Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thunderbird 2.0 Alpha 1, Firefox 1.5.0.5 Available

Posted by ryuzaki0 on from the yay-for-mythical-creatures dept.

nuyorker and hdm wrote to mention the new releases for Thunderbird and Firefox. hdm writes "This release of Firefox fixes 12 security holes, many of which can be used to execute malicious code. The Browser Fun project has provided an online demonstration of one of these flaws. This demonstration is capable of executing code on Windows, Linux, and both architectures of the Mac OS X platform; you're going to want to upgrade today!"

30 of 164 comments (clear)

  1. Available? by fyrie · · Score: 5, Informative

    As in pushed out to you without asking you first. That was quite the surprise.

    1. Re:Available? by Anonymous+Crowhead · · Score: 5, Informative

      You can turn off auto updating in your prefs if you want.

      Preferences > Advanced > Update tab.

      Yeah, that kind of annoyed me the first time, but in retrospect it is good for the general public to have automatic be on by default.

    2. Re:Available? by smitingpurpleemu · · Score: 3, Insightful

      Yes, this smacks of what M$ does with its automatic update service and can be a privacy issue. But if they don't do this, the update will have a much smaller adoption rate and since they disclosed what security bugs they fixed, the hackers can easily exploit them on unpatched versions, of which there will be a greater percentage because people are lazy and don't update.

  2. Memory features by end15 · · Score: 3, Insightful

    Does anyone know if this latest release has gotten rid of some of the memory "features" that I've come to love in Firefox. I don't know what I would do if they got rid of them (other than have a smaller page file ;). Thanks!

    --
    All glory to the Hypnotoad!
    1. Re:Memory features by Durrok · · Score: 2, Informative

      Extensions: adblock, ietab, tabx, tabbrowser preferences, adblock filterset, flashblock, disable targets for dls, blockfall, and cards.

      Closed out of all tabs and was still at 60MB. Opened a new tab and closed the /. one, 50MB. Restarted firefox, 21MB. Went straight from plain text work page to /., this article, and replied to your post, 25MB.

      Time to go searching for those FF tweaking options again...

      --
      I keep telling myself I'm not the desperate type.
  3. Re:So much for security... by Kesch · · Score: 5, Insightful

    Security holes were found. Security holes were fixed. I don't see a lack of attention to security.

    --
    If this signature is witty enough, maybe somebody will like me.
  4. Re:So much for security... by hritcu · · Score: 3, Interesting

    Probably this is a more general issue than just security. They should take the whole testing process more serious. Having millions of users it is not enough to ensure product quality, even if it helps to some extent.

    --
    If you don't fail at least 90 percent of the time, you're not aiming high enough. (Alan Kay)
  5. Finally! by angrytuna · · Score: 4, Informative

    I have really been waiting for this build of Thunderbird. It finally includes message tagging, which is something that I've been wanting natively in Thunderbird for a long time. Tagging now also apparently works with IMAP connections, although at least some users are having some problems with that feature. (Bug #344290).

    --

    It is a solemn thought: dead, the noblest man's meat is inferior to pork.

  6. Re:So much for security... by numatrix · · Score: 2, Funny

    Aww, you must feel so left out. How about the memory corruption bug instead which neither Firefox nor IE suffered from. Feel better now?

  7. Re:So much for security... by Sycraft-fu · · Score: 4, Interesting

    But that's what people give MS shit for, finding and fixing security holes. The attitude is that, had there been better design, the holes would not have existed in the first place. I've often seen it preached that OSS doesn't have the same problems since many eyes look at it and thus find all the bugs. That is, of course, not the case. I think the GP was simply pointing that out. some people feel like running Firefox is a magical security shield, that it doesn't have problem. Well, it does, they just don't seem to be getting exploited before there's a chance to fix them.

    Of course one has to wonder what will happen as it becomes more popular. Plenty of people installed it before it started auto updating. Not too long ago I came across a grad student's laptop that was still running a pre 1.0 version. They figured they were safe and there was no reason to update since what they had worked.

  8. about:config by The+MAZZTer · · Score: 2, Informative

    URL: about:config, filter for: memory, adjust relevant options. -1 for capacity indicates automatic.

  9. Re:And for those less on the bleeding edge... by mordors9 · · Score: 2, Informative

    Heh, since Patrick V. got it out on Slackware yesterday, I guess you must be talking about it.... finally Slackware considered bleeding edge....

  10. Re:Hardened seems to block it by Shawn+is+an+Asshole · · Score: 2, Informative

    The online update only works if you use the offical binaries. Also, your user account has to have write access to the installation directory (or do it as root, but you should never run a browser as root).

    --
    "It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
  11. a problem with firefox installs by doom · · Score: 4, Interesting
    Would anyone want to hear a semi-relevant complaint about Firefox? There's some major suckage in the installer as far as Linux is concerned. If you make the mistake of trying to put the new version of firefox where the existing version is, it's entirely too easy to end up blowing away an entire directory -- e.g. your "/usr/bin".

    Try to imagine writing a shell script that would cheerfully do a cd /usr/bin; rm *. Can you? Now look at this bug report: bug 234479

    One of the programmers (Andrew Schultz) can't imagine any way of dealing with version skew problems outside of completely erasing the installation directory in order to start from scratch.

    1. Re:a problem with firefox installs by ZorbaTHut · · Score: 2, Interesting

      That's a good point. I'll install Firefox into /usr/local/bin instead. I'm sure that won't delete any important files.

      The problem isn't "it deletes files when you install it into /usr/bin". The problem is "it deletes files that it has no business deleting". It's a reasonably common mistake that never takes more than a few days to get fixed once it's reported. Except, apparently, in this case.

      --
      Breaking Into the Industry - A development log about starting a game studio.
    2. Re:a problem with firefox installs by gatzke · · Score: 3, Informative

      I personally like to install firefox / mozilla / whatever in /usr/local/application or /opt/application and include version numbers

      /opt/mozilla-1.3

      /opt/mozilla-1.4

      /opt/mozilla-1.5.2

      So you get the old version installed and kept as well.

      Then I get into /usr/bin and soft link the application there

      cd /usr/bin
      ln -s /opt/mozilla-1.5.2/bin/mozilla ./mozilla

      Sometimes I keep the old version as a softlink as well

      ln -s /opt/mozilla-1.4/bin/mozilla ./mozilla.old

    3. Re:a problem with firefox installs by John.Thompson · · Score: 3, Informative

      There's an installer for linux? :-)

      Seriously, I just use the tarball. I unpack it, then "mv firefox firefox-1.5.0.5" and "ln -s firefox-1.5.0.5 firefox" so that I retain the old installation (just in case) and automatically point users to the new location. Before I update I just have to delete the sym-link before unpacking the tarball.

  12. Re:So much for security... by Pneuma+ROCKS · · Score: 2, Insightful
    But that's what people give MS shit for, finding and fixing security holes.

    Uhh... no. People give MS shit for finding and not fixing security holes. Since we're talking about browsers, I give you IE6, which hasn't received a serious overhaul in over half a decade and has proved to be an extremely insecure application.

    Microsoft has a history of leaving known (as in having exploits in the wild) security flaws unpatched. Some argue they do this because hackers can then reverse-engineer patches and create exploits of the bugs, but that logic is a bit dubious to me. If your software has security problems, they should be addressed. Period. And this is exactly what Mozilla does.

    About your last point, that's one of the key improvements in version 1.5. Updates are downloaded and installed automatically. Users will be up to date unless they specifically set it otherwise. Users of previous versions still have to upgrade manually, but I think in time most will.

    --
    Favorite quote: "
  13. Still not fixed. by werdnapk · · Score: 2, Interesting

    I have version 1.5.0.5 installed on my windows machine and the online demo still crashes my browser. I will await version 1.5.0.6. :)

  14. Re:So much for security... by Omestes · · Score: 5, Insightful

    Actually people complain about MS finding and then NOT fixing security holes. Look at the update record of their browser, compaired to FF, Firefox has about a week to a month fix rate, MS has about 1 year to never fix rate. People also complain that IE is UNFIXABLE due to its dependance on Active-X, which basically gives malware a pass to the kernel.

    Firefox finds bug, fixes bug, no news here.

    I really have no qualms about Firefox fixing a bug, it shows that their on it. Nobody claims that OSS is bug free, or security risk free, since this is impossible, from closed or open software. Code is a complex beast, like the hydra, you chop off one bug/security hole, and you probably open up more. That is intrinsic in coding, and design. The difference is the flexability of OSS, where bugs are easily seen, and easily remedied.

    When the market share hits critical mass, things should get fun, though. But the openess of OSS still will keep it from reaching IE proportions. And shame on those who think that Firefox = security, the internet is still a bad place, no matter what you run. Good software is no substitute for intelligence, ever.

    --
    A patriot must always be ready to defend his country against his government. -edward abbey
  15. Firefox Portable 1.5.0.5 & 2.0 b1: Works on US by CritterNYC · · Score: 3, Informative

    Portable Firefox is now Mozilla Firefox - Portable Edition (or, Firefox Portable among friends) and a new version has been released. This new version sports some handy new features, including: CD support (aka Firefox Portable Live), partial update support, in-place upgrade support, full compatibility with Wine running on your favorite *nix distro, and more. It's available in three different versions: 1.5.0.5 for everyday use, 2.0 Beta 1 for testing the latest Firefox beta and 1.0.8 for web developers to test pages against. Full details are on the Firefox Portable Release Page.

    --
    Portable versions of Firefox, GIMP, LibreOffice, etc
  16. It was NOT 1 day! by SirTalon42 · · Score: 2, Insightful
    No, if you go to the ZDI link at the bottom it shows you this:

    Disclosure Timeline:

    2006.06.16 - Vulnerability reported to vendor
        2006.07.25 Vulnerability information provided to ZDI security partners
        2006.07.26 - Digital Vaccine released to TippingPoint customers
        2006.07.26 - Coordinated public release of advisory


    So it was REPORTED to Mozilla on the 16th. Mozilla ANNOUNCED it on the 25th. Sorry it wasn't one day. Still kicking the crap out of IE updates... but thats not saying much.
  17. I was going to post earlier... by Urtica+dioica · · Score: 4, Funny

    but my Firefox crashed. :(

  18. Re:thank goodness by ScislaC · · Score: 2, Funny

    Hmmm... I think that pr0n link is broken.

    --
    ART on dA
  19. Re:You know it's true. by Teckla · · Score: 4, Insightful
    Ugh. Security holes? Malicious code? I knew there was a reason I switched to Firefox. This just proves IE is worthless. Oh wait, this is about firefox? Ummm... Hooray! Firefox is even more secure now!

    First, whoever rated you insightful should never be allowed to moderate again. Sheesh. You're trolling, pure and simple.

    Second, Microsoft makes one billion dollars in profit every month. In my opinion, they should be held to a higher standard.

    Third, you're grossly misrepresenting most Firefox users, who don't expect Firefox to be perfect.

    Fourth, Firefox is a safer browser to browse the web with, whether you like it or not.

  20. Firefox 1.5.0.6 quick release to fix streaming bug by colfer · · Score: 2, Insightful

    Looks like Firefox 1.5.0.6 will be released very quickly to fix a bug in some streaming media links in 1.5.0.5. Specifically, Windows Media ".wmv" when called using "mms://", maybe real using "rm://", does not work. Breaks streamining video links on http://mlb.com/ Release candidates for Firefox 1.5.0.6 are already on the way.

  21. Firefox ? How about Seamonkey? by Kanasta · · Score: 2, Interesting

    Wonder why Seamonkey gets close to nil attention here, thinking ./ users would want the extra functionality/control of Seamonkey over FF's pretty face.

    ALways wonder why if both use Gecko, FF supports horizontal scrolls while SM doesn't. Plus touchpad zoom 'just works' in FF and even IE, and 'just doesn't' in SM.

  22. Very Deja Microsoft experience by redtail · · Score: 3, Interesting

    Just the other day I updgrade to 1.5 so I can use an extention. Unknow to me that turns on automatic updates. Turn my box on today and am told update is ready. Grumble, OK. Enter endless loop of Firefox unable to complete update (because I don't run as admin). Can't EVEN LOG OFF. Have to kill firefox from process list. I guess I'll run IE for an hour to feel better about Firefox again.

    --
    Redtail
  23. tbird - LDAP still lacking MAJOR feature by dino213b · · Score: 2, Interesting

    After reading the 'what's new' for the a-release and its bug fixes, it still boils down to one thing: Thunderbird still can't let you add address book records using LDAP. I was hoping this issue would get resolved soon enough but no dice. Someone, PLEASE tell me how wrong I am. I beg you!

    This is frustrating because in my experience, Outlook is such an irrational piece of software when it comes to IMAP/LDAP and Thunderbird (to me anyway) only provides a superior IMAP portion. Still does wonders for me but how would a small office synchronize their address book otherwise?

    Luckily there is a Thunderbird plugin that performs that trick by using regular files -- SyncMab.

  24. C - Cyclone by John+Nowak · · Score: 2, Interesting

    When are we going to stop writing large programs in C? For small things where potability is critical and lines of code are low, C can be a good choice for a certain class of application where low-level access and/or high efficiency is needed. However, with something massive like Firefox, it isn't possible to keep tabs on things. The result is a number of security holes surfacing constantly -- Not an ideal situation. Why not move to a more secure language like Cyclone? Programmer portability in such a situation is high and entire classes of bugs would disappear. The performance penalty would be minimal.

    Why aren't more people using such language? Why not use Cycling, or even higher level languages where they can reduce lines of code and keep things more maintainable in less performance critical sections? I can only attribute it to laziness and blubism:

    "As long as our hypothetical Blub programmer is looking down the power continuum, he knows he's looking down. Languages less powerful than Blub are obviously less powerful, because they're missing some feature he's used to. But when our hypothetical Blub programmer looks in the other direction, up the power continuum, he doesn't realize he's looking up. What he sees are merely weird languages. He probably considers them about equivalent in power to Blub, but with all this other hairy stuff thrown in as well. Blub is good enough for him, because he thinks in Blub." - Paul Graham