Firefox Updated to 1.0.4 454
Exstatica writes "Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously.
Update process... (Score:5, Interesting)
Re:Update process... (Score:5, Informative)
Re:Update process... (Score:3, Informative)
Re:Update process... (Score:3, Informative)
It wouldn't, but we wouldn't be able to try the *new* update system until we upgrade to 1.1 (with the new update system) and *then* get 1.1.1.
Re:Update process... (Score:3, Interesting)
It's in the details (Score:3, Informative)
As for your observation regarding the red flag, I believe The Mozilla Foundation had disabled that feature on the website because of one of the critical flaws now fixed.
-clueless
(I need to create a login here, or did I do it previously?)
Re:It's in the details (Score:2, Insightful)
Re:It's in the details (Score:3, Funny)
Then why aren't you using IE?
Re:It's in the details (Score:3, Insightful)
The Buddha says there is no you and there is no me, only "us".
How to trigger the update (Score:2, Informative)
Not very easily accessible, but at least its there :)
Re:Update process... (Score:5, Interesting)
I find it very strange that the people I have converted (mostly not too tech-savvy) to using Firefox, still have to make re-installs themselves.
Re:Have they fixed the memory leaks too? (Score:2)
Quick and serious on security (Score:5, Interesting)
Re:Quick and serious on security (Score:5, Insightful)
Hopefully the mainstream news sources I saw will report this just as they reported the problem. I'm not holding my breath though.
Re:Quick and serious on security (Score:3, Funny)
They don't get advertisers by saying "you are safe". All they are interested in is headlines like "A new insideous threat could be killing all your children today! Tune in tonight to hear all about it."
Re:Quick and serious on security (Score:5, Informative)
A good, accurate followup to their original "Critical flaws found in Firefox" [bbc.co.uk] story
Re:Quick and serious on security (Score:2, Insightful)
Yes, but ... (Score:5, Insightful)
Rule #1: doesn't matter how fast you output a security update, if it's not being installed.
Unfortunately it's not enough for an update to _exist_.
Re:Yes, but ... (Score:5, Insightful)
Personally, instead of displaying the tiny unobtrusive update indicator as it currently does, I would love see Firefox do something like change the window color to red and display a system message dialog stating the problem with a link to the update. Maybe a good compromise?
Re:Yes, but ... (Score:3, Insightful)
Now I consider my knowledge of computers and software as advanced, but I'm definately not an expert. I found the interface to be less friendly than IE and trying to change options was a chore. Also, until 3 days ago, I didn't know how to automatically update Firefox until I saw someone mention clicking the red arrow on the top right portion of the window. Now, I had gone to mozilla.org and downloaded the latest versions on my own, but this was a hassle. And if "I" didn't know about the auto-update, my grandmother, parents, sister, brother, and a few friends I've turned to Firefox are not going to know either.
Sometimes reading through
Re:Not the concept but the implementation (Score:3, Informative)
As I am not a regular Mac OSX user, I am curious on how that platform handles updates.
Your wish is my command...
OS X 10.3 has a panel in System Preferences where you can choose how often to check for updates (defaults to weekly on a fresh install, IIRC.) It also has the option to automatically download "important" updates in the background - this usually corresponds to security-related fixes and point-point releases. There's also a "Check now" button, and the Apple (system) menu has a direct link to this preference panel.
Feedback is in the form of a window which pops up when updates are available, with a listing of all available updates also telling you whether a patch is going to force you to reboot. You use checkboxes to select downloads. You also get a brief description of what the fix does (that's usually pretty much useless, though.) I don't know if the automatic download feature gives feedback to the user as I don't use it.
Most, if not all applications from Apple are included in this "Software Update" utility. I'm not aware of any other vendor delivering updates through this route.
Re:Yes, but ... (Score:3, Interesting)
Point taken, but let's bear in mind that this POC can't evolve into a worm. It can't even evolve into an exploit now that the only site on the default whitelist no longer exists.
That's why they didn't put out a stop-gap fix release at the beginning of the week--the threat had passed completely.
Firefox developers got lucky this time--they could remove the threat with a simple server-side modification. With most vulnerabilities of this severity, that's not an option.
Re:Yes, but ... (Score:3)
True. But it's also not enough for a bug to exist either. It has to be _exploitable_.
Re:Yes, but ... (Score:4, Insightful)
The fact that Firefox security updates don't automatically install unless you notice and click on that red arrow in the upper right corner pretty much guarantees that a large fraction of copies will remain unpatched. When I've visited people for whom I installed Firefox 1.0 when it came out, I've noticed that none of them have noticed the red update icon or updated Firefox on their own.
If users have to go and get updates, many machines will remain vulnerable to security holes.
Already upgraded (Score:5, Interesting)
Re:Already upgraded (Score:2)
Re:Already upgraded (Score:3, Interesting)
It has reportedly sometimes the bad effect that the red update arrow stays red forever.
Re:Already upgraded (Score:3, Informative)
Dude at work (Score:5, Funny)
Re:Dude at work (Score:2)
Re:Dude at work (Score:5, Funny)
That's like somebody seeing you kissing and saying "You can get diseases from that", yet they themselves are in a sexual relationship with somebody who is highly promiscuous with junkies.
Vulnerabilities everywhere. (Score:4, Funny)
hmmm... (Score:3, Informative)
Re:hmmm... (Score:3, Insightful)
FireFox right out of the box proved to be a pretty solid browser (they had the chance to learn lessons from those browsers that came before). And when an issue does come up the take it seriously and try to fix it promptly.
I'd not only argue FireFox will never be IE (of a year or two ago), but I'd also bet IE (of today) will never be IE (of a year or two ago). XP SP2 had a lot of fixes and MS$ has been much more both pro-active and reactive about security (thanks to the kick in the pants from FireFox).
Please put down your torches and pitch-forks
That is however one of the issues with MS$. They have soooo much going on, there are times when a product (IE) will be such a low priority these things can happen. Over the last few years MS$ has been working on high-priority tasks like (new VS.NET, new SQL Server, XP SP2, and Longhorn) just to name a few. With those big core company projects happening, IE kind of fell through the cracks since they felt un-touchable in the browser market. Luckily, FireFox came around and woke them up. If you use IE or not, for the good of everyone it is good to see they have woken up a bit and lets hope it never happens again!
Re:hmmm... (Score:3, Insightful)
Wait... IE is a major Windows app. Why was there no dedicated development group working on it as a matter of course?
Oh yeah. MS stops important development on applications once they have no competition...
Mozilla Suite updated as well (Score:5, Informative)
Re:Mozilla Suite updated as well (Score:5, Funny)
Re:Mozilla Suite updated as well (Score:5, Funny)
Re:Mozilla Suite updated as well (Score:3, Funny)
Re:Mozilla Suite updated as well (Score:3, Insightful)
Re:Mozilla Suite updated as well (Score:3, Funny)
Wheres my arrow? (Score:2)
Re:Wheres my arrow? (Score:3, Informative)
I dunno..
---
telnet://sinep.gotdns.com [gotdns.com] -- Telegard BBS -- Enjoy!
Mirrors (Score:5, Informative)
And while you're at it don't forget those extensions:
FoxyTunes: http:www.iosart.com/foxytunes/firefox/ [iosart.com]
AdBlock: http://adblock.mozdev.org/ [mozdev.org]
Or you can just go get more at: update.mozilla.org [slashdot.org]
Happy Browsing!
Locales (Score:2, Informative)
Unfortunately there's no British English version of 1.0.4 yet.
It'll appear in the list of locales here [149.174.36.116] when it's ready, but it looks like we limeys are stuck with 1.0.3 (or speaking American English) until then.
Re:Locales (Score:5, Funny)
Re:Locales (Score:3, Funny)
Re:Locales (Score:3, Funny)
All that was left was "Fonts & Colors" (whatever they are).
In reality, I never once noticed I had the english version until I just went and checked.
Re:Locales (Score:2, Funny)
Re:Locales (Score:2)
Impressive (Score:5, Interesting)
Re:Impressive (Score:3, Funny)
probably because I have been such a fan of Mozilla
Wow, aexe crashes explorer when viewed accross SMB share (Score:2, Interesting)
I wildly guess it's a race condition or something arising from reading the embedded icon resourse as that doesn't show? No I don't really have a clue what causes it.
All machines are fully patched W2K, thank buddha for memory sticks!
c'mon! Let's break some FF extensions! (Score:3, Interesting)
Extension authors can't keep up.
Mozilla Update is slow to update itself.
and Users like me are left looking to google for help.
Silly me thought Mozilla Update there to centralized things.
Re:c'mon! Let's break some FF extensions! (Score:2)
Re:c'mon! Let's break some FF extensions! (Score:3, Informative)
extensions.disabledObsolete = false
Regards,
Steve
Re:c'mon! Let's break some FF extensions! (Score:2, Informative)
Language Not Available!! (Score:2, Funny)
Re:Language Not Available!! (Score:5, Funny)
That would solve both problems.
Re:Language Not Available!! (Score:2)
sounds like a downgrade to me , you lot keep removing letters from words or as i like to call them features.. for example
colour = color
maths = math
aluminium = aluminum
(/joke)
Good, but I wish there was remote updating (Score:5, Interesting)
Re:Good, but I wish there was remote updating (Score:2)
A sane OS should do that through a package manager. You can do that easily on any Linux distro without needing any specific support in the application.
I suppose there must be something like that for Windows.
Re:Good, but I wish there was remote updating (Score:3, Informative)
Yeah, and Firefox is released in this package format already -- MSI [wikipedia.org].
I'm pretty sure they have at least networking support enough to solve his problems of updating 100+ individual installs.
Re:Good, but I wish there was remote updating (Score:5, Informative)
Regards,
Steve
Re:Good, but I wish there was remote updating (Score:2)
Middle click new tab on Mac (Score:3, Interesting)
Re:Middle click new tab on Mac (Score:5, Funny)
Re:Middle click new tab on Mac (Score:3, Informative)
bugzilla.mozilla.org/show_bug.cgi?id=151249
Amazingly fast response (Score:5, Interesting)
Will someone please... (Score:2)
Re:Will someone please... (Score:2, Insightful)
But you're willing to download it from any source as you're requesting a torrent, which can contain a "modified" version ?
I fail to see the logic... I'd advise you to wait till you can download it from the main mirrors.
'all javascript vulnerabilities'? (Score:3, Insightful)
Bleeding edge (Score:5, Informative)
Re:Bleeding edge (Score:2)
The browser is much smother , the middle mouse buttons works for things like auto scroll , open in a new tab and close tabs.
Also the menu interface has been redone and is far more hetrogeneous to the os X enviroment.
I tried out 1.0.4 and the mac problems above seemed not to be fixed so the nightly builds do provide a far more comfertable browsing experiance on os X
In related news... (Score:5, Funny)
Firefox speed..... (Score:3, Interesting)
The more I use it, the longer this actions takes. It doesn't matter if I clear cache and cookies, un-install plugins, or just plain uninstall and reinstall the browser.
Is it simply the newer versions that cause it to load so slowly? My roommate has the same problem. Is anyone else experiencing this and is there an answer?
Responses greatly appreciated. Thanks.
Re:Firefox speed..... (Score:3, Informative)
Firefox - 38meg
avengine - 22meg (antivirus)
IExplore - 11 meg
outlook - 9meg
winword (with doc loaded) - 3.8 meg
excel (with sheet loaded) - 2.8 meg
IE + Outlook + Word + Excel Firefox
This is obviously some strange usage of the word "tiny" that I was previously unaware of.
(Mandatory hitchhikers referance)
I run O&O defrag as well and it constantly keeps my drive defragged in the background. Even with a fragged up swapfile, 512 meg of ram keeps that from being an issue.
When speaking of features, nothing beats firefox. When speaking of stability and mem usage, it's not worth the hype.
0.9 whooped major butt. I had NO problems.
1.0 crashed and the mem usage became as issue
from there it's just gotten worse.
So basically I can use 0.9 and love it to death but be subject to security issues just like IE or I can keep it upgraded and secure and put up with crashes and lockups. How does that make this a superior product?
Re:Firefox speed..... (Score:3, Insightful)
avengine - 22meg (antivirus)
IExplore - 11 meg
When speaking of stability and mem usage, it's not worth the hype.
Ummm... right. Now count the memory usage of all the DLLs IE requires which are loaded into memory as part of Windows (after all, it is embedded). That 11MB does not include that. Once you factor that in, I'd wager it is much closer to the Firefox footprint.
1.0 crashed and the mem usage became as issue
And as for stability... I can't tell you the last time an official release of Firefox crashed on me. I find that most people with crashing issues have done something fucked up to their system.
Just my opinion.
Re:Firefox speed..... (Score:3, Insightful)
1. What version of Firefox?
2. Any Firefox extensions installed?
3. Did you start with a clean profile, or import an old one?
4. Did you install Firefox into a clean directory, or was it into an existing directory?
5. Are you running any network security software?
6. Is your company using a firewall/filtering device on the network?
And that is just preliminary questions regarding software/networking. Other things to check include motherboard firmware updates, memory tests, etc. Often programs will use the same areas of memory and you'll run into strange problems due to bad memory modules.
The problem is not just some firefox stability issue, since I use it all the time and it is rock solid. This implies something is different about your system that is causing the instability, or it could be a bug rendering whatever page you were on that it hung on, but if this is a continual crashing problem, I am guessing the former.
As for the memory, not five minutes ago I just had nothing open but the download window. Out of curiosity, I checked the mem usage on firefox.exe, to find that it was 69MB physical/81MB VM. That's just way, way too much, especially since it's just downloading one file.
My primary response to this is, memory is cheap and abundant nowadays. However, it likely wasn't using 69MB of memory just to download a file. Presumably you had been browsing quite a bit before hand, and things are cached in memory.
Like it or not, browsers are huge, complex programs that allow you to browse huge, complex data mines, and they require many resources. Just because IE hides its usage well doesn't mean anything.
news? (Score:5, Insightful)
Why is this news? Does this mean that every time firefox decides to update, it should be front page news? Can't you (slashdot) create a seperate field where the latest versions of popular products are announced? Like:
product | version | last update
firefox | 1.0.4 | today
Re:news? (Score:4, Insightful)
I saw many IT magazines, mostly targeted at management, with significant space (even a few covers) devoted to the exploit. It is an example of the Firefox (and Mozilla) team's committment that a patch came out so quickly. This is very important, as it shows open source products can compete in the very tough browser market.
The progress of Firefox is now being watched by many - opponents and supporters alike. Firfox is under the spotlight and responding the serious issues - especially security, which has plagued IE - is crucial for the browser's future success. This is more about PR and brand recognition than security.
Doing the .exe shuffle (Score:4, Informative)
The only pain comes when firefox is updated... it leaves the firefox2.exe executable from the previous installation, and adds the new firefox.exe to the install folder. It then becomes a dumb little task to update all the icons and shortcuts scattered about my system.
Wish there was some way to specify, during install, the resulting executable name. Of course, I have to be one of the maybe twenty people in the world who needs this, so maybe it's not worth the miniscule bloat.
Re:Doing the .exe shuffle (Score:3, Interesting)
Meanwhile Microsoft's Patch Yesterday (Score:3, Informative)
leaves several vulnerabilities at LEAST as serious as the Firefox ones open UNTIL NEXT MONTH!
Who said something about "time to patch" favoring MS?
Firefox: vulnerabilities announced Monday.
Patched by Thursday morning.
Microsoft: vulnerabilities announced months ago.
Patched - "Next month - maybe".
Additionally interresting informations (Score:4, Informative)
May sound like it suck... if you don't know that the whole XUL thing (basically everything in firefox but the Gecko engine itself: interface, extensions, userscripts,
Mozilla. k Thanks (Score:3)
Re:Many Eyes ? (Score:5, Insightful)
Oh, and hats off to the Firefox devs for the scorching turnover on this flaw. When Firefox 1.1 comes out (with its more diff-style updated) the process will be even more streamlined and painless.
Re:Many Eyes ? (Score:2, Interesting)
This sounds suspiciously like flamebait.
Re:Great (Score:2, Insightful)
Until Firefox has an upgrade mechanism that doesn't feel like extracting teeth, the Microsoft approach, regrettably is going to win out.
-Steve
Re:Great (Score:3)
Comment removed (Score:2)
Re:One of the reasons i use Firefox. (Score:5, Interesting)
I switched to Firefox because I was sick of using IE. Ever since I've switched, AdAware has found ZERO spyware/malware incidents!
To IE's meager defense, I'm sure there might have been a setting somewhere that might have tightened up the holes, but switching to Firefox has been easier. Plus, I'm addicted to the tabbed browing.
Re:FF - starting to feel like IE (Score:2)
Re:IE still #1 a-ok (Score:2)
Re:IE still #1 a-ok (Score:3, Informative)
IE doesnt support xhtml atall, and only manages to render an approximation of it when you set the mime type to incorrectly identify it as html.
Also, you are more vulnerable to cross site scripting attacks when using ie.. mozilla will correctly url-encode requests, while ie will not.. therefore when the server returns the data, it will be url-encoded and mozilla won't accept any malicious html tags.. Also mozilla actually supports HTTP (ie doesnt, heres why) and uses the mime-type to work out how it should render a file.. ie on the other hand ignores it (the HTTP rfc 2616 states that any tool supporting http will use the mime type if one is present) so if an error is returned as text/plain and contains html tags, ie will render the html tags (leading to possible malicious code or cross site scripting etc) whereas mozilla will render it as plain text like it should.
Re:IE still #1 a-ok (Score:4, Interesting)
Re:IE still #1 a-ok (Score:3, Interesting)
Please do pay a visit to the CSS Zen Garden [csszengarden.com] and compare IE renderings to FF renderings.
the Special Effects Designs [mezzoblue.com] are the most interresting ones in terms of IE sucking badly, BTW...
Comment removed (Score:2)
Re:IE still #1 a-ok (Score:4, Insightful)
Of course, there were settings you could change that would fix that. They were in Advanced>Settings>Options>Burning>Defaults>Input. You just had to uncheck "Always burn with error correction (may cause some discs to burn slower)" which simply fixed the garbled data, and "Always burn with high-precision laser" (so you don't get coasters). Checking those 2 boxes results in the application working perfectly every time.
Would anyone use that? No! People would laugh it off and comment on just how stupid it is. Why IE gets a free pass for almost the same transgressions is beyond me. Oh, wait, no it isn't -- it's because people started using it years ago and are afraid of changing to something better because it's "different." "I've already got those boxes checked."
Re:IE still #1 a-ok (Score:5, Funny)
Boy, I cannot agree with you more. If you have half a clue, then IE is easy to make secure. I just went into Tools - Internet Options and set the Security policy to Restricted Sites, turned on popup blocking (after I obviously installed SP2), set my Privacy level to High (because everyone except an idiot knows this is how to disable Cookies), and then installed all the hot fixes from MS. If you are too lazy to maintain your software properly then you shouldn't even have a computer. Just get a Mac or something.
It's like all those people who complain about safety problems in cars. My Pinto is safer than almost every car out there. All that with almost zero risk of theft. I strapped some padding onto the rear bumper and put some steel reinforcement plating around the gas tank. There is almost no risk to myself or my passengers of a ruptured fuel tank, all because I took the time to fix an inherent problem in the design of the ... wait .... err ... I gotta go.