Mozilla Firefox 1.5.0.4 Released

KrayzieKyd writes "God Bless Mozilla. Firefox has just notified me that Firefox version 1.5.0.4 has just been released with release notes and according to Mozilla's website, the same has been released for Thunderbird with its own release notes."

Freshmeat?

[mtenhagen]

Are we getting slashdot articles for each verion bump of the mozilla products? I tought freshmeat was created for that.

Is there something special about this release? According to the release notes these bugs where removed. Great but not enough for a slashdot article.

MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

Re:Freshmeat?

[cperciva]

Are we getting slashdot articles for each verion bump of the mozilla products?

Well, we seem to get slashdot articles about every MSIE security flaw; by that standard a new release of FireFox which fixes 12 security flaws (5 of them rated "critical") is certainly slashdotworthy.

Re:Freshmeat?

[KiloByte]

The thing is, you don't ever hear about MSIE security issues unless there is already a popular exploit in the wild.

Re:Freshmeat?

Well the FAQ of the release notes does say:

What can I do to help?

We need all the exposure we can get ... Submit a story to Slashdot and other news sites about the release.

Someone was bound to follow the instructions.

Re:Freshmeat?

[WalterGR]

...a new release of FireFox which fixes 12 security flaws (5 of them rated "critical") is certainly slashdotworthy.

And actually, MFSA 2006-32 fixes *7* "potential memory corruption" vulnerabilities, so the count of critical flaws alone could be as high as 12.

Re:Freshmeat?

[Cyvros]

Well, I think Slashdot should - it might be a minor update, but it is important. Mind you, I haven't seen any mention of Firefox 2 alpha 3, which was released a week ago.

I'm sure someone out there realises why I mentioned this.

Re:Freshmeat?

[Xamataca]

memory leak?... that's why I can't surf more than five of those neat sites with tinny porn video thumbs... ermm, shit.

Re:Freshmeat?

[indifferent+children]

Instead of switching to FireFox, why didn't you just load a FireFox-ish theme into IE?

Re:Freshmeat?

[MobileTatsu-NJG]

"Submit a story to Slashdot and other news sites about the release. Someone was bound to follow the instructions."

Ah, so this is a Slashvertisment.

Re:Freshmeat?

[lpcustom]

You know this flamebait made me think, which almost caused me to have a stroke, so try not to let it happen again. I wanted to compare the two browsers to see just how much of a memory leak I get from FF.
I started with FF with my normal three tabs each with a different site open. I pulled up taskmanager and looked at all running processes. There was firefox at 31 meg.
So then I open IE6. Since I rarely use it I haven't changed the default home page from MSN. I check taskmanager, again. iexplore starts up using 45 meg. So I think maybe it's because of the website. I point IE6 at google. Sure enough the RAM usage goes down to 42 meg. To be fair however I thought I should open the three sites I have open in my FF tabs in IE.
iexplore.exe ---> 42,976k
iexplore.exe ---> 24,444k
iexplore.exe ---> 38,408k
Total iexplore.exe RAM usage 105,828k
Firefox with the same sites open in three tabs ---> 31,776k
If firefox is leaking on my machine it's into a big bucket called iexplore.exe

Re:Freshmeat?

[lpcustom]

Ok, to be fair I opened IE6....launched two new windows.....opened up my three sites.....now the one iexplore.exe process is 63 meg. ...Is that fair enough....it's still double the RAM

Re:Freshmeat?

Now leave both browsers open for a day. IE6 will still be at 63 MB. Firefox wil be above 100 MB.

Re:Freshmeat?

You know how Firefox weenies always shout "SHARED MEMORY!" whenever anyone does something like that with Firefox? Guess what... SHARED MEMORY!

That'd only be slightly valid if you used one instance of Internet Explorer to launch all three windows. Try the test again by hitting Control-N to open new windows in Internet Explorer and see what happens. I guarentee you it'll be less than Firefox uses.

Re:Freshmeat?

[mrchaotica]

Leave it open for a few days. The reason that it's called a "leak" is that the free memory slowly decreases over time.

Seamonkey also updated

[darteaga]

Seamonkey, the new version of the old mozilla suite (Netscape-like) has also been updated. The release notes: http://www.mozilla.org/projects/seamonkey/releases /seamonkey1.0.2/.

Incremental Updates

[Nighttime]

I thought one of the benefits of Firefox 1.5 was incremental updates i.e. patches that that are in the 100s of KBs range. However, watching the progress meter for this latest update it will have eventually downloaded 6.1MB, which is basically the full version of Firefox.

Re:Incremental Updates

[fondacio]

In that case, you were updating a version lower than 1.5.0.3. If there is no incremental patch, the updater reverts to downloading and executing the full installer. I just updated 1.5.0.3, and the file it downloaded was quite small. Incidentally, Mozilla Thunderbird has also been updated to 1.5.0.4.

Re:Incremental Updates

[digital-hell-native]

The update worked fine for me and only took a second. There are some issues that may lead to incremental update failure. In that case, Firefox will simply re-download the full version. Probably what happened to you.

Re:Incremental Updates

[masklinn]

My FF 1.5.0.3 downloaded a mere 600k, and Thunderbird's update to 1.5.0.4 was roughtly the same size (~500k).

Your FF probably failed a hash check or something and downloaded everything to reinstall from scratch, that's the fallback when the updater doesn't manager to install incremental updates.

Re:Incremental Updates

[argStyopa]

Firefox 1.5.0.3 to 1.5.0.4 = 511kb on my Win98 box.

Re:Incremental Updates

[dveditz]

It would, indeed, be nice if we had partial patches more than one version back. We simply don't have the capacity to do so and ship timely releases. We're already juggling 3 platforms (4 while we transition from Mac PPC to Mac Universal Binary releases) times around 40 languages times 2 update packages (full and partial). Adding even one version back means another 120 update paths to build and test and ask our mirror sites to host.

For what? Anyone with automatic updates turned on is at most one version back--they've had several weeks of daily update checks to get them there--so we're talking about people who have updates turned off and one random day decide to hit the "Check for Updates" button. It's not worth burning our people out and adding to our mirroring burden to optimize the experience of a very small number of people.

Re:Will it stop crashing?

[OffTheLip]

Not so much crashing but 1.5 seems slower. Especially noticeable with several (or many) tabs open. Systems I've noticed this on were not low end either. And OS did not matter, Windows XP, RHEL and Fedora all were sluggish. Seems like 1.0.7 offered a better all around browser experience.

Here we go...

[jginspace]

I'd like to hear about memory management issues, frequent crashes and how Opera was there first - in that order. I need a refresher; it must be while since v1.5.0.3.

Re:Here we go...

[l3v1]

I used to hear a lot about such "memory management" issues, and a lot of them turned out to be lack of knowledge about configuration options regarding firefox's memory cache and page history cache sizes. Some issues are there besides these easily manageble ones, no debate about that, but most of them only come up after firefox running continuously for days (for me that is sometimes 1-2 weeks), which makes them unnoticable for most home users. Still, it would be good to solve these issues someday.

Re:Here we go...

[SnowZero]

I like FireFox, but it can consume a lot of RAM on any operating system. I've gotten it up to 700MB in Linux before. Tabs are a both a blessing and a curse.

Re:Here we go...

[LS]

I don't think the average user should have to worry about "memory management". Memory is something that should be abstracted away and not exposed to anyone but an advanced user. If in normal usage the caching features cause undesirable behavior, I consider this a defect in the design, if not the implementation.

LS

Show the world and be taken seriously!

[MindPrison]

I think it's excellent with all these updates. Firefox if absolutely worth the attention.

Before Firefox - our local banking etc. where only accepted on Internet Explorer and nothing else, leaving out Mac and Linux users. Today Firefox is so respected that our country's Largest Bank support it!

Way to go FIREFOX!.

Re:Show the world and be taken seriously!

[Mafia$oft]

This reflects much more on your CRAPTASTIC bank than on the wide distribution of Firefox.
Any bank that still has been restricting access to IE only during the last two years (many would say even longer than that) should be beaten unconscious and shot, given IEs widely known rather big insecurity issues (sure, Firefox also has its share of issues, but it's nowhere near as severe, often and unpatched as is IE).

What, online banking, using IE? Eeeeeeckck!!

Menu Delay

Is it just me or are the menus like 4 times faster at least? Or is it this patch changes firefox so that my old registry tweak setting windows menu paint dealy from 400ms to 0ms now being recognized by FF? I'ts not a simple memory leak fix because I have 1.5 gigs and I never noticed FF slowing down after long term use.

Or am I just crazy and nothing changed at all? maybe it was the extention update to cute menus cyrstal SVG

Re:thats it?

[aussie_a]

I used Opera 8 for several months and found it to be slower and broken on more sites then Firefox.

1.5.0.4 is major.significant.minor.forget-it

[k1980pc]

Hardly looks like news. And I'm already tired of Mozilla team not addressing the most critical issue - memory hogging. Brushing that aside is not going to help the developers or the users.

Re:1.5.0.4 is major.significant.minor.forget-it

[Jerf]

Fixing "memory hogging" generally require significant architecture changes. This is not the sort of thing you get on a x.x.x.1 release.

I'm sure they're addressing this issue as it is easily now the #1 complaint about Mozilla. I recall it having memory issues even before plugins and the memory-hogging history-full-page-store feature (the one where you hit "back" and the page is just supposed to pop up, not re-render or re-request), but those two issues have magnified the issue into something that can't be ignored or poo-poo'ed anymore; I, too, will often see my Firefox hovering around the 600MB mark, and I recently installed that memory leak test tool and it didn't come up often at all.

Probably ought to shut off that feature; doesn't seem to do much for me anyhow.

Re:1.5.0.4 is major.significant.minor.forget-it

[dveditz]

Our intention is to never ship a 1.5.1.x, if we do it means there was some security issue we couldn't fix without breaking extensions (as happened in 1.0.3). With this scheme extensions can claim compatibility into the future (1.5.0.*) and we can warn the user about potentially incompatible extensions before they update.

If it helps, think of it as version "1.5.04" -- the extra decimal is for internal use.

Re:Will it stop crashing?

[ozmanjusri]

Is it better or worse than 1.0?

It's OK, but the troll-blocker doesn't seem to be working very well.

Re:Is this intereseting?

[taskforce]

Actually Opera does outline security issues which were fixed in each new incremental version: Opera Changelogs

Re:Will it stop crashing?

[root_42]

This is known and actually a feature, which can be turned off:

http://weblogs.mozillazine.org/ben/archives/009749 .html

disappointing

[distantbody]

And I *still* can't find text within a textbox...

Re:What does God have to do with this?

[Bromskloss]

What does God have to do with this?

Yeah, like he is be some omnipresent person having to do with everything in the universe or something.

Re:Mozilla bug database is a joke

[ClamIAm]

You're either a grade A moron or a grade F troll. Go to bugzilla.mozilla.org. I'm looking through dozens of bugs right now. No reg required. (oh, and they don't like links from slashdot. so copy and paste the URL)

In addition, the definitions of "open source" and "free software" have nothing to do with anonymous bugzilla access, but rather with the availability of source code and the rights one has with regards to use and modification of said code. If you don't believe me, read the definitions yourself.

Re:Thank God

[Jussi+K.+Kojootti]

I guess your suggestion is this (although you didn't really specify what "work" means):
1. All firefox copies poll mozilla.org every minute to check for updates
2. All firefox copies download the update at the exact same moment

Looks good. Can't see any flaws there.

Re:Is this intereseting?

[flobberchops]

They are swept under the carpet, just try viewing them in the bugzilla database :)

Spellbound

[Supurcell]

If only my Spellbound plug-in would work again. Now howe will aye bee able two correct my pore spelling?

Now if only there was a plug-in for the correction of misused homonyms.

Thunderbird now in mac universal binary

[anticypher]

Just tested with the newest macintel universal binary, and it is significantly faster than 1.5.0.2 (which also claimed universal binary, but they fucked up).

If you let software update happen on a mac intel, it doesn't update to 1.5.0.4 universal, but just updates the PPC image. You need to download the new universal image, and install that over the older version, and then it runs.

They still haven't addressed all the networking problems yet, but I really don't ever expect them to.

the AC

Re:Thunderbird now in mac universal binary

If Thunderbird transitions to universal binaries in the same way Firefox has just done, then from the next release it will be universal only, and the updater will map PPC-->Universal and Universal-->Universal.

Re:SeaMonkey for Security

[bunratty]

Anyone wanting to stick with the Mozilla Suite should upgrade to SeaMonkey soon for security updates. SeaMonkey gets all the core security fixes Firefox and Thunderbird do, but the old Suite isn't being developed any more and therefore won't get any security fixes.

DON'T TRUST THE LYING LIBERAL MEDIA!

CNN is for commies! TRUE PATRIOTS watch FoxNews!

Re:Open the FIXED security bugs in the database..

[Rogue+Pat]

Maybe a diff on the source will tell you the coded solution. But it's quite likely that the entry in Bugzilla itself gives you the exploit.

I see no particular reason to publicize exploits.

Re:Opensource is FUD

[Rogue+Pat]

Looking at the source code, you can see which code got changed and which changes were made. The bug is not for your eyes, as it may give detailed steps to exploit the vulnerability.

Remember when Microsoft releases a patch it would say "a maliciously crafted web page may" etc. The bugzilla entry for Firefox may actually GIVE you all you need to build that maliciously crafted page.

As said before, there's no need to publicize detailed steps to exploit a browser.

Re:Will it stop crashing?

[suv4x4]

This is known and actually a feature, which can be turned off

What kind of a feature is it, if everybody complain about it.

Plus turning caching off doesn't solve Firefox's speed. Part of the problem is bad memory management and coding, part of it is slow rendering engine, and part is the fact all tabs share a single thread, so when one takes more CPU, the whole window freezes.

Those are software design mistakes, and calling them various funny names, like "features" won't solve the fact we've actual problems with it.

Re:SeaMonkey!!!!

[bunratty]

Q: I have Mozilla 1.7.13. What am I supposed to upgrade to!?!?!
A: SeaMonkey!!!!

Bon Echo

[Vexorian]

I am currently using Bon Echo Alpha 3 . I tried 1.5.0.4 and it seems much stabler and faster than 1.5.0.3 but it seems to me that Bon echo is still the best firefox version, It seriously is awesome.

Default update setting flawed

[LS]

Considering that privacy and security are big concerns for every large software project these days, I believe that Firefox's default update setting should be changed. If you go to Tools --> Options --> Advanced --> Update, and you haven't changed your default settings, you will find that it is set to "Automatically download and install the update". Even Microsoft wouldn't do this, so why is it acceptable in Firefox? It should default to "Ask me what I want to do.", and during the first update, a checkbox should be provided asking the user if he wants automatic updates from then on.

My 2 cents.

LS

It not only fails validation but also....

[burnttoy]

But, as I've brought up with them before, the site is full of wasted space. I even wrote them a tool to remove all that guff but was told (about 6 months ago) that they were working on the problem.

I only noticed it when I was parsing the thing for an new aggregator and found a big input file to output file sise diff. The XML parser was set to discard pointless whitespace.

Validator... http://validator.w3.org/check?uri=http%3A%2F%2Fnew s.bbc.co.uk%2F

---

Sometimes I feel like I'm repeating myself. Sometimes I feel like I'm repeating myself.

Re:Are we at the mercy of the update gods?

[NalosLayor]

Help->Check For Updates

information in a simple form

[cyfer2000]

We call that "Web 1.0".