Oops, you're right. There are some bugs that cause the browser to leak if a page doesn't "clean up" before you leave the page, and those are bugs in the browser, but leaks-until-you-leave-the-page bugs are usually bugs in the pages.
Seems to me as if it might be specific websites you're visiting, sites that, for example, have javascript that's allocating and failing to deallocate memory. This is actually pretty common nowadays, since sites have started using Ajax; many web developers aren't accustomed to having to worry about memory management, and end up leaving references to XML objects sitting around so they're not garbage collected.
Or maybe they're just tired of working around bugs in web browsers.
That's bug 45375. Fixing it correctly (so tooltips not only aren't truncated, but wrap when they need to) apparently requires a scary change to XUL layout, which is the main reason it hasn't been fixed yet. It looks to me like it will be fixed in Gecko 1.9 (Firefox 3).
I think there are extensions you can use so you'll see a different kind of tooltip that doesn't suffer from the bug.
Assuming: * You're using Firefox 1.5 RC2 or RC3 rather than Firefox 1.0.x. * You understand that pop-ups that occur when you click in the content area cannot be blocked without breaking half of the web.
then the only bug I know about that you could be hitting is bug 313337. And fastclick is indeed taking advantage of that bug -- that's how I found out about it. I encourage you to check the site's code, though; if there are other ways for sites to get around pop-up blocking, we want to know about them.
Second the HTML specs do not say exactly how things should be rendered. This bug is open because it is some people are saying "I think the spec should work like this" where the spec does not absolute.
There isn't any serious disagreement over what the HTML spec says here. The reason it hasn't been fixed yet is that fixing it requires fixing bug 228673, which is in a fragile part of Mozilla's code (XUL layout) whose original authors have probably left the project. I see a patch and "[reflow-refactor]" in 228673, so it (and the tooltip problem it causes) will probably be fixed early in the Gecko 1.9 cycle for Firefox 3.0.
If you're going to copy information from The Burning Edge without attribution, at least get it right. You included several bugs that were only fixed on the trunk.
The Mozilla Foundation only enables IDN in Firefox for top-level domains that have good anti-spoofing policies:
"In order for us to display IDNs in a particular TLD, that registry concerned must have and keep a published policy stating which characters are permitted. If the set of characters contains pairs of homographic characters, the policy must specify a method to prevent two homographic domains being registered to different entities." (source)
Firefox also includes a small blacklist to prevent the worst kinds of spoofing (such as characters that look like slashes or spaces) in case a TLD registry screws up.
The buttons say things like "Get Firefox with Google Toolbar". If you're using IE and click, you get to download Firefox with the Google Toolbar. If you're already using Firefox and click one of those buttons, you get redirected to a page that lets you install just the Google Toolbar.
This will cost every Internet banking customer money, time, and convenience. (RSA fobs are not free; if your bank gave you one for free, it will have to pass the cost on to you in some way.) Meanwhile, it will not significantly reduce the impact of phishing or pharming attacks; it will just force attackers to use the information gleaned from such attacks before the fob's digits expire.
How about requiring banks to use https correctly, which would at least reduce the impact of pharming attacks?
The main reason we want you to register before filing a bug is so we can ask followup questions if we can't reproduce the bug. A secondary reason is that requiring registration decreases the number of bug reports where reporters don't bother spending the 2 minutes it takes to make a bug report useful.
Where "anything" is "any media player that uses DirectShow", such as Windows Media Player and WinAmp. VLC doesn't, which is often an advantage for VLC.
Without reading the article, I'd guess that the reporter decided to disclose the hole in IE quickly instead of giving Microsoft a month or two to fix it because the same hole was just fixed in Firefox and thus fresh in the mind of anyone who wanted to look for IE holes.
It is set to 2 by default in Firefox 1.5 Beta 1. Hopefully Macromedia will eventually release a version of Flash that plays nicely with Firefox's pop-up blocking so we aren't forced to choose between letting unrequested Flash pop-ups through and breaking links in Flash that open in a new window/tab.
It's possible that it has been made less annoying in 1.5, but it's definitely not fixed. Firefox still uses a single thread for layout and scripts in all tabs, and there are still circumstances under which layout or a script doesn't pause to let other events be processed by the main thread for a few seconds.
Slashdot Mirror
Oops, you're right. There are some bugs that cause the browser to leak if a page doesn't "clean up" before you leave the page, and those are bugs in the browser, but leaks-until-you-leave-the-page bugs are usually bugs in the pages.
Seems to me as if it might be specific websites you're visiting, sites that, for example, have javascript that's allocating and failing to deallocate memory. This is actually pretty common nowadays, since sites have started using Ajax; many web developers aren't accustomed to having to worry about memory management, and end up leaving references to XML objects sitting around so they're not garbage collected.
Or maybe they're just tired of working around bugs in web browsers.
That's bug 45375. Fixing it correctly (so tooltips not only aren't truncated, but wrap when they need to) apparently requires a scary change to XUL layout, which is the main reason it hasn't been fixed yet. It looks to me like it will be fixed in Gecko 1.9 (Firefox 3).
I think there are extensions you can use so you'll see a different kind of tooltip that doesn't suffer from the bug.
Firefox is already better than IE (unless you look at a lot of p0rn)
What advantages does IE have over Firefox when it comes to porn? Pornzilla's page about "Why Firefox is the best porn browser" lists some advantages Firefox has over IE, but I can't think of any advantages IE has over Firefox.
Assuming:
* You're using Firefox 1.5 RC2 or RC3 rather than Firefox 1.0.x.
* You understand that pop-ups that occur when you click in the content area cannot be blocked without breaking half of the web.
then the only bug I know about that you could be hitting is bug 313337. And fastclick is indeed taking advantage of that bug -- that's how I found out about it. I encourage you to check the site's code, though; if there are other ways for sites to get around pop-up blocking, we want to know about them.
Second the HTML specs do not say exactly how things should be rendered. This bug is open because it is some people are saying "I think the spec should work like this" where the spec does not absolute.
There isn't any serious disagreement over what the HTML spec says here. The reason it hasn't been fixed yet is that fixing it requires fixing bug 228673, which is in a fragile part of Mozilla's code (XUL layout) whose original authors have probably left the project. I see a patch and "[reflow-refactor]" in 228673, so it (and the tooltip problem it causes) will probably be fixed early in the Gecko 1.9 cycle for Firefox 3.0.
If you're going to copy information from The Burning Edge without attribution, at least get it right. You included several bugs that were only fixed on the trunk.
The Mozilla Foundation only enables IDN in Firefox for top-level domains that have good anti-spoofing policies:
"In order for us to display IDNs in a particular TLD, that registry concerned must have and keep a published policy stating which characters are permitted. If the set of characters contains pairs of homographic characters, the policy must specify a method to prevent two homographic domains being registered to different entities." (source)
Firefox also includes a small blacklist to prevent the worst kinds of spoofing (such as characters that look like slashes or spaces) in case a TLD registry screws up.
The buttons say things like "Get Firefox with Google Toolbar". If you're using IE and click, you get to download Firefox with the Google Toolbar. If you're already using Firefox and click one of those buttons, you get redirected to a page that lets you install just the Google Toolbar.
The grandparent is suggesting zealotry *against* a specific browser. Does that annoy you too?
Ka-Ping Yee also maintains a blog on the subject: usablesecurity.com.
Windows users can make the Firefox 1.5 prefs panel even more MacOS-like by toggling the following prefs in about:config:
browser.preferences.instantApply - apply prefs immediately, and show only a "Close" button instead of "OK" and "Cancel".
browser.preferences.animateFadeIn - resize the prefs window when you switch panes and use a quick fade-in animation
A while ago, I wrote a mostly useless extension that lets you toggle those two prefs without using about:config.
The changelog says there are no new features for extension developers, not that none of Firefox's internal APIs have changed in signature or behavior.
Flock's bookmark manager takes about 15 seconds to open for me, at least on Mac OS X. I have 1745 bookmarks.
Are you sure you're comparing Flock to the version of Firefox it was based on? I doubt Flock changed much core rendering code.
A criminal might find it easier to take a photograph of you than to steal your face.
This will cost every Internet banking customer money, time, and convenience. (RSA fobs are not free; if your bank gave you one for free, it will have to pass the cost on to you in some way.) Meanwhile, it will not significantly reduce the impact of phishing or pharming attacks; it will just force attackers to use the information gleaned from such attacks before the fob's digits expire.
How about requiring banks to use https correctly, which would at least reduce the impact of pharming attacks?
The main reason we want you to register before filing a bug is so we can ask followup questions if we can't reproduce the bug. A secondary reason is that requiring registration decreases the number of bug reports where reporters don't bother spending the 2 minutes it takes to make a bug report useful.
Where "anything" is "any media player that uses DirectShow", such as Windows Media Player and WinAmp. VLC doesn't, which is often an advantage for VLC.
After skimming that paper I'm even more convinced that it's a problem with IE and not with proxies / shared servers. What am I missing?
Without reading the article, I'd guess that the reporter decided to disclose the hole in IE quickly instead of giving Microsoft a month or two to fix it because the same hole was just fixed in Firefox and thus fresh in the mind of anyone who wanted to look for IE holes.
The randomly named profile directory is a security measure. Why does it make deployment harder?
It is set to 2 by default in Firefox 1.5 Beta 1. Hopefully Macromedia will eventually release a version of Flash that plays nicely with Firefox's pop-up blocking so we aren't forced to choose between letting unrequested Flash pop-ups through and breaking links in Flash that open in a new window/tab.
This is bug 40848, btw.
It's possible that it has been made less annoying in 1.5, but it's definitely not fixed. Firefox still uses a single thread for layout and scripts in all tabs, and there are still circumstances under which layout or a script doesn't pause to let other events be processed by the main thread for a few seconds.