Firefox 3.5.1 Released 147
alek writes "A day after Slashdot reports about a self-inflicted vulnerability in Firefox 3.5, Mozilla releases 3.5.1. It addresses that security issue, but also fixes the annoying slow-startup on Windows. Bummer the UNIX wars have subsided, because apparently they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"
I'd fix bugs and contribute quality code (Score:2, Informative)
Re:I'd fix bugs and contribute quality code (Score:5, Interesting)
You should try fixing some bugs in Sunbird, if Mozilla interests you but the hugeness of Firefox is intimidating. I was able to contribute code (granted, only two lines) to Sunbird that fixed a real live bug, and I was in high school at the time.
Re:I'd fix bugs and contribute quality code (Score:5, Informative)
Here, let me click on the top link for "firefox build instructions" in google: simple firefox build [mozilla.org]. Looks pretty standard to me. Tests, if there are any, are usually automated or findable by a similar exercise.
Re: (Score:3, Interesting)
That's cute, but missing the point.
The majority of us use Windows, and will therefore probably want to develop on that platform.
If you read the Windows section of the page you linked to, the very first line is "Building on 64-bit Windows does not seem to be supported."
If you read the rest, you get told about using Visual Studio Express Editions and Windows SDKs, but as anyone who's tried it will know, just finding and installing the right SDKs there can be tricky. (Microsoft's own web site had links to an o
Re: (Score:3, Insightful)
The majority of us use Windows, and will therefore probably want to develop on that platform.
Right...
Seriously, if you think this is a "simple" build procedure that's going to get casual volunteers contributing small fixes, you're not part of the solution, you're part of the problem.
All that proprietary closed-source software required to build Open Source software (any software, really). Difficult to obtain, difficult to install and difficult to configure.
It sounds like Windows is the problem. All of
Re: (Score:2)
It sounds like Windows is the problem.
Bull. I've been developing software on Windows for years, and the build process required for any project I've set up consists of running one script.
The recurring problem I've encountered is all these "open" projects that have a convenient build process on exactly one platform and require jumping through crazy hoops to build anything else. (For the record, those requiring Cygwin to do anything on Windows are the most tragic cases of this disease.) Volunteers aren't as likely to help such a project as one whe
Re: (Score:2)
So you Windows guys need to get together and submit some patches to make building things easier on Windows. The primary development environments for most FOSS projects are on FOSS platforms, not Windows.
You can't complain when you are given something for free.
Re: (Score:2)
You can't complain when you are given something for free.
We seem to have drifted off-track a bit. I'm not complaining about something I'm given for free. I'm just explaining why many volunteers find it difficult to contribute in the manner you suggest.
The primary development environments for most FOSS projects are on FOSS platforms, not Windows.
And I imagine that will remain the case as long as the people who set up the projects only value having a good process on the FOSS platforms, which is regrettable given the number of keen folks running on other platforms who might be willing and able to offer help if there wasn't such a high wall to climb first.
Re: (Score:2)
litmus [mozilla.org]
mozilla qa [mozilla.org]
Both seams simple but time consuming but i don't think they need to be done in one sitting (unless you are on the nighties), unfortunately Linux x86_64 only has nighties.
p.s does anybody know a good way to update firefox (mozilla builds) as launching it as root isn't great and the idea of installing a webbrowser somewhere it can update itself is retarded.
Re: (Score:2)
Er... what's so bad about installing it to /home/yourusernamehere/bin?
Re: (Score:3, Interesting)
If there is a browser/extention (they run at browser level)/plugin(yes even a flash or adobe exploit) or other program vulnerability they can perminantly modify your firefox binary to execute whatever code they want. In addition to having your user account, where all your data is, completely owned, no OS has a particularly good record on preventing malicious binaries from getting root (ubuntu with sudo is particularly bad as it can just request permisions just after you grant another process root using sudo
Re: (Score:2)
Presumably you'd need to at least be capable of building software before the maintainers would trust your bugfixed code...
For example, the linux kernel is a lot easier to compile than contribute to.
Re: (Score:1, Funny)
slow start for _some_ (Score:5, Informative)
Re:slow start for _some_ (Score:4, Funny)
slow start for _some_. Miniature Type-R stickers for others.
Re: (Score:2)
Was it OS dependent, or hardware dependent?
I had the issue in winxp 32bit sp3.
Re: (Score:2)
Was it OS dependent, or hardware dependent?
I had the issue in winxp 32bit sp3.
Beats me - but I don't have it on that OS. It still takes 2 seconds to start.
Re: (Score:2, Informative)
It was user situation dependent. Firefox was reading all of a user's temp files to seed its RNG or something along those lines so if you had a lot of large temp files your startup time would be quite large.
Regardless, it still takes 5x Chrome's startup time with the fix so... peh.
5 times 0 is still 0 (Score:1, Redundant)
Regardless, it still takes 5x Chrome's startup time with the fix so... peh.
It's true. ;-)
Re: (Score:3, Insightful)
Re: (Score:2)
Several seconds is not a problem; I never ran into this because my temp directories and stuff are cleaned up often and the issue seems to occur only after a cold boot (I may be mistaken about this latter part). So my startup times are 5 secs or so since I hardly turn off my machine.
But others were waiting for minutes, 1-4 minutes for some. Pretty annoying if I were hit with those times. I think these individuals had hundreds of MB for their IE cache and their temp folders were large as well.
Re: (Score:2)
Re:slow start for _some_ (Score:5, Informative)
Re: (Score:3, Interesting)
Re:slow start for _some_ (Score:5, Interesting)
NSS (Network Security Services) 3.12.3 is using IE temporary internet files to generate seeds. Sounds thoroughly stupid to me, as it means that if you never use Internet Explorer, your cryptographic seeds won't change. How about using the process list or something not Hard Drive dependent to generate the seeds instead?
Re:slow start for _some_ (Score:5, Informative)
On further study, it NSS DOES use process IDs and many, many other factors to generate the seeds. Searching the additional file locations ("C:\Documents and Settings\*user*\Local Settings\History", "C:\Documents and Settings\*user*\Local Settings\Temporary Internet Files", "C:\Documents and Settings\*user*\My Recent Documents", "C:\Documents and Settings\*user*\Temp\", "Recycle Bin", and "Network Neighborhood") were added because some older OSs (Win2k and WinCE) didn't have strong enough build-in pseudo-random number generators.
This patch changed NSS to use the built-in PRNG in Windows XP and up which uses "process ID and thread ID, the system clock, the system time, the system counter, memory status, free disk clusters, andthe hashed user environment block".
Re: (Score:1, Insightful)
And what should he have written instead of "It addresses that security issue"? "It contains the security fix that already existed but wasn't until now ready for a release to users"? Ugh.
Re: (Score:3, Informative)
Re: (Score:2)
Firefox has a healthy eating mode?
Re: (Score:2)
I can have a project loaded and be ssh'd into my server before the damn thing even starts up. Ridiculous.
You must have tiny-ass projects. Or maybe you're using VS 6.0. My anectotal experience does not match yours.
Good. (Score:5, Insightful)
Re: (Score:2)
HP.com (Score:2)
they also had to fix a problem where Firefox on a Sparc platform would crash when visiting www.hp.com!"
Anyone that sees a downside to not accessing hp.com must not use NoScript.
Holy negatives Batman! (Score:3, Funny)
"Now correct me if I'm incorrect, but was I told it's untrue that people in Springfield have no faith? Was I not misinformed?"
Re: (Score:2)
I have an HP laptop, and I need to visit HP for drivers and such. Luckily, HP's website mostly works without JS most of the time. Some features, however, absolutely require it (like live chat.) Getting HP support through chat is marginally less frustrating than having to do it on the phone in most cases.
Google Gears disabled again?! (Score:5, Insightful)
Kind of offtopic, but by upgrading to FF 3.5.1, Google Gears is again disabled. Why did Google allowed it to be compatible with only 3.5.0?!
Re: (Score:2, Insightful)
Perhaps their time machine isn't working and they couldn't check that future releases worked, and decided it was safer to only support version of Firefox they're sure about. You can always wait, if it's important for you, or upgrade then downgrade again if you didn't want to check first and have to have it working for you. It's better than the alternative - Google allowing what is essentially an untested upgrade.
Re: (Score:2)
Nice article on how to do this here [mozillazine.org]
Re: (Score:3, Informative)
Becuase Gears uses low-level binary hooks (e.g. completely replacing the Firefox HTTP cache with its own) and presumably doesn't want to worry about your browser crashing due to a code change on the Firefox end?
And from Unix wars... (Score:2, Funny)
Re: (Score:2)
Isn't that OS X?
BSD isn't dead heck it has overtaken Linux by strides and is a serious contender to windows. Just just downplay the BSD roots of the OS.
Great... (Score:1)
Great. Iceweasel 3.5 just entered Debian Experimental... I'll likely have to continue to run with jit off for another month.
[/ half joking ]
problem? (Score:3, Funny)
version numbers (Score:1)
Re:version numbers (Score:5, Informative)
Going by previous versions of firefox, shouldn't it be 3.5.0.1 rather than 3.5.1?
Mozilla decided to simplify that with Firefox 3 (note that the upcoming security release for Firefox 3 is 3.0.12, not 3.0.0.12). Exactly why they used four numbers in the first place is something I don't know, it seems it started with Firefox 1.5. I know that one advantage touted of XPCOM was the ability to easily make incremental updates, so maybe there was a plan for a Firefox 1.5.1 and 1.5.2 (with the final number for each being used for security updates). Of course that would've been complicated and silly, so it seems the plan was abandoned and the version number compacted.
Yet more links to IE (Score:1)
Re: (Score:2, Interesting)
If you think that is bad enough, just use Process Explorer and click on Firefox.exe in the process list. You'll be extremely saddened by all the IE-specific nonsense that Firefox apparently is now reliant on.
Firefox even decides to load driver files (.dll files and others) for Windows services I specifically have disabled.
Firefox, do you honestly need to start winspool.drv, dnsapi.dll, rasadhlp.dll, rasapi32.dll, ieframe.dll, ieframe.dll.mui, etc? Really? Even with the associated services disabled? When the
Re: (Score:2)
Thanks for mentioning all the Windows .dll's that firefox-3.5+ is now loading. Means I wont be installing it at all and will simply have to suffer from IE8 on Win7-RC.
As a Gentoo user, I'm even finding that the only time I use Firefox is to access Google and a couple of other sites that have flash games I play, otherwise it's Konqueror all the way for me since it's faster.
Firefox 3.5.1 released (Score:3, Insightful)
so can anyone tell me why Firefox felt like it had to scan my hard drive in the first place? i had it set to delete history on exit. why then did it feel like it had to go looking in *other* programs' folders for history files?
Re: (Score:2)
why then did it feel like it had to go looking in *other* programs' folders for history files?
So that other programs can't guess the pseudorandom numbers that Firefox uses to set up SSL connections.
Ummm... (Score:2)
What Unix war? There is the normal bantering from people saying their version of Unix is better then the rest (Which for the most part is normally the version of Unix they know the best) but a Unix war. I haven't heard anything about it. Other then OS X all the other Unixes are in heavy competition against Linux and Windows for its survival.
Re: (Score:2)
What Unix war? There is the normal bantering from people saying their version of Unix is better then the rest (Which for the most part is normally the version of Unix they know the best) but a Unix war. I haven't heard anything about it. Other then OS X all the other Unixes are in heavy competition against Linux and Windows for its survival.
The first rule of the Unix war is nobody talks about the Unix war. The MIB are on their way, please stay calm.
Other than OS X and Linux... (Score:2)
Other then OS X all the other Unixes are in heavy competition against Linux and Windows for its survival.
Linux is UNIX too.
gpg: Note: This key has expired! (Score:3, Interesting)
gpg: Signature made 07/15/09 19:56:19 using DSA key ID 17785FE8
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>"
gpg: Note: This key has expired!
Primary key fingerprint: 8D6F 1BA4 A340 4DDB 3F2F D080 7447 4499 8123 47DD
Subkey fingerprint: 3338 E6BA FF10 3B3D A6A9 E424 B57B 5484 1778 5FE8
In case you can't find it... (Score:2, Informative)
On the macintosh version at least, the 'check for updates' menu item is in the Help menu. Because that's clearly where it belongs. I only found it because I was just about to search the help for advice on where to find it.
What about freezes on long pages w/many links? (Score:2)
I've been using the OS X version of Firefox 3.5 on a Mac Pro and I've experienced a problem where the browser freezes (spinning beach-ball icon) every time I log onto my EasyNews account and do a search or request a list of content in a newsgroup that has a large number of results.
Typically, it will quickly display the first page full of results, then freeze a second or two after that. If I wait long enough (several minutes or more) and come back to the browser, then sometimes I find it's no longer frozen
Re: (Score:2)
I see that too on my Macbook Pro. I think it is an odd interaction between SQLite and those continuous backup programs that want to be like Time Machine. I'm using one (Memeo Lifeagent) that came with my Seagate external HD. If I put the backup software into "pause" mode Firefox gets a lot more responsive.
Re: (Score:2)
Still 7 to go (Score:2)
on the Acid3 [acidtests.org] test, lagging both Opera and Safari which have reached 100% on this fun benchmark. About 50% faster on avg when I "thumb in the air" tested it (ran 10X and wrote down the times, then averaged them than Firefox was as little as six months ago, so this release is definitely one to pick up in terms of browser security and performance, though.
Does it finally have paste and go? (Score:4, Interesting)
I mean, I've given up on scaling fonts lager on the fly (as opposed to zoom), but how about 'paste and go' for urls - like opera has had for years (and now chrome)
Re: (Score:2)
Re: (Score:2)
What's wrong with the way it scale text? (You do know that the zoom menu have a "zoom text only" which sound exactly like what you want.
Mozilla.com still has 3.5, not 3.5.1... (Score:2)
Re: (Score:2, Insightful)
I have yet to see a single blue screen on Linux.
FOSS isn't perfect, it's just a whole lot better than one of the competitors.
and I enjoy my FOSS haven very much, thank you.
Re:FROSTY PISS (Score:5, Funny)
Re:FROSTY PISS (Score:5, Funny)
Make it black and hope people just think they accidently turned their computer off.
Re:FROSTY PISS (Score:5, Funny)
Obama-mode
Green and red indicators of death (Score:4, Funny)
So what your saying is Microsoft could fix all of their problems by changing the color of the screen?
Microsoft tried that twice on the Xbox 360, and people continued to complain about the red ring of death (general hardware failure) and the green screen of death (E74 error).
Re: (Score:2)
I have yet to see a single blue screen on Linux.
I have. I've also seen the sad mac face, Apple ][ corruption, kernel panics, etc.
Joking aside, I've had the equivalent of a BSOD on Linux several times on different types of hardware. All but one case was bad hardware, one was a kernel bug (fixed upstream in two days).
Re:Blue screen (Score:5, Informative)
Actually, the linux blue screen of death is blinking of 2 (or is it three?) of the keyboard leds. Though support for blue screen of death is coming, by the name of kernel mode-settting. It is pretty rare, though.
Lockups I have seen, too, in both linux and windows. Lots of cases is hardware problems, but your problem sounds like a driver issue. Using proprietary drivers, perhaps?
Re:Blue screen (Score:5, Interesting)
This is true. I've had my share of complete freezes under Linux. Ironically though, SSH access to the box still typically works and I can kill X if ctrl+alt+backspace doesn't work. It's rare to have a freeze that completely evicts all sense of response from the system (though I've had this happen before).
Interestingly, the last unusual behavior I had under Linux was when a video card blew 4 out of 7 or 8 capacitors. That was a real treat.
Re: (Score:2, Insightful)
You can hardly call it a complete freeze if "only" X is frozen. Still pretty annoying but as you say you can usually recover by killing and restarting X.
Re:Blue screen (Score:5, Insightful)
a) If you are a "Desktop Linux" user running actual Desktop applications, that means you lose most of your unsaved work (if there is a way to not lose the unsaved work, please let me know).
b) If you use X as just a way to run screen/vi/emacs and browsers, then you are less affected.
Basically if I let my mom/uncle/aunt use "Desktop Linux" and X locks up, it's effectively as bad as a BSOD for them.
Saying X freezing is not a problem since you can usually recover by killing and restarting it is like saying that Windows 95 is stable as long as you regularly shutdown/exit to dos and type win to restart it[1].
[1] you could actually do that in the old days of Win 95
Re: (Score:2)
If your app is written sensibly, it will either autosave periodically or will write what it's got open to disk if you "kill -term" its PID.
The latter's no help for naive users, of course.
Re: (Score:2)
I suspect kmail/kontakt does autosave periodically, but apparently it's broken in some way: http://lists.kde.org/?l=kde-bugs-dist&m=122605713921371&w=2 [kde.org]
Anyway the last I used it, when I try to save an email draft while working on it, it closes the draft. The KDE people seem to think that just because I want to save my work it means that I want to close it too.
Then there's Openoffice:
http://user.services.openoffice.org/en/forum/viewtopic.php?f=7&t=10604&hilit=autosave [openoffice.org]
It should probably be fixe
Re: (Score:2)
Thank you for point this out. That was more or less what I was hoping readers would have garnered from my stateme
Re:Blue screen (Score:4, Insightful)
tee? Really? What the hell sort of DESKTOP APPLICATIONS produce all of their output on the terminal? OpenOffice? GIMP? KMail? GVim?
No, the only solution is the Jesus rule. Save your files. Save them early, save them often. Not just because the system is going to crash, but because you never know when the power will fail, lightning will strike, or a cow-orker will trip over your power cord.
Re:Blue screen (Score:5, Insightful)
Ironically though, SSH access to the box still typically works...
That is not ironic: it is good design...
Re: (Score:2)
It's ironic in the sense that while you may have lost all of your work, you still have access to the machine to (hopefully) correct the problem that caused it.
Re: (Score:2)
This is exactly what I was going to suggest. SSH usually runs fine, or using CTRL+ALT+Backspace... if X crashes you won't be able to CTRL+ALT+FX I'm pretty sure.
I've only ever had Linux hard lock when I've been testing out early alpha stuff on a sandbox (used to be an old machine, now it's just a VM).
If you can't bring it back and you're not doing something stupid then it's probably hardware, so you might want to run some diags.
Re: (Score:2, Interesting)
As I said in the "Blue screen" post, I can't even use the "Magic SysRq key [wikipedia.org]". I've invested several days in solving this. I'm definitely not doing something stupid. It definitely isn't the hardware. It's a problem between ATI's drivers and the rest of the OS.
Re: (Score:2)
That's not a "complete freeze". When the machine literally hangs (infinite loop in a driver or something) or shuts off spontaneously or kernel panics and halts, that's a complete freeze. I assure you that ssh is not functioning in this situation. I've certainly had both happen to me. I hear that a lot of the "beachballs" on the Mac these days are similar, and if you have the ssh daemon running and another machine to log in with, you can at least restart safely if not kill the offending program. OTOH I've ha
Re: (Score:2)
This is ridiculous. If we're going to split hairs over semantics, then I would suggest that the OP should have stated that he was suffering from kernel panics. You'll notice that I didn't specify what "completely froze." Had I the foresight to consider that a number of posters would be complaining about my choice of words, I
Re: (Score:2)
Re: (Score:1, Informative)
Yes, indeed I do. I wasn't trying to be bashing/trolling here, just pointing out the sub-optimal end-user experience. My ATI card (RV710 [Radeon HD 4350]) is by no means rare and I can't afford to buy another, more "compatible", one.
Re: (Score:2)
I'm an ex-Amigan non-fanboy who has seen plenty of crashes and Lockups on Linux. I am currently sitting at Windows Vista but I do have a Debian system running. It's a cute little DT Research DT168, a sub-ten-watt Geode LX system that shares out my MyBook (XFS-formatted and loving it) to the Xbox and other Windows systems in the house.
I tried to run Linux on this system, but there are two major problems. One, HP uses the microsoft tools to create things like ACPI configurations. These tools are deliberately
Re: (Score:2)
Re: (Score:2)
Re:Someone tell Canonical. (Score:5, Informative)
I installed it ages ago:
aptitude install firefox-3.5
http://packages.ubuntu.com/search?searchon=names&keywords=firefox-3.5 [ubuntu.com]
Re: (Score:2)
Re:Someone tell it to Canonical. (Score:4, Informative)
Just add the fta repository & install "firefox-3.5". They even link to a mozilla daily build repository if that's your thing.
Re: (Score:3)
So - who got brave, and installed FF 3.6? Am I that brave, or am I not? Hmmmm........
Re: (Score:2)
Running 3.6 (Score:2)
who got brave, and installed FF 3.6?
I've been running Firefox nightly builds for years. I recently switched from Windows to Kubuntu, found a 64-bit build (I think http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu [launchpad.net]), and got right back on the nightly rough edge, currently called Firefox 3.6a1pre and codenamed Namoroka [mozilla.org].
It's definitely not for most people; you have to watch planet.mozilla.org to track what's going on, you give up on some extensions, and there are occasionally snafus where you have to
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Informative)
Scroll down to firefox-3.5. Stupidly, this package doesn't overwrite the firefox package, meaning that applications will still use 3.0 to open links. Even if you remove the firefox package, firefox-3.5 is still not used. Changing the webbrowser in preferred applications seems to work on some applications...
Anyway, in the end I just simlinked like so: ln -s /usr/bin/firefox-3.5 /usr/bin/firefox, and everything worked great.
Re: (Score:3, Informative)
Ubuntu uses update-alternatives to select between different packages providing the same functionality
to see which browsers are installed:
/usr/bin/firefox-3.5
update-alternatives --list x-www-browser
to select firefox-3.5:
update-alternatives --set x-www-browser
Re: (Score:2)
Scroll down to firefox-3.5. Stupidly, this package doesn't overwrite the firefox package, meaning that applications will still use 3.0 to open links. Even if you remove the firefox package, firefox-3.5 is still not used.
In Jaunty, this is because Firefox 3.0 remains the default version of Firefox (and the firefox package always points towards the default version of Firefox for that release). In Karmic, this is because the developers haven't switched the default from 3.0 to 3.5 yet, though they will soon [asoftsite.org].
Flash context menu (Score:2)
Do you have any URLs that demonstrate this slowdown?