Firefox Update Kills Bugs, Adds Mac Support

Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox 1.5.0.2, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release."

Themes and extensions keep working

This time around, almost all extension and theme authors got the version dependency right, so unlike after the previous update, your extensions and themes won't be disabled. It's a security update, so do install it.

Re:Themes and extensions keep working

[christopherfinke]

This is because the maxVersion in the extensions for 1.5.0.1 in the majority of cases is 1.5.0.*, so if your extensions work with 1.5.0.1 and 1.5.0.2, they'll be compatible with any future security upgrades for this branch.

Patch

[Ryz0r]

Download the patch here!

haha, no, seriously.. i'm joking

..*ducks*

What's new in Firefox 1.5.0.2

[anandpur]

From Burning Edge:
http://www.squarefree.com/burningedge/releases/1.5 .0.2.html

Re:What's new in Firefox 1.5.0.2

[Wannabe+Code+Monkey]

264787 - [Mac] Ctrl+Tab and Ctrl+Shift+Tab Next/Previous Tab Keyboard Shortcuts no longer work (worked in Firefox 1.0.x).

Thank God! I've been waiting for this, I couldn't for the life of me understand why this no longer worked on the mac version. I also just found out that you can change firefox's keybindings to be emacs-like on any platform. Actually that article shows you how to change the keybindings to be like anything you want, they just use emacs as an example.

Some leaks fixed

[EggyToast]

Here's the big ones, IMO, from a mac user's perspective:

• Memory leaks
• 321283 - Using Find causes documents to leak.
• 323532 - Leak when using history autocomplete.
• 323377 - Lots of leaks in nsInternetSearchService.

Numerous times would I come home to see Firefox using over a gig of memory and eating up about 40% of my proc cycles. A quick quit/restart of the app would fix it, but still -- I regularly close tabs and don't develop long histories on multiple open tabs, so it didn't make any sense.

I just hope that those leaks are the ones I was actually experiencing...

Re:Some leaks fixed

[bahwi]

They fixed a serious bug that was affecting me in the moz branch, that was ported over to the xulrunner nightlies. Apparently I was creating too many JS Obj's and crashing out the system. Now it works perfectly with my thousands of javascript objects, mwa-ha-ha. =)

But seriously, it's a CRM app loading stats from an XML source on the server side, and when using E4X you get an XML Object for each XML file(or entry, depending) so it's easy and quick when running yearly stats to generate a bunch of objects. But now it works like a charm, smooth, and fast. The only prob is it's a 1.8.0.2 nightly, not a release. But working is working.

"Fixes some security issues"?

[YU+Nicks+NE+Way]

Sweet baby Jesus, it fixes 21 separate issues *all of which can be used to execute arbitrary code*! Did they have time to fix any vulnerabilities which were only "somewhat critical"?

Re:"Fixes some security issues"?

[YU+Nicks+NE+Way]

That's what I thought, too, but, in fact, no. Per Secunia's summary of sources:

1, 9, 10, 12, 18, 20) shutdown
2) Igor Bukanov
3) Bernd Mielke
4) Alden D'Souza
5) Martijn Wargers
6) Bob Clary
7) Tristor
8) Michael Krax
11, 14, 21) moz_bug_r_a4
13, 16) TippingPoint and the Zero Day Initiative
17) Claus Jørgensen and Jesse Ruderman
19) Georgi Guninski

Metasploit isn't mentioned anywhere.

Re:It still leaks!

[somersault]

Isn't the memory 'leak' just the caching of pages, that you can disable by typing about:config in the title bar, and change "browser.sessionhistory.max_entries" to a lower value? Firefox keeps the last few pages in memory to increase speed when you browse to a previously used page.

Yeah

[springbox]

The original poster might want to read this: Firefox "Memory Leak" is a Feature

Mac Support

Just to clarify, Firefox has long had Mac support. This distribution adds Universal Binary support so that Firefox is now native for Intel Macs.

Re:It still leaks!

[hal9000(jr)]

I have found most of the memory leak issues are when using Java applets. Oh, and parsing a 35Mb XML file, memory usaged soared to over 1.5 GB and kept climbing.

Annoying update message

[LiquidCoooled]

It did it again.
I have firefox set to inform me that theres an update.

In my eyes that update check should only occur when I open a window, NOT when I'm in the middle of typing.
I saw a flash of something whilst I was typing and realised I had inadvertantly accepted a popup box.

I want to set Firefox to inform me of updates, but make sure it only does that when opening a new window or tab (so it knows I'm not actively typing).

Re:It is nice

[LiquidCoooled]

It still updates in the middle of use.
The default button is still focused and easy to accept.
If it only displayed this update message upon startup/New tab/window then I wouldn't have a problem, but if it detects an update mid session then it pops up then taking away focus.
I personally prefered the update throbber in the top right.

Re:It still leaks!

[shawn(at)fsu]

if it doesn't work as well for you, something else is wrong.
Just because it works fine on one machine is no guarantee that it will work just as well on other machines.

I'm up to 80 megs used with only 4 tabs open (CNN /. Gmail, Milk&Cookies). I changed the setting in about.config weeks ago.

Firefox doesn't release memory like it should. It jumped from 50 to 75 when I opened a new window to view a QuickTime movie, when I closed it the memory wasn't release. If I watch a wmv file it will routinely jumped in to the high 90's low 100's. I opened the same pages with IE and when I close the window with the QuickTime movie the memory jumps back down.

Hold on there

[dereference]

With only 1% of users on Firefox, they can hardly be considered critical. Any vulnerability in Internet Explorer is automatically 99 times as bad, due to its user base.

Be careful with this line of reasoning. All along there's been this mantra of "Firefox is inherently more secure, and would be even if it were the dominant browser" spouted continuously. Well, I happen think the GP makes a great point about this, and your reasoning seems to fly in the face of the mantra. Don't get me wrong--I'm one of these said spouters--but I'm honestly feeling more than a bit hypocritical at this moment. These are some damn serious issues, and it's not just a handful.

Now, I suspect the reason for this is that the Firefox community as a whole (users and developers) are far more pre-disposed to actually finding and publicly disclosing such bugs. My guess is that we really only see the tip of the IE iceberg in terms of security.

However, we still can't have it both ways; these are indeed very critical bugs, and to dismiss them otherwise may seem beneficial, but it's actually a great disservice.

Re:It still leaks!

[everphilski]

When you close those 60 tabs, firefox should free the memory. It doesn't.

Who cares?

Seeing as that memory is now lost and unusable you **should** care. It is a sign of sloppy design anyways and the other two (Opera and IE) don't seem to have problems with memory leaks...

FF configuration to reclaim leaked memory

[Tumbleweed]

Here's the URL I got it from:
reclaim leaked memory

In case this poor bastard's site gets Slashdotted, here's the trick:

      1. Open Firefox and go to the Address Bar. Type in about:config and then press Enter.
      2. Right Click in the page and select New -> Boolean.
      3. In the box that pops up enter config.trim_on_minimize. Press Enter.
      4. Now select True and then press Enter.
      5. Restart Firefox.

Once you've restarted, and been using FF awhile, minimize it, then bring it back, and the system (under Windows, anyway) will have reclaimed leaked memory (often LOTS of it). A new notice on that page says this works with Thunderbird, too, so I'll have to try that when I get to work.

Re:FF configuration to reclaim leaked memory

[starwed]

You do realise that, if this works, it isn't really leaked memory?

Re:It still leaks!

[Dan+Ost]

Set browser.sessionhistory.max_total_viewers to 0 and see if that helps. If it does, then
you're not dealing with a memory leak (or at least, not an accidental one...they put this
in there on purpose).

I'm running 1.5.0.1 on gentoo linux (no gnome or kde) and experience no memory leak. I often
leave it running for days and, while my memory footprint varies with usage, it doesn't appear
to be behaving baddly (memory usage always approaches a base level after I finish most of my
browsing).

This *would* have been news...

[Dhar]

...if Firefox hadn't updated itself before I got to read the article.

-g.