Firefox 3.5.1 Released

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

slow start for _some_

[asa]

Your post says "but also fixes the annoying slow-startup on Windows." which suggests that all Windows users were experiencing slow starts. That's not the case at all. It was only a small fraction of users affected by the now fixed issue. And for the record, the security flaw was already fixed, even before it was lifted from our bug database and turned into a public exploit. It just takes a few days to get everything in order for a release to users.

Re:slow start for _some_

[ahecht]

On further study, it NSS DOES use process IDs and many, many other factors to generate the seeds. Searching the additional file locations ("C:\Documents and Settings\*user*\Local Settings\History", "C:\Documents and Settings\*user*\Local Settings\Temporary Internet Files", "C:\Documents and Settings\*user*\My Recent Documents", "C:\Documents and Settings\*user*\Temp\", "Recycle Bin", and "Network Neighborhood") were added because some older OSs (Win2k and WinCE) didn't have strong enough build-in pseudo-random number generators.

This patch changed NSS to use the built-in PRNG in Windows XP and up which uses "process ID and thread ID, the system clock, the system time, the system counter, memory status, free disk clusters, andthe hashed user environment block".

Re:slow start for _some_

[klui]

OS dependent. They coded for the case where Windows CE/2000 did not have a certain call and they wanted to get good entropy for their RNG in NSS. https://bugzilla.mozilla.org/show_bug.cgi?id=501605

Re:Blue screen

[EsbenMoseHansen]

Actually, the linux blue screen of death is blinking of 2 (or is it three?) of the keyboard leds. Though support for blue screen of death is coming, by the name of kernel mode-settting. It is pretty rare, though.

Lockups I have seen, too, in both linux and windows. Lots of cases is hardware problems, but your problem sounds like a driver issue. Using proprietary drivers, perhaps?

Re:I'd fix bugs and contribute quality code

[EsbenMoseHansen]

Here, let me click on the top link for "firefox build instructions" in google: simple firefox build. Looks pretty standard to me. Tests, if there are any, are usually automated or findable by a similar exercise.

Re:Someone tell Canonical.

[xaxa]

I installed it ages ago:

aptitude install firefox-3.5

http://packages.ubuntu.com/search?searchon=names&keywords=firefox-3.5

Re:Someone tell it to Canonical.

[Eighty7]

https://launchpad.net/~fta/+archive/ppa

Just add the fta repository & install "firefox-3.5". They even link to a mozilla daily build repository if that's your thing.

Re:Someone tell it to Canonical.

Ubuntu uses update-alternatives to select between different packages providing the same functionality

to see which browsers are installed:

update-alternatives --list x-www-browser

to select firefox-3.5:

update-alternatives --set x-www-browser /usr/bin/firefox-3.5

Re:version numbers

[Rhapsody+Scarlet]

Going by previous versions of firefox, shouldn't it be 3.5.0.1 rather than 3.5.1?

Mozilla decided to simplify that with Firefox 3 (note that the upcoming security release for Firefox 3 is 3.0.12, not 3.0.0.12). Exactly why they used four numbers in the first place is something I don't know, it seems it started with Firefox 1.5. I know that one advantage touted of XPCOM was the ability to easily make incremental updates, so maybe there was a plan for a Firefox 1.5.1 and 1.5.2 (with the final number for each being used for security updates). Of course that would've been complicated and silly, so it seems the plan was abandoned and the version number compacted.