A Bad Month for Firefox 195
marty writes "Februrary is not a good month for Mozilla developers. Infoworld reports about the efforts of Polish researcher Michael Zalewski, who apparently kept finding new vulnerabilities in the popular browser on a daily basis through the month, first postponing the 2.0.0.2 update, and then finding a remotely exploitable flaw in it immediately after its release."
Re:How is this bad? (Score:5, Informative)
Re:What's worse? (Score:5, Informative)
Re:Compelling reasons to switch to 2? (Score:5, Informative)
You're also missing the annoying UI design and worse performance.
I agree that the UI is not the most pretty thing ever envisioned (why does everyone go for ROUND shit now? let me guess, the UI designers have Macs) but performance wise it got better. also it's more stable and the integrated session management allows you to get rid of all the clunky extensions that tried to provide sessions (along with the kitchen sink)
there's also tabbed browsing improvements and other features. GP, check the changelogs.
Re:What's worse? (Score:3, Informative)
In the case of my patches, they were against [iirc] 2.6.18.2 not 2.6.19-rc2 or something. The last "." is supposed to be for incremental changes to reduce the time between major releases. It gives users a chance to try a work-in-progress kernel that has been through at least some testing. Otherwise, why even have the fourth level of releases?
That's not even close to correct. The last "." is so bug fixes can be added to a known stable branch. The shorter RC cycle (a month or two instead of a year or two) is what was supposed to reduce the time between major releases.
Re:No we're not (Score:5, Informative)
"Conclusion? Apache has predictably shown more vulnerabilities than IIS versions over the same time period"
Conclusion? Apache has predictably reported more vulnerabilities than IIS versions over the same time period
FYP
Re:Compare against the best. (Score:5, Informative)
I use Firefox and Opera on Windows, Safari on OSX, and I have occasionally used Konqueror, but I'll admit, not as frequently. However, I've never noticed a perceptible difference in speed or obvious bloat between Firefox, Opera, and Safari. "quite slow" and "extremely bloated" are obviously complete fabrications...
Re:How is this bad? (Score:5, Informative)
No. I would venture to say that most people here believe in giving Windows/IE/Java/Firefox devs a couple of weeks to fix a bug before going public. Coming up with a patch is the easy part. Any large project will need to look for related issues in the rest of the code, to do QA work to make sure the patch doesn't introduce new bugs or vulnerabilities, and to package the updates for all the different architectures and products that happen to be vulnerable. That process takes time; it is physically impossible for the Windows/IE/Java/Firefox team to release an update the same day you informed them about the issue. If you go public on the first day, you are just being an asshole.
That's a Live Bookmark (Score:2, Informative)
It's located in Bookmarks -> Bookmarks toolbar folder (at least on my installation), and in the bookmarks toolbar.
Re:WARNING: Firefox 1.5 vs. 2.0 :: Old vs. New (Score:3, Informative)
If you are using your Web browser to do critical jobs like online banking, you should continue to use the latest iteration of Firefox 1.5. The latest iteration is version 1.5.0.10. If you are still using Firefox 1.5, look under the "Help" option to find the option, "Check for Updates", which will enable your to upgrade to 1.5.0.10.
Don't you find your advice and your example conflicting. You're urging us to use the second-year release of Camry versus the third-year release.
Just because it was called "2.0" doesn't mean it's really that new compared to 1.5. In fact there were more changes to the core of Firefox between 1.0 and 1.5, than 1.5 and 2.0.
What you see are mostly changes on the surface: new (uglier) icons, new (uglier) tabs, couple of usability changes to the UI. The core is virtually unchanged (except the regular minor patches).
http://www.kb.cert.org/vuls/id/393921 is fixed!!!! (Score:2, Informative)
So maybe the post can be updated?
Slight correction (Score:5, Informative)
The remotely exploitable flaw, bug 371321, was reported at 5:35 pm (California time) on Thursday. We had been planning to release Firefox 2.0.0.2 on Friday morning. After some discussion, we decided to go ahead with the release and then follow up with a quick 2.0.0.3 once we had a patch for the newly discovered hole.
After releasing Firefox 2.0.0.2, we realized that bug 371321 didn't affect it, thanks to another patch that went into Firefox 2.0.0.2 for non-security reasons. So although we didn't know it at the time, we released a fixed version of Firefox about 16 hours after the most serious hole was reported.
The testcase in bug 371321 did lead to a fix for a similar bug that existed on trunk, though.