Firefox Updated to 1.0.4

Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.

hmmm...

[prophetmike]

Firefox 1.0.4 was posted sometime between 11 and 11:30PM last night EST. I got it about 11:40 :D (Yes, geek alert) That aside, with all of these newfound vulnerabilities popping up so often, could Firefox become (later down the line) the new Internet Explorer? May seem highly unlikely now.. but as the New York Lottery says... "Hey, you never know."

Mozilla Suite updated as well

[iamjoltman]

It should be noted that the Mozilla Suite has also relased an update, 1.7.8.

Mirrors

[bunburyist]

Mozilla.org will probably get hammered!! Here's a google cache of the Firefox Mirror List [64.233.183.104]

And while you're at it don't forget those extensions:

FoxyTunes: http:www.iosart.com/foxytunes/firefox/ [iosart.com]

AdBlock: http://adblock.mozdev.org/ [mozdev.org]

Or you can just go get more at: update.mozilla.org [slashdot.org]

Happy Browsing!

Re:Update process...

[iamjoltman]

I believe that a patch update system will be implemented starting with Firefox 1.1

Locales

[bjprice]

Unfortunately there's no British English version of 1.0.4 yet.

It'll appear in the list of locales here [149.174.36.116] when it's ready, but it looks like we limeys are stuck with 1.0.3 (or speaking American English) until then.

Re:Wheres my arrow?

[michrech]

I don't know this as fact, but I think it is all in what time your browser checks for updates. I can't tell for sure, but I think it is set to do a random check (mayhapps it even checks every so many days and yours is still not showing an update as others are because you installed so many days after they did)...

I dunno..

---
telnet://sinep.gotdns.com [gotdns.com] -- Telegard BBS -- Enjoy!

It's in the details

[Anonymous Coward]

You can check for updates from Tools>Options>Advanced>Software Updates. If you use some themes, e.g. Littlefox, there is a button next to the Firefox home page 'circle' that you can click to check for updates.

As for your observation regarding the red flag, I believe The Mozilla Foundation had disabled that feature on the website because of one of the critical flaws now fixed.

-clueless

(I need to create a login here, or did I do it previously?)

How to trigger the update

[MikkoApo]

Menu > Tools > Options > Advanced > Software Update > Click Check Now

Not very easily accessible, but at least its there :)

Bleeding edge

[imipak]

Although I've been an enthusiastic mozilla/firefox user & supporter since the late 90s (yes I was browsing with a 'naked' gecko control, HA! :P) I was surprised to find I'd lost track of development to the extent that I didn't realise the trunk builds have a much more up-to-date gecko engine. The gecko in the 1.0.x series (inc. 1.0.4) are a year old! Those users who prefer livin' on the edge might prefer to get a faster, smaller, much less memory-leaky build from: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nigh tly/latest-trunk/ [mozilla.org]

Re:Update process...

[barryman_5000]

Reading some of the blogs on planet.mozilla.org states just that. Lots of tiny nifty features are supposedly going to be making it into 1.1 (the back/forward cache should make my 1 sec wait non-existent now!).

Re:c'mon! Let's break some FF extensions!

[LnxAddct]

about:config
extensions.disabledObsolete = false
Regards,
Steve

Re:Good, but I wish there was remote updating

[LnxAddct]

As a system admin for your company, you should use a msi package [sourceforge.net], but if for some reason you can't, firefox's installer can be fully scripted by simply passing it some args and turning on the quiet switch(or invisible or something switch, you'll have to look it up).
Regards,
Steve

Re:c'mon! Let's break some FF extensions!

[DarkAvZ]

Here's why (right from the release notes [mozilla.org]):

When you upgrade to a new version of Firefox all of your Extensions and Themes will be disabled until Firefox determines that either a) they are compatible with the new release or b) there are newer versions available that are compatible. This is because Firefox changes from release to release and as such the ways in which some extensions integrate changes, meaning there can be problems when running an older extension with a newer version of Firefox. If you find that your favorite Extension or Theme has not been updated to be compatible with this release of Firefox, write the author and encourage them to update it.

Re:Good, but I wish there was remote updating

[Jugalator]

I suppose there must be something like that for Windows.

Yeah, and Firefox is released in this package format already -- MSI [wikipedia.org].

I'm pretty sure they have at least networking support enough to solve his problems of updating 100+ individual installs. :-o

Re:Quick and serious on security

[hkmwbz]

"These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work!"

If I am not mistaken, they have been working on this for longer than that. Some moron announced the flaws while Mozilla were busy fixing them, thereby putting users at risk.

So I don't think they actually fixed it and got a release out in three days.

Re:Update process...

[Rauser]

Also, if you notice a small green or red arrow icon in the upper left corner of the window (next to the Firefox homepage icon) you can just click on that arrow to launch the Firefox Update process.

Re:IE still #1 a-ok

[Bert64]

Renders sites better? Actually IE renders sites very badly, the fact that some sites depend on ie's buggy rendering is disturbing enough. Firefox will render any site closer to what the site's html/xml code is specifying.
IE doesnt support xhtml atall, and only manages to render an approximation of it when you set the mime type to incorrectly identify it as html.
Also, you are more vulnerable to cross site scripting attacks when using ie.. mozilla will correctly url-encode requests, while ie will not.. therefore when the server returns the data, it will be url-encoded and mozilla won't accept any malicious html tags.. Also mozilla actually supports HTTP (ie doesnt, heres why) and uses the mime-type to work out how it should render a file.. ie on the other hand ignores it (the HTTP rfc 2616 states that any tool supporting http will use the mime type if one is present) so if an error is returned as text/plain and contains html tags, ie will render the html tags (leading to possible malicious code or cross site scripting etc) whereas mozilla will render it as plain text like it should.

Re:Already upgraded

[kbrosnan]

There is a flag variable in about:config 'app.update.updatesAvailable' that gets set to true. The notification would have gone away on its own in about a day when Firefox checked for updates.

Re:Firefox speed.....

[gothzilla]

memory usage:
Firefox - 38meg
avengine - 22meg (antivirus)
IExplore - 11 meg
outlook - 9meg
winword (with doc loaded) - 3.8 meg
excel (with sheet loaded) - 2.8 meg
IE + Outlook + Word + Excel Firefox

This is obviously some strange usage of the word "tiny" that I was previously unaware of.
(Mandatory hitchhikers referance)

I run O&O defrag as well and it constantly keeps my drive defragged in the background. Even with a fragged up swapfile, 512 meg of ram keeps that from being an issue.

When speaking of features, nothing beats firefox. When speaking of stability and mem usage, it's not worth the hype.

0.9 whooped major butt. I had NO problems.
1.0 crashed and the mem usage became as issue
from there it's just gotten worse.

So basically I can use 0.9 and love it to death but be subject to security issues just like IE or I can keep it upgraded and secure and put up with crashes and lockups. How does that make this a superior product?

Re:Middle click new tab on Mac

[kbrosnan]

Middle click won't ever work on a 1.0.x release. You will need to wait until the 1.1 release. It was fix on the trunk by bug 151249.

bugzilla.mozilla.org/show_bug.cgi?id=151249

Re:Will someone please...

[Anonymous Coward]

I would get a torrent. Then check the md5 sum. Simple and efficient.

Doing the .exe shuffle

[carambola5]

I can't run the executable "firefox.exe" at work because it "has been disabled by the administrator." Solution? Rename to firefox2.exe.

The only pain comes when firefox is updated... it leaves the firefox2.exe executable from the previous installation, and adds the new firefox.exe to the install folder. It then becomes a dumb little task to update all the icons and shortcuts scattered about my system.

Wish there was some way to specify, during install, the resulting executable name. Of course, I have to be one of the maybe twenty people in the world who needs this, so maybe it's not worth the miniscule bloat.

Meanwhile Microsoft's Patch Yesterday

[Master of Transhuman]

leaves several vulnerabilities at LEAST as serious as the Firefox ones open UNTIL NEXT MONTH!

Who said something about "time to patch" favoring MS?

Firefox: vulnerabilities announced Monday.
Patched by Thursday morning.

Microsoft: vulnerabilities announced months ago.
Patched - "Next month - maybe".

Re:Update conflicting with my firewall?

[Anonymous Coward]

You probably need to go into your firewall settings and configure it to allow the new executable to access the net. Norton will see this as a different program and AFAIK each application specifically needs to be granted access with NIS.

Additionally interresting informations

[masklinn]

It should be noted that 1.0.4 also features a JS bugfix which hastes said JS execution by around 20%.

May sound like it suck... if you don't know that the whole XUL thing (basically everything in firefox but the Gecko engine itself: interface, extensions, userscripts, ...) is pure Javascript.

Re:Quick and serious on security

[Hungry Student]

I would've shared your cynicism had I not just logged onto the BBC news website and seen their Latest News ticker show the words "The makers of Firefox say the two flaws in the open source browser have been fixed.", linking to this story of theirs [bbc.co.uk], posted at 17:01BST, 16:01GMT.

A good, accurate followup to their original "Critical flaws found in Firefox" [bbc.co.uk] story

Re:Not the concept but the implementation

[mbaciarello]

As I am not a regular Mac OSX user, I am curious on how that platform handles updates.

Your wish is my command...

OS X 10.3 has a panel in System Preferences where you can choose how often to check for updates (defaults to weekly on a fresh install, IIRC.) It also has the option to automatically download "important" updates in the background - this usually corresponds to security-related fixes and point-point releases. There's also a "Check now" button, and the Apple (system) menu has a direct link to this preference panel.

Feedback is in the form of a window which pops up when updates are available, with a listing of all available updates also telling you whether a patch is going to force you to reboot. You use checkboxes to select downloads. You also get a brief description of what the fix does (that's usually pretty much useless, though.) I don't know if the automatic download feature gives feedback to the user as I don't use it.

Most, if not all applications from Apple are included in this "Software Update" utility. I'm not aware of any other vendor delivering updates through this route.

Technically oriented?

[Propaganda13]

Yeah, it's real hard to click next.

I think a lot of people are like me. They installed Firefox and maybe an extension or two. I didn't read anything, and didn't notice the arrow until the last /. article. I know the basics of a web browser, and look through the menu for the options, other than that I didn't care to investigate further.

Re:Update process...

[sik0fewl]

It wouldn't, but we wouldn't be able to try the *new* update system until we upgrade to 1.1 (with the new update system) and *then* get 1.1.1.

Re:Good, but I wish there was remote updating

[Anonymous Coward]

If you happen to be running Active Directory or SMS, you can always just download the MSI version of Firefox to deploy to all your workstations from a central server.
You can download them here at http://www.zettaserve.com/ [zettaserve.com]
And of course, it is free :)
The MSI of Firefox 1.0.4 should be out in a few hours.