Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 3.5.1 Released

Posted by timothy on from the dot-oh-always-begs-for-fixes dept.

alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"

18 of 147 comments (clear)

  1. slow start for _some_ by asa · · Score: 4, Informative

    Your post says "but also fixes the annoying slow-startup on Windows." which suggests that all Windows users were experiencing slow starts. That's not the case at all. It was only a small fraction of users affected by the now fixed issue. And for the record, the security flaw was already fixed, even before it was lifted from our bug database and turned into a public exploit. It just takes a few days to get everything in order for a release to users.

    1. Re:slow start for _some_ by BadAnalogyGuy · · Score: 4, Funny

      slow start for _some_. Miniature Type-R stickers for others.

    2. Re:slow start for _some_ by ahecht · · Score: 4, Interesting

      NSS (Network Security Services) 3.12.3 is using IE temporary internet files to generate seeds. Sounds thoroughly stupid to me, as it means that if you never use Internet Explorer, your cryptographic seeds won't change. How about using the process list or something not Hard Drive dependent to generate the seeds instead?

    3. Re:slow start for _some_ by ahecht · · Score: 5, Informative

      On further study, it NSS DOES use process IDs and many, many other factors to generate the seeds. Searching the additional file locations ("C:\Documents and Settings\*user*\Local Settings\History", "C:\Documents and Settings\*user*\Local Settings\Temporary Internet Files", "C:\Documents and Settings\*user*\My Recent Documents", "C:\Documents and Settings\*user*\Temp\", "Recycle Bin", and "Network Neighborhood") were added because some older OSs (Win2k and WinCE) didn't have strong enough build-in pseudo-random number generators.

      This patch changed NSS to use the built-in PRNG in Windows XP and up which uses "process ID and thread ID, the system clock, the system time, the system counter, memory status, free disk clusters, andthe hashed user environment block".

    4. Re:slow start for _some_ by klui · · Score: 4, Informative

      OS dependent. They coded for the case where Windows CE/2000 did not have a certain call and they wanted to get good entropy for their RNG in NSS. https://bugzilla.mozilla.org/show_bug.cgi?id=501605

  2. Re:FROSTY PISS by basementman · · Score: 5, Funny

    So what your saying is Microsoft could fix all of their problems by changing the color of the screen?

    --
    A Magic the Gathering Article and Forum Aggregator
  3. Good. by xlotlu · · Score: 4, Insightful

    Now I can re-enable TraceMonkey and slashdot will be fast again... sorta.

  4. Re:I'd fix bugs and contribute quality code by koreaman · · Score: 4, Interesting

    You should try fixing some bugs in Sunbird, if Mozilla interests you but the hugeness of Firefox is intimidating. I was able to contribute code (granted, only two lines) to Sunbird that fixed a real live bug, and I was in high school at the time.

    --
    Le français vous intéresse?
  5. Re:Blue screen by EsbenMoseHansen · · Score: 4, Informative

    Actually, the linux blue screen of death is blinking of 2 (or is it three?) of the keyboard leds. Though support for blue screen of death is coming, by the name of kernel mode-settting. It is pretty rare, though.

    Lockups I have seen, too, in both linux and windows. Lots of cases is hardware problems, but your problem sounds like a driver issue. Using proprietary drivers, perhaps?

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  6. Re:I'd fix bugs and contribute quality code by EsbenMoseHansen · · Score: 4, Informative

    Here, let me click on the top link for "firefox build instructions" in google: simple firefox build. Looks pretty standard to me. Tests, if there are any, are usually automated or findable by a similar exercise.

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  7. Re:Someone tell Canonical. by xaxa · · Score: 4, Informative

    I installed it ages ago:

    aptitude install firefox-3.5

    http://packages.ubuntu.com/search?searchon=names&keywords=firefox-3.5

  8. Re:Blue screen by Zancarius · · Score: 4, Interesting

    Lockups I have seen, too, in both linux and windows. Lots of cases is hardware problems, but your problem sounds like a driver issue. Using proprietary drivers, perhaps?

    This is true. I've had my share of complete freezes under Linux. Ironically though, SSH access to the box still typically works and I can kill X if ctrl+alt+backspace doesn't work. It's rare to have a freeze that completely evicts all sense of response from the system (though I've had this happen before).

    Interestingly, the last unusual behavior I had under Linux was when a video card blew 4 out of 7 or 8 capacitors. That was a real treat.

    --
    He who has no .plan has small finger. ~ Confucius on UNIX
  9. Re:FROSTY PISS by Opportunist · · Score: 5, Funny

    Make it black and hope people just think they accidently turned their computer off.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Google Gears disabled again?! by sakis · · Score: 5, Insightful

    Kind of offtopic, but by upgrading to FF 3.5.1, Google Gears is again disabled. Why did Google allowed it to be compatible with only 3.5.0?!

  11. Re:Blue screen by msuarezalvarez · · Score: 4, Insightful

    Ironically though, SSH access to the box still typically works...

    That is not ironic: it is good design...

  12. Re:Blue screen by TheLink · · Score: 4, Insightful

    > Still pretty annoying but as you say you can usually recover by killing and restarting X.

    a) If you are a "Desktop Linux" user running actual Desktop applications, that means you lose most of your unsaved work (if there is a way to not lose the unsaved work, please let me know).
    b) If you use X as just a way to run screen/vi/emacs and browsers, then you are less affected.

    Basically if I let my mom/uncle/aunt use "Desktop Linux" and X locks up, it's effectively as bad as a BSOD for them.

    Saying X freezing is not a problem since you can usually recover by killing and restarting it is like saying that Windows 95 is stable as long as you regularly shutdown/exit to dos and type win to restart it[1].

    [1] you could actually do that in the old days of Win 95 :).

    --
  13. Re:version numbers by Rhapsody+Scarlet · · Score: 4, Informative

    Going by previous versions of firefox, shouldn't it be 3.5.0.1 rather than 3.5.1?

    Mozilla decided to simplify that with Firefox 3 (note that the upcoming security release for Firefox 3 is 3.0.12, not 3.0.0.12). Exactly why they used four numbers in the first place is something I don't know, it seems it started with Firefox 1.5. I know that one advantage touted of XPCOM was the ability to easily make incremental updates, so maybe there was a plan for a Firefox 1.5.1 and 1.5.2 (with the final number for each being used for security updates). Of course that would've been complicated and silly, so it seems the plan was abandoned and the version number compacted.

  14. Re:FROSTY PISS by Anonymous Coward · · Score: 5, Funny

    Make it black and hope

    Obama-mode