Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thunderbird 2.0 Alpha 1, Firefox 1.5.0.5 Available

Posted by ryuzaki0 on from the yay-for-mythical-creatures dept.

nuyorker and hdm wrote to mention the new releases for Thunderbird and Firefox. hdm writes "This release of Firefox fixes 12 security holes, many of which can be used to execute malicious code. The Browser Fun project has provided an online demonstration of one of these flaws. This demonstration is capable of executing code on Windows, Linux, and both architectures of the Mac OS X platform; you're going to want to upgrade today!"

10 of 164 comments (clear)

  1. Re:So much for security... by hritcu · · Score: 3, Interesting

    Probably this is a more general issue than just security. They should take the whole testing process more serious. Having millions of users it is not enough to ensure product quality, even if it helps to some extent.

    --
    If you don't fail at least 90 percent of the time, you're not aiming high enough. (Alan Kay)
  2. Re:So much for security... by Sycraft-fu · · Score: 4, Interesting

    But that's what people give MS shit for, finding and fixing security holes. The attitude is that, had there been better design, the holes would not have existed in the first place. I've often seen it preached that OSS doesn't have the same problems since many eyes look at it and thus find all the bugs. That is, of course, not the case. I think the GP was simply pointing that out. some people feel like running Firefox is a magical security shield, that it doesn't have problem. Well, it does, they just don't seem to be getting exploited before there's a chance to fix them.

    Of course one has to wonder what will happen as it becomes more popular. Plenty of people installed it before it started auto updating. Not too long ago I came across a grad student's laptop that was still running a pre 1.0 version. They figured they were safe and there was no reason to update since what they had worked.

  3. a problem with firefox installs by doom · · Score: 4, Interesting
    Would anyone want to hear a semi-relevant complaint about Firefox? There's some major suckage in the installer as far as Linux is concerned. If you make the mistake of trying to put the new version of firefox where the existing version is, it's entirely too easy to end up blowing away an entire directory -- e.g. your "/usr/bin".

    Try to imagine writing a shell script that would cheerfully do a cd /usr/bin; rm *. Can you? Now look at this bug report: bug 234479

    One of the programmers (Andrew Schultz) can't imagine any way of dealing with version skew problems outside of completely erasing the installation directory in order to start from scratch.

    1. Re:a problem with firefox installs by ZorbaTHut · · Score: 2, Interesting

      That's a good point. I'll install Firefox into /usr/local/bin instead. I'm sure that won't delete any important files.

      The problem isn't "it deletes files when you install it into /usr/bin". The problem is "it deletes files that it has no business deleting". It's a reasonably common mistake that never takes more than a few days to get fixed once it's reported. Except, apparently, in this case.

      --
      Breaking Into the Industry - A development log about starting a game studio.
  4. Still not fixed. by werdnapk · · Score: 2, Interesting

    I have version 1.5.0.5 installed on my windows machine and the online demo still crashes my browser. I will await version 1.5.0.6. :)

  5. Re:Memory features by Anonymous Coward · · Score: 1, Interesting

    Try loading 10+ tabs that are loading a jpg, png, or gif image of 800x600 or more. I have noticed that if I leave firefox running for days at a time, with five tabs open it sits quite happy at about ~200 megs. Keep in mind, I run this PC 24/7 and don't close firefox; it closes itself (read: crashes).

    Not sure what extension causes it, it's kinda random.

    Anyway; load ten tabs of different things in each one (preferrably a different website in each), leave it running for an hour or so, then load one more tab, preferrably an image board. Open a new tab for 15 or so different images from that website in the same instance of firefox. This has caused my instance of firefox to jump from 200 megs up to 1.2 gigabytes, and the page usage is almost always the same.

    Firefox is on fire, baby. :-(

  6. Firefox ? How about Seamonkey? by Kanasta · · Score: 2, Interesting

    Wonder why Seamonkey gets close to nil attention here, thinking ./ users would want the extra functionality/control of Seamonkey over FF's pretty face.

    ALways wonder why if both use Gecko, FF supports horizontal scrolls while SM doesn't. Plus touchpad zoom 'just works' in FF and even IE, and 'just doesn't' in SM.

  7. Very Deja Microsoft experience by redtail · · Score: 3, Interesting

    Just the other day I updgrade to 1.5 so I can use an extention. Unknow to me that turns on automatic updates. Turn my box on today and am told update is ready. Grumble, OK. Enter endless loop of Firefox unable to complete update (because I don't run as admin). Can't EVEN LOG OFF. Have to kill firefox from process list. I guess I'll run IE for an hour to feel better about Firefox again.

    --
    Redtail
  8. tbird - LDAP still lacking MAJOR feature by dino213b · · Score: 2, Interesting

    After reading the 'what's new' for the a-release and its bug fixes, it still boils down to one thing: Thunderbird still can't let you add address book records using LDAP. I was hoping this issue would get resolved soon enough but no dice. Someone, PLEASE tell me how wrong I am. I beg you!

    This is frustrating because in my experience, Outlook is such an irrational piece of software when it comes to IMAP/LDAP and Thunderbird (to me anyway) only provides a superior IMAP portion. Still does wonders for me but how would a small office synchronize their address book otherwise?

    Luckily there is a Thunderbird plugin that performs that trick by using regular files -- SyncMab.

  9. C - Cyclone by John+Nowak · · Score: 2, Interesting

    When are we going to stop writing large programs in C? For small things where potability is critical and lines of code are low, C can be a good choice for a certain class of application where low-level access and/or high efficiency is needed. However, with something massive like Firefox, it isn't possible to keep tabs on things. The result is a number of security holes surfacing constantly -- Not an ideal situation. Why not move to a more secure language like Cyclone? Programmer portability in such a situation is high and entire classes of bugs would disappear. The performance penalty would be minimal.

    Why aren't more people using such language? Why not use Cycling, or even higher level languages where they can reduce lines of code and keep things more maintainable in less performance critical sections? I can only attribute it to laziness and blubism:

    "As long as our hypothetical Blub programmer is looking down the power continuum, he knows he's looking down. Languages less powerful than Blub are obviously less powerful, because they're missing some feature he's used to. But when our hypothetical Blub programmer looks in the other direction, up the power continuum, he doesn't realize he's looking up. What he sees are merely weird languages. He probably considers them about equivalent in power to Blub, but with all this other hairy stuff thrown in as well. Blub is good enough for him, because he thinks in Blub." - Paul Graham