

As long as it works with IE Tab I'm happy

[devilsbrigade]

I'm not to serious into the Firefox vs. IE vs Opera debate. What i do know is i like tabs (in browsing, in chats, etc) and I like firefox because of the fact that when going to sites with code that installs USUALLY you get a nice popup saying "Do you want to save or open this file". When you are playing with Acess, MS project server, Slashdot etc, you don't alway have the attention to make sure you pages aren't installing programs for you. In my opinion the great test will be if this new version doesn't crash so often when i Use it to view MS project using IE tabs.

Advertising?

[Eric+Bishop]

OT, but /. should really think about a better way to target the advertising. I don't think anyone is interested in "Comparing prices on Mozilla".

Re:Advertising?

[PieEye]

I wasn't too interetest either - so I donated to /.

Why not 1.5.1?

[njchick]

If the release includes changes other than security fixes, wouldn't it be better to call it 1.5.1? In fact, Firefox 1.0.8 has been released too, and it increments the third rather than the fourth number for similar changes. Maybe Firefox developers want to convince users that the changes from 1.5 are really tiny? But it's not true, judging by the release notes.

Re:Why not 1.5.1?

[drinkypoo]

I just read the changelog and I don't see any major functionality changes (unless you consider making the thing not blow up functionality...)

Re:Why not 1.5.1?

[Kelson]

Because they switched to a more detailed numbering scheme with 1.5.

Given: x.y.z.w

x.y are the major/minor version numbers.
z is for an update that changes the API.
w is for an update that doesn't change the API.

This way they can distinguish between updates that are likely to break* extensions (Firefox 1.5.1) and those that theoretically should not (Firefox 1.5.0.2).

*By which I mean actually breaking functionality, requiring programming changes to the extension -- not just needing to bump the extension's compatibility label.

LEAKS ARE NOT A FEATURE!

Yes, we all know. The developers say that the memory cache explains the leaks.

THEY ARE LIEING.

Everyone needs to understand that. They are lieing.

Opera has a far superior memory cache feature for going forward and backward. Yet it doesn't leak up to 1GB of memory in a day's worth of use.

The Firefox memory leaks are a BUG, and not caused by any feature (other than poor memory management). They're caused by poor design and sloppy coding, period.

Re:LEAKS ARE NOT A FEATURE!

[dveditz]

The developers say that the memory cache explains the leaks.

THEY ARE LIEING.

One developer blogged that the memory cache explains some of the leaks.

We've also said bugs in popular extensions cause some of the leaks. http://kb.mozillazine.org/Problematic_extensions

But anyone who watches the project will see that we know leaks are bugs and are actively fixing them. Look in bugzilla, or look at the change logs of recent releases, for example: http://www.squarefree.com/burningedge/releases/1.5 .0.2.html

Firefox, the bug killer!

Firefox "kills" bug in headline, never to be seen again! Might as well call it Firefox Raid. While "IE has flaws" usually in headlines. Not like either of them is even close to being infallible, nor will they ever be, but I guess with the extremely biased editors this is to be expected.

This is Slashdot, are you expecting objectivity?

[Megaweapon]

The new release could have patched a hole that would have otherwise let the browser rape you in your sleep. Note the headline, when it's Firefox it reads "kills bugs". You'll never see that with an IE patch headline.

Optimized Builds

[VikingThunder]

Does anyone know of any SSE2 etc. optimized builds available? The Mozilla forums seem to have died.

Re:Optimized Builds

[tomstdenis]

How would SSE2 speed up rendering HTML?

If you think about it your webbrowser is for the most part a on-the-fly compiler, parsing HTML, XHTML, JS, etc and compiling it into onscreen "stuff".

Your question is like asking when GCC will support SSE2 natively to speed itself up.

There may be a few graphic algorithms that can benefit from SSE2 but for the most part nothing else.

Tom

Re:Optimized Builds

[VikingThunder]

I never really thought about that. Though I also never used optimized builds for faster rendering in the first place. I just use it since it makes FF feel snappier (loading etc.).

Re:Optimized Builds

[jZnat]

I'm guessing the difference is between using something compiled for i686 and the same thing compiled for pentium4 (up to SSE2). As far as I recall, SSE2 was a very large update of assembler instructions, and knowing the folks at GCC, they've figured out how to use most if not all of them efficiently by now. Some things (I don't know what specifically) would definitely increase in performance, but other things won't. Maybe compiling with -O3 instead of the typical -O2 will give you that extra microsecond of performance as well?

Re:Optimized Builds

There may be a few graphic algorithms that can benefit from SSE2 but for the most part nothing else.

If you consider that all a web browser does is draw graphics on the screen (which it gets from the network, in the form of bytes), performance enhancements here can only help.

Of course, the real improvement will be when everything's running on Cairo, with an OpenGL-based backend. We hope.

Version 1.0.8 available at...

Could not find 1.0.8 on website.

1.0.8 for many platforms is at: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/rele ases/1.0.8

FF configuration to reclaim leaked memory

[Tumbleweed]

Here's the URL I got it from:
reclaim leaked memory

In case this poor bastard's site gets Slashdotted, here's the trick:

      1. Open Firefox and go to the Address Bar. Type in about:config and then press Enter.
      2. Right Click in the page and select New -> Boolean.
      3. In the box that pops up enter config.trim_on_minimize. Press Enter.
      4. Now select True and then press Enter.
      5. Restart Firefox.

Once you've restarted, and been using FF awhile, minimize it, then bring it back, and the system (under Windows, anyway) will have reclaimed leaked memory (often LOTS of it). A new notice on that page says this works with Thunderbird, too, so I'll have to try that when I get to work.

Re:FF configuration to reclaim leaked memory

[NutscrapeSucks]

Interesting -- This used to be the default behavior of Firefox. They disabled it because they're allocating memory in some wierd way that causes massive swapping when you restore a minimized window. See bug 76831. Most Windows apps seem to "trim on minimize".

Anyways, thanks for the tip.

Re:FF configuration to reclaim leaked memory

[starwed]

You do realise that, if this works, it isn't really leaked memory?

Re:FF configuration to reclaim leaked memory

[Tumbleweed]

You do realise that, if this works, it isn't really leaked memory?

Whatever it is, it's memory being recovered after minimize/maximize. Call it what you like.

Pampers for programs

Have your young programs been making memory messes lately? Then you should try Pampers for programs, and if you have a program between versions 2.0-10.0 then try Pampers for Big programs... :P

In other news...

[Rytis]

Firefox is reported to pass the ACID2 test as well. Though it's just a development branch and there's still a load of work to do, it's nice to see they are finally getting to the finish.

Re:In other news...

[baadger]

Odd, I thought we wouldn't see that until atleast Firefox 3. I hope they plan to do enough regressional testing, although (here it comes) Opera 9 will probably beat it to the punch having already passed the test in weekly builds for some time now.

Re:In other news...

[techno-vampire]

I just upgraded and no, it doesn't, at least on my machine.

Re:In other news...

[BZ]

The Acid 2 thing is on the reflow branch, not on the trunk. Unless you "upgraded" by pulling that branch from CVS, you're not running it.

Re:In other news...

[BZ]

The reflow branch changes won't ship till Firefox 3, yes.

Yahoo Mail Bug fix

[Lothsahn]

This is the one that I was looking for (Yahoo! Mail Beta randomly crashes, causing the loss of whatever email is being written)

https://bugzilla.mozilla.org/show_bug.cgi?id=32268 3

I find it creepy...

That the mozilla.com english firefox download link goes to some archive.hk site. Incredibly creepy. I'll be waiting a few days before updating, just in case.

You can't fix bugs!

[WillAffleckUW]

Those are features!

This *would* have been news...

[Dhar]

...if Firefox hadn't updated itself before I got to read the article.

-g.

Arguable

[dereference]

FF has at least 10% market penetration, which is a HUGE number of computers, more than enough for some hacker to make money on.

That's 10% of what market--all Internet-connected computers on the planet? I think not. It's only 10% of some arguably small subset of all possible users. I've seen many logs of consumer retail sites showing Firefox represents more like 3% of the market (8% if you include Mozilla/SeaMonkey plus Netscape). And I'd further hypothesize that the Firefox users are biased, due to self-selection, to be more security aware and more likely to run other defensive utilities. Even it it were 10%, it's not even close to IE. Recall the days long ago when all the trade rags were saying Macs would never become dominant because software developers would always prefer to target 90% of users (on Windows), not the 10% on Macs. Well, advances in cross-platform development have helped, but indeed Macs are still (a dozen years later) nowhere near being dominant.

I don't know anyone whose computer is full of spyware because they use FF, but almost everyone I know who regularly uses IE complains how slow their computer is, and I look at their browser and there are 3 search bars that they have no idea where they came from or how to uninstall them.

Your anecdote, weak as it might be, actually supports my arguments, both above and in my GP post. You are jumping to the conclusion that a causal relationship exists, whereas I disagree. I'm much more inclined to say this is true only because the Firefox users represent a significantly different subset of all users, who are more aware of the security risks/benefits.

The reality is, FF discloses a vulnerability that ~could~ be exploited, then promptly fixes it, while IE doesn't disclose serious vulnerabilities that ~ARE~ being exploited and ~doesn't~ fix them. There are still ultra-critical IE exploits that have been in the wild for over a year, still resulting in drive-by installations, for which there still isn't a patch.

I agreed with this point already in my GP posting.

I feel and ~am~ much safer using FF and will continue to do so. All you have to look at is the reality, I've NEVER had a single piece of spyware installed since using FF (3 or 4 years). The same could not be said when I used IE, and cannot be said of friends that insist on still using IE.

Once again, beware of drawing such conclusions from the somewhat limited set of data you have. By all means continue to use Firefox and feel (and indeed become and stay in general) safer. But please note that this still does not mitigate the security implications of the existence of such a large number of critical bugs.

Re:Arguable

If I recall from my days of using Internet Explorer, Firefox is much more secure in ways that have nothing to do with something as easily removable as Spyware.

Firefox is much more open and candid with you about actual IMPORTANT things like Security Certificates, SSL, and other things which actually matter.

Re:Arguable

[DigitalRaptor]

In every single case, with every type of user, anyone who I've convinced to switch from IE to FF has had their spyware problem completely go away. This involves everyone from business owners to grandma's.

Anecdotal as it may be, I have lots of evidence that FF is safer, and no evidence that IE is safer.

One of the complications in this argument is when comparing "critical bugs", the definitition of what is and is not critical is made by the vendor.

MS has been shown repeatedly to classify something as critical only when it is only moments away from causing the entire collapse of society as we know it (sarcasm intentional), whereas Mozilla calls it like it is: if a bug in any way can lead to a remote exploit with local code execution it is termed critical.

When independent security firms use an unbiased metric to determine how critical a bug is, MS has many, many, many more critical bugs that take on average about 10 times longer to get fixed, if they get fixed at all.

Re:Arguable

[dereference]

Anecdotal as it may be, I have lots of evidence that FF is safer, and no evidence that IE is safer.

Perhaps you think I disagree with you on this point, but let me assure you I don't. I totally agree with that particular statement. I never said Firefox was not safer than IE in the current environment (such as market share, education of users, and many other market forces at work).

But I would hasten to add that this is on a relative basis only, and I don't think it's necessarily a causal relationship. Further, my concern is only that Firefox apologists seem to be downplaying the criticality of these flaws, saying that Firefox is now and will always be safe (not safer than anything else, just plain safe) and that's a very dangerous position, which is often self-defeating over time. Consider whether the attacks on Firefox may simply be more sophisticated and less prone to detection than the attacks against IE.

Again, I'm not claiming IE is safe, nor that it's safer than Firefox. But I'm not so sure Firefox is safe either. And, unless you've convinced literally tens of thousands of users to switch, and have closely and expertly monitored their systems for significant periods of time thereafter, you can't be so sure either.

Re:Arguable

[DigitalRaptor]

I've been applying patches to windows and linux servers long enough (5+ years) to know that NO software is, or ever will be, entirely safe or secure.

What I take issue with is saying that FF has just as many and just as bad bugs or vulnerabilites as IE, and that they just haven't been found yet because FF is too small of a target.

I fundamentally agree with the way FF is developed and handled, and fundamentally disagree with the way security is handled and information stifled at MS.

I believe if both browsers went to exactly 50% market share overnight, FF would be more prepared to protect it's users at 30, 90, 180, and 365 day security audits. FF patches are issued much faster, and the dangerous baggage of OS integration and bloat is avoided.

Re:Arguable

[dereference]

What I take issue with is saying that FF has just as many and just as bad bugs or vulnerabilites as IE, and that they just haven't been found yet because FF is too small of a target.

Well, I never said the part about the quantity, but I did say that the bugs are just as bad. You may not have reviewed the Firefox advisory, but exactly how much worse does it get than "arbitrary code execution" anyway? And if such problems exist, exactly how many of them are needed before it should be considered fundamentally insecure?

Take issue if you must, but I stand firmly by my assertion that for all practical purposes these flaws are indeed "just as bad" as those in IE. That one point was the source of my original disagreement with an ancestor posting; otherwise I completely agree with the rest of your statements.

Re:Arguable

[DigitalRaptor]

I'm simply trying to point out the difference between a vulnerability that could, theoretically, be used for arbitrary code execution, and one that IS being used daily for arbitrary code execution, drive-by installations, etc.

The point being that MS calls a vulnerability critical as a last resort, and Mozilla call a vulnerability critical if it even has the potential to theoretically become critical.

Mozilla is the one being honest, but if you look at the sheer numbers and not the descriptions of the vulnerabilities, it often appears that FF has 3 times as many "critical" vulnerabilities as IE, when just the opposite may be true.

Re:Arguable

[RobertLTux]

the difference is very simple to explain

On one side you have a lab with serveral different breeds of Smilidon faltalis , Raptors and Super Snakes.

On the other side you have IN THE WILD a few breeds of Smilidon and a couple Raptors.

Kitty in a cage or Kitty standing next to your desk which to you want.

Re:Arguable

[dereference]

Good grief; I must have fallen for a troll. Sorry, I really thought we were have a nice healthy discourse, but it seems you aren't listening except to yourself. I'm not attacking your precious browser, for crying out loud I use it myself. I'm just trying to get you to open your eyes just a bit wider.

I'm simply trying to point out the difference between a vulnerability that could, theoretically, be used for arbitrary code execution, and one that IS being used daily for arbitrary code execution, drive-by installations, etc.

Yes, I know; I understood that from the beginning. I never disputed this.

Mozilla is the one being honest, but if you look at the sheer numbers and not the descriptions of the vulnerabilities, it often appears that FF has 3 times as many "critical" vulnerabilities as IE, when just the opposite may be true.

Well, this is where I realized you weren't paying attention. I explained in three different postings that I was not just counting the damn vulnerabilities. This is all about the *severity* of the issues. Yes, it's all self-reported, and yes, Mozilla is over-reacting relative to Microsoft.

So, I get your point, but I think you're still missing mine. These are bad flaws. No matter how much you want to spin it, or to discount it due to Mozilla's over-reaction tendencies, these are *still* really serious problems.

My point is that we're wearing this cool shiny Firefox armor and feeling relatively invincible, but it's possible--just maybe--that we've got a false sense of security here.

A false sense of security is often far worse than no security at all. Yes it will probably get better, and yes it will probably get better far faster than Microsoft could ever imagine, but we're definitely not there yet.

Re:Arguable

[Fordiman]

What's interesting to note is that most if not all of these bugs were found in-house at mozilla, and patched with speed. I think the dude's trying to say that the Firefox development model is fundamentally better for consumers than IE. E.g., exploitable code is more-often-than-not found and patched by the developers faster than they are found and exploited in the wild - unlike the IE model in which exploits are only taken seriously whenever there's a threat of installed-base loss.

Of course, that sort of diligence is unsustainable, IMHO. I suspect that around Firefox 4.0 we'll start seeing exploits happen faster than patches.

Still, 4.0's a long way off.

The update kills some extensions.

[vinn01]

I just wish that it had told me which extensions will no longer be working *before* it did the update. You have to install the update before it tells you. Some extensions can be updated. Some will be killed.

I lost AniDisable and AutoForm. I'm going to miss AutoForm.

Progress has a price.

Re:The update kills some extensions.

[PolR]

Just update your preferences. You can make it ask the question on the next update

Re:The update kills some extensions.

[vinn01]

I have the box checked "Warn me if this will disable extensions or themes". It didn't work for this update.

Re:The update kills some extensions.

Redownload your extension, unzip it, edit the install.rdf file within and change the dependancy manually, it's only a few characters to adjust. Save, rezip the file and install your now working extension.

Ahhh. THANK YOU VERY MUCH!!! /nt

[maynard]

. ..

Link?

[MarkByers]

So do you have a link to the page?

Accurate firefox usage information

[elliott666]

It would be interesting to see how many times the automatic update is downloaded. At first glance it seems like that might be a good way to get some sort of idea as to how many people really are using Firefox.

The firefox update

[drgroove]

also leaves your firefox unable to get to the web. I had to restart my PC twice before firefox could connect again - oddly enough, it somehow also managed to wipe out gmail notifier, MSIE, outlook, etc. Basically, I was teleported back to the B.I. (before Internet) there for awhile this morning.

Focus problems with firefox remain unfixed

I am still running Firefox 0.8 because all of the recent versions still have serious focus stealing problems under linux/enlightenment. I have filed bug reports (confirmed by others) but they've mostly been ignored for a couple years so I have given up.

It bugs the hell out of me because 0.8 is so outdated and insecure..

Really WTF are the learning from MS??????????

[AgNO3]

OK Like all the other people This is crap. Its a feature. BULLSHIT. Any feature that when left running makes the browser so slow it is basically unsuable IS NOT A FEATURE. Oh I get it they are taking the MS approach to fixing bugs now. If we can't fix it its a feature. WHAT EVER I think I am going to download opera and see if I like it better because I am so sick of this. If I leave this running for more then 15 min left on slashdot I can't even type anymore with out huge lag. I like everything about FF right up to the point the window won't even drag around my screen smoothly. F this. Fix it and let me and everyone else know when you have. You all talk about not drinking the MS koolade. Well stop drinking the FF koolade. Saying its better then MS is like saying I would rather be shot once in the head then 3 times in the gut. My experience with FF sucking so bad are on the Mac.

Re:Really WTF are the learning from MS??????????

[AgNO3]

That comment it only a troll because it hurt your little OSS feelings. Everything I said is true. The FF may be more secure but it for sure has some really issues on the memory front on the Mac. On the PC I have not had problems with it. So unless you have used it on the Mac and know it to not do what I am saying how is it a troll? Oh its a troll because you don't agree. I get it.

That doesn't work

[DigitlDud]

This doesn't reclaim anything. All it does is trim the working set which results in less RAM usage being reported and, will be more likely to page the memory to disk. If you use your system for awhile with the application minimized, it will likely be very unresponsive once restored.

One nitpick

[aCapitalist]

If anyone's vulnerabilities ~should~ be actively exploited it's FF's, because the source is read and there is full disclosure on the vulnerabilities. But I know of almost none that have been, and none that were widespread.

How many people do you think are really "reading" the source. And when I say read, I don't mean downloading the source, opening up a couple files in vim just to check it out, then build it and be on your merry way. And I'm not talking about average C++ programmers either. I'm talking about C++ programmers that actually understand the codebase. It's probably not as many as the usual open source groupthink claims.

That said, I still trust Firefox more than IE. And I'm pretty much "locked-in" to it with the tabs and especially the extensions. I still haven't found a modern browser that renders as fast as IE though - if you don't count Dillo.

Re:One nitpick

How many people do you think are really "reading" the source. And when I say read, I don't mean downloading the source, opening up a couple files in vim just to check it out, then build it and be on your merry way.

Hrm, sorry to post anon while I'm at work. Granted, FF code isn't as interesting to most people as the latest NYT bestselling novel - but I know at least half a dozen people off the top of my head. I don't know personally or just hang out with FF dev's either. lol.

I've contributed to the source (long since versioned out), so that explains why I can and sometimes do - but the others don't have any real interest in doing so, or rarely have time to 'play with the code'. Still, some people DO check it out from time to time just based on only my personal experience.

You're probably right though, it's probably not as many as we'd like to believe.

I was gonna poke in something about this at least being possible on OSS software - which is why I tend to use it - but you didn't mention and it'd just probably start a misunderstanding or flame war anyway. (blah)

Hard not to promote what you personally think is a great idea and product sometimes I guess. =)

Re:One nitpick

[aCapitalist]

A nice response without OSS fanboyism handwaving. I'll concur that there are more likely more competent eyes on the code than competent eyes on IE at Microsoft.

Re:One nitpick

[Fordiman]

"How many people do you think are really "reading" the source."

The mozilla in-house guys that have been locating their own exploits at blazing speed.

Though, I've looked at it (trying to get the Qt port to work), and I don't know how they can find a damn thing in that mess.

Memory is a cache, not leaked

[Spaceman40]

Not to be pedantic, but the GP has a point: "leaked" memory is memory the program doesn't know about anymore, lost in the bowels of the machine. This memory is being used to cache the pages in history (to make the "back" functionality faster). It isn't leaked, it's working as intended.

Now, whether this is the right thing to do or not is pretty contested, but that's the design.

Re:Memory is a cache, not leaked

[Tumbleweed]

I thought that's what the browser.sessionhistory.max_total_viewers setting was for (caching pages in history).

Re:Memory is a cache, not leaked

my guess is even you enable session history, the trim_on_minimize thing will throw away the caches.

Re:Memory is a cache, not leaked

[Tumbleweed]

my guess is even you enable session history, the trim_on_minimize thing will throw away the caches.

It's definitely not throwing them away, and it's not noticeably slowing anything down, so I dunno what it's doing.

Re:Memory is a cache, not leaked

[DigitlDud]

No, the trim option trims the process working set on minimize. It has nothing to do with the page memory cache. Trimming the working set results in the OS eventually paging the memory to disk, leaked memory or not. This is not a solution to the problem it's just defeating the purpose of the system's memory manager.

Acting Like Spyware

[opensrvtech]

This update scared the hell out of me. I couldn't tell if a 3rd party app had mysteriously been installed or if it was a trusted update from Mozilla... There was no information available in the popup itself and the update/release notes had not yet been released, we're not loaded into a tab or window and had not hit the web or cleared my ISP's cache. Yet, I get a popup telling me that, basicly, I may or may not be fucked if and when I permit Firefox to reload. It's important to facilitate end user verification and awareness of what a trusted 3rd party is about to do to their machine.

This is bad protocol. Many (and I mean MANY) 3rd party nightmares identify themselves as proper patches for trusted titles. Firefox's update looked exactly like several of them. It's IMPORTANT TO CLARIFY WHO YOU ARE AND WHAT YOU'RE DOING. This could be resolved in any number of convenient, non-frightening, ways (All of them, too obvious to list).

It would be of tremendous value to the more paranoid side of geekdom if Mozilla/Firefox also forced release notes to load at the time of notification of an update. It took me more than 4 hours to give in and run a complete system backup to dvd... all because my browser wanted a restart.

Re:Acting Like Spyware

[MichaelSmith]

This update scared the hell out of me. I couldn't tell if a 3rd party app had mysteriously been installed or if it was a trusted update from Mozilla

Yes, me to. I would like to see firefox notify the user with an update button, or similar tool, so that they can choose when to take the update. The fact that it is in the browser toolbar should make it less likely to be an exploit.

I installed the firefox binary from mozilla.org in /usr/local/firefox and I am going to go back now and change the ownership to root. I can always download the binary again to get updates.

Re:Acting Like Spyware

[ModernGeek]

Can you post a screenshot of what it looks like? I'd like to see what you're talking about, I didn't see it.

CPU Usage Up and Up

[towsonu2003]

With every new release, CPU usage goes up by 10-20% in my system (ubuntu linux). I'm getting sick of this. May be with Dapper (clean install), I should upgrade myself to epiphany... The heat burns my private places now (laptop). aie aie

The Biggest Bug

When are they going to fix the bug where the developers just keep on throwing new stupid crap features into Firefox and won't fix bugs that annoy real people? That's the biggest farkin' bug.

FireFox is SO good!!!!!11!!11one!1

maybe if they would have taken the time to write bug-free code the first time, they wouldn't have to come out with a new point release every few weeks.

Slashdot post on this issue

[nephridium]

http://developers.slashdot.org/comments.pl?sid=177 439&cid=14721513

I've never experienced the memory leak issue with my firefox, but for those that do - maybe this clarifies some things.

And for those that are really tight on memory there is always lynx ;)

Everything has issues with a MAC.

You just havent figured that out. Firefox on nwindows and Linux operate the same. On a MAC geez. ANd Safari sucks