Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 3.5.1 Released

Posted by timothy on from the dot-oh-always-begs-for-fixes dept.

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

26 of 147 comments (clear)

  1. slow start for _some_ by asa · · Score: 4, Informative

    Your post says "but also fixes the annoying slow-startup on Windows." which suggests that all Windows users were experiencing slow starts. That's not the case at all. It was only a small fraction of users affected by the now fixed issue. And for the record, the security flaw was already fixed, even before it was lifted from our bug database and turned into a public exploit. It just takes a few days to get everything in order for a release to users.

    1. Re:slow start for _some_ by BadAnalogyGuy · · Score: 4, Funny

      slow start for _some_. Miniature Type-R stickers for others.

    2. Re:slow start for _some_ by ahecht · · Score: 4, Interesting

      NSS (Network Security Services) 3.12.3 is using IE temporary internet files to generate seeds. Sounds thoroughly stupid to me, as it means that if you never use Internet Explorer, your cryptographic seeds won't change. How about using the process list or something not Hard Drive dependent to generate the seeds instead?

    3. Re:slow start for _some_ by ahecht · · Score: 5, Informative

      On further study, it NSS DOES use process IDs and many, many other factors to generate the seeds. Searching the additional file locations ("C:\Documents and Settings\*user*\Local Settings\History", "C:\Documents and Settings\*user*\Local Settings\Temporary Internet Files", "C:\Documents and Settings\*user*\My Recent Documents", "C:\Documents and Settings\*user*\Temp\", "Recycle Bin", and "Network Neighborhood") were added because some older OSs (Win2k and WinCE) didn't have strong enough build-in pseudo-random number generators.

      This patch changed NSS to use the built-in PRNG in Windows XP and up which uses "process ID and thread ID, the system clock, the system time, the system counter, memory status, free disk clusters, andthe hashed user environment block".

    4. Re:slow start for _some_ by klui · · Score: 4, Informative

      OS dependent. They coded for the case where Windows CE/2000 did not have a certain call and they wanted to get good entropy for their RNG in NSS. https://bugzilla.mozilla.org/show_bug.cgi?id=501605

  2. Re:FROSTY PISS by basementman · · Score: 5, Funny

    So what your saying is Microsoft could fix all of their problems by changing the color of the screen?

    --
    A Magic the Gathering Article and Forum Aggregator
  3. Good. by xlotlu · · Score: 4, Insightful

    Now I can re-enable TraceMonkey and slashdot will be fast again... sorta.

  4. Re:I'd fix bugs and contribute quality code by koreaman · · Score: 4, Interesting

    You should try fixing some bugs in Sunbird, if Mozilla interests you but the hugeness of Firefox is intimidating. I was able to contribute code (granted, only two lines) to Sunbird that fixed a real live bug, and I was in high school at the time.

    --
    Le français vous intéresse?
  5. Re:Blue screen by EsbenMoseHansen · · Score: 4, Informative

    Actually, the linux blue screen of death is blinking of 2 (or is it three?) of the keyboard leds. Though support for blue screen of death is coming, by the name of kernel mode-settting. It is pretty rare, though.

    Lockups I have seen, too, in both linux and windows. Lots of cases is hardware problems, but your problem sounds like a driver issue. Using proprietary drivers, perhaps?

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  6. Re:I'd fix bugs and contribute quality code by EsbenMoseHansen · · Score: 4, Informative

    Here, let me click on the top link for "firefox build instructions" in google: simple firefox build. Looks pretty standard to me. Tests, if there are any, are usually automated or findable by a similar exercise.

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  7. Re:Someone tell Canonical. by xaxa · · Score: 4, Informative

    I installed it ages ago:

    aptitude install firefox-3.5

    http://packages.ubuntu.com/search?searchon=names&keywords=firefox-3.5

  8. Re:Someone tell it to Canonical. by Eighty7 · · Score: 3, Informative

    https://launchpad.net/~fta/+archive/ppa

    Just add the fta repository & install "firefox-3.5". They even link to a mozilla daily build repository if that's your thing.

  9. Re:Blue screen by Zancarius · · Score: 4, Interesting

    Lockups I have seen, too, in both linux and windows. Lots of cases is hardware problems, but your problem sounds like a driver issue. Using proprietary drivers, perhaps?

    This is true. I've had my share of complete freezes under Linux. Ironically though, SSH access to the box still typically works and I can kill X if ctrl+alt+backspace doesn't work. It's rare to have a freeze that completely evicts all sense of response from the system (though I've had this happen before).

    Interestingly, the last unusual behavior I had under Linux was when a video card blew 4 out of 7 or 8 capacitors. That was a real treat.

    --
    He who has no .plan has small finger. ~ Confucius on UNIX
  10. Re:FROSTY PISS by Opportunist · · Score: 5, Funny

    Make it black and hope people just think they accidently turned their computer off.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. Google Gears disabled again?! by sakis · · Score: 5, Insightful

    Kind of offtopic, but by upgrading to FF 3.5.1, Google Gears is again disabled. Why did Google allowed it to be compatible with only 3.5.0?!

  12. Re:Blue screen by msuarezalvarez · · Score: 4, Insightful

    Ironically though, SSH access to the box still typically works...

    That is not ironic: it is good design...

  13. problem? by shacky003 · · Score: 3, Funny

    "...fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!" Much like the memory leak to nowhere, It wasn't a problem - it was a feature!

  14. Re:Someone tell it to Canonical. by Anonymous Coward · · Score: 3, Informative

    Ubuntu uses update-alternatives to select between different packages providing the same functionality

    to see which browsers are installed:

    update-alternatives --list x-www-browser

    to select firefox-3.5:

    update-alternatives --set x-www-browser /usr/bin/firefox-3.5

  15. Re:Blue screen by TheLink · · Score: 4, Insightful

    > Still pretty annoying but as you say you can usually recover by killing and restarting X.

    a) If you are a "Desktop Linux" user running actual Desktop applications, that means you lose most of your unsaved work (if there is a way to not lose the unsaved work, please let me know).
    b) If you use X as just a way to run screen/vi/emacs and browsers, then you are less affected.

    Basically if I let my mom/uncle/aunt use "Desktop Linux" and X locks up, it's effectively as bad as a BSOD for them.

    Saying X freezing is not a problem since you can usually recover by killing and restarting it is like saying that Windows 95 is stable as long as you regularly shutdown/exit to dos and type win to restart it[1].

    [1] you could actually do that in the old days of Win 95 :).

    --
  16. Re:version numbers by Rhapsody+Scarlet · · Score: 4, Informative

    Going by previous versions of firefox, shouldn't it be 3.5.0.1 rather than 3.5.1?

    Mozilla decided to simplify that with Firefox 3 (note that the upcoming security release for Firefox 3 is 3.0.12, not 3.0.0.12). Exactly why they used four numbers in the first place is something I don't know, it seems it started with Firefox 1.5. I know that one advantage touted of XPCOM was the ability to easily make incremental updates, so maybe there was a plan for a Firefox 1.5.1 and 1.5.2 (with the final number for each being used for security updates). Of course that would've been complicated and silly, so it seems the plan was abandoned and the version number compacted.

  17. Re:FROSTY PISS by Anonymous Coward · · Score: 5, Funny

    Make it black and hope

    Obama-mode

  18. Firefox 3.5.1 released by Anonymous Coward · · Score: 3, Insightful

    so can anyone tell me why Firefox felt like it had to scan my hard drive in the first place? i had it set to delete history on exit. why then did it feel like it had to go looking in *other* programs' folders for history files?

  19. gpg: Note: This key has expired! by Anonymous Coward · · Score: 3, Interesting

    gpg --verify "Firefox Setup 3.5.1.exe.asc"
    gpg: Signature made 07/15/09 19:56:19 using DSA key ID 17785FE8
    gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
    gpg: Note: This key has expired!
    Primary key fingerprint: 8D6F 1BA4 A340 4DDB 3F2F  D080 7447 4499 8123 47DD
         Subkey fingerprint: 3338 E6BA FF10 3B3D A6A9  E424 B57B 5484 1778 5FE8

  20. Green and red indicators of death by tepples · · Score: 3, Funny

    So what your saying is Microsoft could fix all of their problems by changing the color of the screen?

    Microsoft tried that twice on the Xbox 360, and people continued to complain about the red ring of death (general hardware failure) and the green screen of death (E74 error).

  21. Does it finally have paste and go? by Snaller · · Score: 3, Interesting

    I mean, I've given up on scaling fonts lager on the fly (as opposed to zoom), but how about 'paste and go' for urls - like opera has had for years (and now chrome)

    --
    If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
  22. Re:Blue screen by geekboy642 · · Score: 3, Insightful

    tee? Really? What the hell sort of DESKTOP APPLICATIONS produce all of their output on the terminal? OpenOffice? GIMP? KMail? GVim?

    No, the only solution is the Jesus rule. Save your files. Save them early, save them often. Not just because the system is going to crash, but because you never know when the power will fail, lightning will strike, or a cow-orker will trip over your power cord.

    --
    Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio