Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Mozilla The Internet

Mozilla: The Good And The Bad 582

Rui del-Negro writes "According to this article at The Register, six security flaws in Mozilla were posted to BugTraq last weekend. They have not been added to the official Mozilla vulnerability list yet. But details can be found here, here, here and here (phew!). Finally, two other bugs were found, relating to loading GIF files (in several Linux browsers) and Mozilla's (JavaScript) implementation of onUnload ( ). Are they trying to prove they can beat Microsoft at their own game..? Or is someone just trying to win a prize?" On a brighter note, Zerbey writes "From Neil's Place here is 101 Things Mozilla can do which IE cannot. Very interesting reading and an excellent resource for convincing stubborn Internet Explorer users why they should switch. This article was also reported at Mozillazine. I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer."
This discussion has been archived. No new comments can be posted.

Mozilla: The Good And The Bad

Comments Filter:
  • by mirko ( 198274 ) on Wednesday November 06, 2002 @01:15PM (#4609529) Journal
    OK, 21669 to go [slashdot.org] :-)
  • by afidel ( 530433 ) on Wednesday November 06, 2002 @01:16PM (#4609543)
    As of 1.2beta almost all of these are fixed. In general opensource is not a whole lot more secure than closed source (both are programmed by humans), they just are more open with information and quicker with fixes.
    • by MAXOMENOS ( 9802 ) <mike@mikesmithforor e g o n . c om> on Wednesday November 06, 2002 @01:40PM (#4609826) Homepage
      In fact, as of 1.0.1, five of the six bugs are fixed. Only one of these bugs exists in 1.0.1, and it's generally regarded as the least serious. Almost every distribution is running Mozilla 1.0.1 or 1.1 by now. I know I'm running 1.1 on my box, and Ximian GNOME is using 1.0.1.

      Seriously, this isn't as big a deal as it looks, folks.


      • Almost every distribution is running Mozilla 1.0.1 or 1.1 by now. I know I'm running 1.1 on my box, and Ximian GNOME is using 1.0.1.


        The problem is, and will continue to be older distros. At least something like WindowsUpdate pushes the updates to your desktop more or less transparently. How do you update RedHat 6.2 transparently, or Mandrake 7? I have yet to see this kind of transparent updating under Linux, and I don't see that rosy a future for desktop Linux without it. I know RH7+ has RedHat network, but IMO it still doesn't work quite as slickly.
        • both up2date and apt provide transparent updates for this kind of thing. up2date run from the command line is signifigantly slicker than Windows Update, and about the same when run from the gui. apt walks all over both of them for ease of use.
        • Like the subject says. Automatic updates are not a feature that will make people love MS over Linux. Even people who like MS would typically still prefer to decide for THEMSELVES when it's a good time to upgrade instead of having no choice over the matter.
    • by kalidasa ( 577403 ) on Wednesday November 06, 2002 @03:20PM (#4610899) Journal
      Does /. often post stories "previous version of Internet Explorer had 6 security bugs" when the current patch has already fixed them? Seems to me that Mozilla's response was pretty quick...
    • At least we know about them, and are able to fix them unlike with IE.
  • by 1984 ( 56406 ) on Wednesday November 06, 2002 @01:16PM (#4609545)

    "...resource for convincing stubborn Internet Explorer users why they should switch..."

    Should be:

    1. Provides a better subjective browsing experience
    If that's not true, you'll never win.
    • Even if it is true you aren't likely to win. IE is firmly now a component of the Windows operating system. Removing it will cause the seas to boil and the rivers to run red with blood. Anyone notice that Excite [excite.com] is not allowing Mozilla users? I get this Error message [excite.com].

      BSD
      • "Even if it is true you aren't likely to win. IE is firmly now a component of the Windows operating system. Removing it will cause the seas to boil and the rivers to run red with blood."

        Why do you need to remove IE to use another browser? Even if you could, why would you want to? I still need IE once in a while because some dumb-ass sites think they need to embed Quicktime movies inside their page. Never could quite get QT to work quite right in other browsers.
        • >Why do you need to remove IE to use another browser?

          Oh... that one isn't so hard.

          If you don't have 256 MB of RAM, but you like to have your favourite browser loaded into memory 24x7 so it pops up as fast as IE, you'd need IE removed to free the (many) megabytes of RAM it wastes.
          • "If you don't have 256 MB of RAM, but you like to have your favourite browser loaded into memory 24x7 so it pops up as fast as IE, you'd need IE removed to free the (many) megabytes of RAM it wastes."

            I'm not running at 256 megs of ram. I'm running at 128. Frankly, I don't think 2-3 megs are going to significantly improve my browsing experience. It would, however, severely impact my file operations in Windows. It'd also cause Outlook to bloat up a bit so it could interpret it's own HTML.

            Sorry, not sold. IE's not my primary browser, but I have plenty of interest in not removing it.
      • Hmm... Even with cookies blocked from Excite, I can still view their front page with Moz 1.1. (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826)If this was a site 'feature' in the past, it's obviously been reclassified as a bug and has been fixed.
    • by bunratty ( 545641 ) on Wednesday November 06, 2002 @01:24PM (#4609630)
      If that's not true, you'll never win.
      Win what? Is there some competition to get more people using Mozilla than IE? That's a battle that will never be won as long as IE is shipped with nearly all new desktop computers and Mozilla is shipped with nearly none.

      To me the interesting battle is to get enough users to use standards compliant browsers and not use old browsers such as Netscape 4 and IE 4 that web developers can finally just write according to web standards and know their websites can work for more than 99% of users.

    • Or maybe you should make up lies and anecdotal evidence about how Mozilla "just works" and Internet Explorer goes "boopbeepboopbeepboop" [apple.com] and destroys half of your "really good" paper.

      That seems to be working for Apple.
  • by dartboard ( 23261 ) on Wednesday November 06, 2002 @01:17PM (#4609548)
    If you read ALL the way to the end of the article you'll note that 5 of the 6 bugs are already fixed in 1.0.1 which has been out for a couple months now. I believe the sixth is already fixed in the 1.2 nightlies.

  • by roybadami ( 515249 ) on Wednesday November 06, 2002 @01:17PM (#4609551)
    However, also according to the article on the register, most of these bugs are in Mozilla 1.0, which makes this kind of old news. Mozilla 1.0.1 was specifically advertized as a security bug-fix release, and has been out for quite some time.
  • NTLM auth (Score:5, Informative)

    by bunratty ( 545641 ) on Wednesday November 06, 2002 @01:18PM (#4609560)
    I'm still waiting for NTLM auth to be implemented so we can switch over at my workplace, the only reason we still have to use Internet Explorer.
    NTLM auth is bug 23679, and is scheduled for Mozilla 1.3 alpha which will be out in about one month.
    • Re:NTLM auth (Score:3, Informative)

      by drok ( 78225 )
      NTLM auth is bug 23679, and is scheduled for Mozilla 1.3 alpha which will be out in about one month.

      Except that it was also scheduled for 1.2 alpha, then beta, then... despite 107 votes and being topembed+ it keeps slipping.

      Want to have NTLM support? Vote for it! http://bugzilla.mozilla.org/show_bug.cgi?id=23679 (Bugzilla doesn't allow slashdot.org referers anymore...)

      -Robert
      • Re:NTLM auth (Score:5, Insightful)

        by twoflower ( 24166 ) on Wednesday November 06, 2002 @01:38PM (#4609795)
        Want to have NTLM support? Vote for it!
        No, write the damn code. That's what software freedom is about. You've missed the entire point.
        • Re:NTLM auth (Score:3, Informative)

          The code is already there, at least in the greatest part and has been for months.

          It looks like there are three problems,
          putting DES, MD4,MD5 somewhere sensible possibly using PSM
          adding NTLM
          and fixing a nasty bug where Mozilla opens too many connections.

          Until the nasty blocker is fixed there can be no NTLM.

        • Re:NTLM auth (Score:3, Insightful)

          by Lendrick ( 314723 )
          No, write the damn code. That's what software freedom is about. You've missed the entire point.

          Sadly, this is easier said that done. Simply getting into the Mozilla project is difficult at best--I myself have tried and failed, and no longer subscribe to the notion of "writing the damn code yourself."

          Can we blame them for being ineffective at responding to new coders? Probably not. Mozilla is a massive project, and the people who keep tabs on that sort of thing most likely have more urgent things to do than respond to every newbie who offers to help out. On the other hand, the "write the code yourself" argument is arrogant and lazy, because it's not really an option for most people, even if they are willing to help and experienced coders. A better response would be that there are other things with higher priority which need doing first.

          Additionally, as has been pointed out before, complete feature patches written by people who managed to get in to fix their "pet bug" often go unapplied for months. PNG alpha support under Windows (or was it Linux? I don't recall specifically) was an example for this--the patch was there for months, and the feature was continually ignored as it accumulated votes, until someone finally decided to put it in.

          In the future, you may want to consider being a little bit less snide about people posting feature requests. Feature requests give a project direction, by allowing the coders to get a feel for what people would like the product to be like. Scoffing at them is intentionally ignoring the requests of your audience.
        • Re:NTLM auth (Score:3, Insightful)

          by Hadean ( 32319 )
          Yes, I'll just wave my little magic pixie stick (and quit my day job) so that I'll learn how to write software. You do realize that not everyone knows the inside and outs of programming! This whole "write it yourself" philosophy is such crud ... people like you must try to remember that there's more then one kind of computer user.
  • Fortunately, these are shallow bugs that will be found by many eyes. I'm guessing I won't have to wait more than a few hours for a patch that fixes any of these either. And while IE exploits tend to be devastating, since Explorer is integrated into the whole Windows OS, these security holes in Mozilla will, at most, crash your browser, a minor inconvenience. All this proves is that Open Source is (still!) better than proprietary software. Keep up the great work, Moz team!
  • by krog ( 25663 )
    When you're on a Linux machine, Mozilla is a fine choice for web browsing. And it has some nice features like tabbed browsing that soften the interface somewhat, and some like javascript privilege control which make the web more tolerable.

    HOWEVER, the Mac versions are basically unusable and the Windows version is hurting. Mozilla still sucks when good web browsers exist on that platform.
    • Re:A Word on Mozilla (Score:5, Informative)

      by Entropy_ah ( 19070 ) on Wednesday November 06, 2002 @01:24PM (#4609635) Homepage Journal
      the Windows version is hurting
      That's strange because I've found that Mozilla is more stable and faster in Windows vs. its Linux couterpart.
    • HOWEVER, the Mac versions are basically unusable

      Mozilla start time on my G4/667MHz/1GB RAM Powerbook: 29sec (!?)
      IE start time on same machine: 2sec
      Omniweb start time on same machine: 1.5sec

      not to mention that Mozilla hangs for seconds at a time quite often, and looks and feels clunky and bolted-together.
    • ... the Mac versions are basically unusable and the Windows version is hurting.

      Don't know about Mac, but the windows verion is peachy. I'm using build id 2002091014 on Windows at work, and it provides a subjectively better browsing experience than does IE.

    • Re:A Word on Mozilla (Score:3, Informative)

      by \\ ( 118555 )
      I've been using Mozilla for OS X since i bought my powerbook a couple months ago and have had no problems whatsoever, besdies the occasional crash. Even java works properly - still can't get games.yahoo.com to properly work on any of my lunix mozilla installations.
    • ...the Mac versions are basically unusable...

      How are the Mac versions unusable? I've been using Mozilla 1.2 beta on OS X for weeks, and it's working wonderfully. Extremely stable (hasn't crashed once), reasonably fast rendering, and the best standards compliance I've seen on any browser. It would be great if the overall browsing speed were improved, but as the browser I use on a daily basis, it's certainly usable even in its current state.
    • how about some details on how "the Mac versions are basically unusable"? I've used them, so they're not *unusable*, and they perform pretty well; in fact, I know plenty of mac users who prefer it over IE.

      Why do you say "the Windows version is hurting"? what problems do you have with it? For me, it works just fine and I prefer it over IE, even with the slower loading time, and even on my slow K62-400 with 48 MB RAM. I did say "for me", but in all truth I can't find any instances where it is "hurting".

      Your final comment seems to imply Mozilla is not good, which in my oppinion is not true. Hey, we're all expressing our oppinions here, nothing more :)
    • Why are people so hung up on the initial load time for IE versus Mozilla? Other than for that single metric, Mozilla runs circles around IE. Mozilla renders pages significantly faster, it provides fine -grained control for people who want it (per-site image blocking, per-site popup blocking, tabbed windows), and it generally doesn't allow people to get root/admin access to a box even when exploits are discovered.

      I have convinced many people to try Mozilla, and from what I've seen none of them have switched back to IE.
    • I've had no problems on Windows other than handling a few pages that are coded IE specific. The inital load time is a little slower, but how many times are you opening and closing your browser? With the quick start, which IE has built in, Mozilla loads pretty quick anyway. I haven't used the Mac or Linux versions, but I like my Windows Moz.
  • by nxg125 ( 30911 ) on Wednesday November 06, 2002 @01:19PM (#4609578)
    To quote Mozillazine [mozillazine.org]
    The most remarkable detail about these bugs is that most of them are already fixed. In fact, only one of the flaws (reported here in September) is present in the latest stable branch and trunk releases (Mozilla 1.0.1 and 1.1 respectively), while the more recent 1.2 Beta isn't vulnerable to any of them.
  • 10 Things... (Score:5, Insightful)

    by yamcha666 ( 519244 ) on Wednesday November 06, 2002 @01:21PM (#4609600)

    Now, is there a 10 Things IE Can Do That Mozilla Can Not such as run ActiveX properly if at all so one can go to most msn.com sponsored sites such as MSN Chat? Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.

    Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE.

    • Re:10 Things... (Score:5, Insightful)

      by Anonvmous Coward ( 589068 ) on Wednesday November 06, 2002 @01:26PM (#4609661)
      "Believe me, like the rest of you, I love Mozilla, and I live by the tabbed browsing. But unfortunetly, there are a lot of things I do on the Internet that still force me to crawl back to IE."

      Frankly, I didn't think the '101 things you can do with Mozilla' was that interesting. Most of the stuff there I'd only care about if I were doing web development today. In that case, yes it'd be really cool. But they're trying to oversell features that most people don't use. I just wanna browse the web, I don't care about color coded source viewing. I do care about the browser opening fast without hogging all the RAM. (Fortunately I'm an Opera user.)
    • One feature of IE that I really like is how previous entries in text boxes can be selected from a drop down list (like the list of previously loaded URLs in the browser location bar). It's very helpful here at work where I can easily pull up a list of previous searches to be re-searched.
      • Phoenix does this, and alot more that Mozilla doesn't. Phoenix is really on the right track. http://mozilla.org/projects/phoenix/phoenix-releas e-notes.html
    • Or how about properly running the Java plugin so Yahoo! Chat doesn't crash after a few minutes. I'm not making this up. This happens everytime.

      That's true, but AFAIK the same thing happens with newer versions of IE - the only browser which seems to work properly with the Yahoo-Chat seems to be Netscape 4.7.

      I don't really understand why that is, but it seems IE and Mozilla are on par there.... unfortunately. :-/

  • Bug Confirmation (Score:3, Insightful)

    by kha0z ( 307162 ) on Wednesday November 06, 2002 @01:22PM (#4609615) Homepage
    Being a developer myself, I have a huge number of bugs that are reported to my team and I on a daily basis. While security is always a key concern, there is an entire process of validating a bug prior to adding it to an official bug list. An open source project, such as Mozilla, has to rely on the input of who know who for possible bugs, then also has to rely on a large number of volunteer developers to help validate the bug. Sometimes these processes take time.

    Take the time to compare Mozilla's submitted bug report and their official bug list versus Microsoft's (that is if you can find a copy of it).
  • by c13v3rm0nk3y ( 189767 ) on Wednesday November 06, 2002 @01:25PM (#4609639) Homepage

    How my favourite bug [mozilla.org] was turned into a feature is the best example I have of how easy it is to get off the track with big projects like this.

    The bug got lost in several threads, flames and arguments about what IE does or does not do, until it was finally marked WONTFIX by a Mozilla demi-god. IMHO, they missed the point. There is a constant refrain in Bugzilla about whether something is "standard" or not.

    From my experience, the argument about web standards is used to either fix or not fix something, depending on how someone feels about a problem.

    Don't think it's a problem? don't fix it and say "it's not standard, so we won;t" or "it's not standard, but we break the standard everywhere where it makes sense". Some behaviour need changing? The same arguments apply.

    I may be just whining here, but sometime I think the fact that Mozilla is a web browser is lost in the arguments. I still love Moz, but the fact that the right-margin jumps around on my otherwise fine HTML 4.x and CSS pages will always bother me.

  • it means that the bugs that aren't fixed yet, will probably get a bit more attention and will be addressed soon...even the ones that aren't really a big deal.

    The only negative is that people who don't look behind the facade of the headlines just think that the programs are buggy and that they should stay away from them...

    M$ makes out because although there's just about as much negative press about their IE bugs & flaws...the places where they're discussed and "fixed" aren't out in the open enough.

    People forget what they can't see (Out of Sight-Out of Mind).

  • User Experience (Score:2, Interesting)

    by jhunsake ( 81920 )
    I know this going to turn into another debate between IE and Mozilla and MS bashing session, but instead of comparing feature by feature...

    IE definitely has the best user experience. I regularly use IE (Win2000), Opera (Win2000 and Linux), Mozilla (Win2000 and Linux), and Galeon (Linux). And without a doubt, IE has the best overall user experience. It's fluid, it's quick, and it never crashes (for me anyways). Galeon would be my second choice, but even it crashes occasionally (I use the latest Ximian release always).

    Just sharing my experience for those that always come out saying Mozilla has feature X, which IE doesn't. Who cares?
  • Misinformation (Score:5, Interesting)

    by jmd! ( 111669 ) <jmd@pobox . c om> on Wednesday November 06, 2002 @01:29PM (#4609702) Homepage
    What The Register's article fails to mention is that all of the bugs were fixed long ago. Five of the six were fixed by 1.01 and 1.1. The other was fixed soon after. Security Focus's database (The Register's source) is aware of this.

    Just some great investigative reporting on The Register's part. My friend's half-brother's cousin says...

    Mozilla has had a lot more security bugs then six, anyway. So if they were trying to be silly and sensational, they could have done better. Most "security bugs", in Mozilla and other applications, and very minor and require very special sets of circumstances. Every app has them.

    The only difference is they're fixed in Mozilla in days. MSIE still has unpatched holes. (There's a page somewhere that lists them with example code, maybe someone could post that URL, it's rather interesting... lists when the hole was discovered, and when [if] a patch was made available).
  • DISABLE JAVASCRIPT!!

    This is fix just about every webbrowser exploit. It won't fix buffer overflows in the actual renderer, but it will fix all the Javascript holes. Most of the other exploits use Javascript to load them, so those won't work either (of course, they could be re-written).

    If you come across a website that requires javascript to function, and you actually have a need to use that website, then keep a second browser on your system that you use for those. And it wouldn't hurt to use something like Opera or Mozilla where you can lock down some of the Javascript features that they can use.

  • Mozilla rules (Score:2, Informative)

    by dolo666 ( 195584 )
    Because Mozilla is open source, it's better than any other closed source alternative. I have only three reasons why I use it:

    1. Smart Features -- not bloat-ware.

    2. Tab Surfing.

    3. No spyware or ads.

    The information exchange is one factor of why open source is better, however, consider this as well: every decision you make adds to the total inertia of a project. Therefore, when you base a product on open source, you are creating a momentum that is going to carry on through your whole project. By saying, "Yes, we will listen to our public", you are also saying that you will like your public, and your public will like you in the end.

    Microsoft has never done that. They put you on hold, put you off, ignore you and they do what they want. How long can they continue to take that stance in the face of an angry public?

    Marshall Berman said it best when he said you can't slow progress or stop it. You can only guide it. He goes on to say that anyone who tries to resist change is going to pay the price in the end. Well I can't think of any other company that has resisted change as much as Microsoft has - especially recently.
  • I've always wanted to send a message to IE users about the flaws and insecurities of their chosen browser, to hopefully open their eyes and get more people to use alternatives (Opera, Mozilla/Phoenix, etc)

    One way would be to use the browser ID to add a little 'info' strip to the top of pages, specifically for IE users. It could be just a small one-line table at the top of pages -- maybe with a contrasting background to be noticeable, and say something like:

    "Internet Explorer has several vulnerabilities [bellaonline.com] that may allow others to take over your machine. You may want to apply fixes or try [opera.com] alternatives [mozilla.org].

    I can't find the link to the 'master list' of unpatched IE flaws, I had it bookmarked somewhere.. But I would imagine using the browser ID string the client sends to apache, this could be done in PHP or something similar. Yeah, it'd probably be a performance hit, but for anything but the biggest sites, it might work.

    I've also noticed that some IE browsers appear to be sending the actual patch revision! Example:

    217.81.215.xxx - - [06/Nov/2002:00:00:19 -0600] "GET / HTTP/1.1" 200 34629 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; QXW0339a; Q312461; .NET CLR 1.0.3705)"

    Q312461 leads us to a MS Knowledgebase [microsoft.com]

    article. I've no idea what the QXW0339a is, though.

    Interesting. So one could go so far as to take the patch version off the browser ID string, check it against a database of strings, and return a comment that mentions the serious vulnerabilities affecting that version. I'd be happy to just run something that added a small tagline to the top of pages for all IE browsers, though. The more sites that did something like this, the more the word would get out. I think it'd be productive. :)

  • I can do them! (Score:3, Interesting)

    by Otter ( 3800 ) on Wednesday November 06, 2002 @01:41PM (#4609829) Journal
    I'm posting this from Mozilla 1.2b/MacOS X and it's close to pushing IE off my desktop.

    But, looking over the list of 101 things Mozilla does that IE doesn't, there are plenty of things that IE does, and has done for years. (It may not do them on Windows -- I have no idea.)

    I can view cookies, block individual cookies, disable tooltips and a bunch of other things listed. I'd also argue that IE can be trivially installed and uninstalled and has a more complete, and certainly much more usable bookmark manager.

    • Re:I can do them! (Score:2, Informative)

      by bstadil ( 7110 )
      close to pushing IE off my desktop

      FYI, If you do that you can use the MS filemanager if you are stuck in on a web site. Just type or Cut and paste the url (incl http:// bit) into filemanager and presto it morphs into IE.

      Lately Amazon.com is getting more IE centric on their view content of books and I have to resort to this. FYI, I have complained to Amazon.com

    • Re:I can do them! (Score:3, Informative)

      I don't know abnout easier install. Installing a new version of IE always requires me to reboot. When I install a new (binary) version of Mozilla it usually is just an unzip or untar and then running the executable.

      Maybe things are different on the Mac.
  • How about https? (Score:3, Interesting)

    by WankersRevenge ( 452399 ) on Wednesday November 06, 2002 @01:43PM (#4609869)
    I've been using Mozilla for over a year now and for the life of me, I still can't access anything via. https. So, I have to open IE to do anything secure forms. I've read that I must do a complete install in order for this to work which I do, but still no dice.

    Anyone have this problem?
    • Re:How about https? (Score:5, Informative)

      by Dr Caleb ( 121505 ) on Wednesday November 06, 2002 @01:54PM (#4609981) Homepage Journal
      Anyone have this problem?

      With some sites, yes. If they don't support the Mozilla certificates, they won't allow https. I use Mozilla for my Banking (switched banks because they supported Mozilla) and things like Hushmail. For some things at work, I still have to use IE for sites that don't support Mozilla's certs.


    • I've been using Mozilla for over a year now and for the life of me, I still can't access anything via. https...


      do you have the mozilla-psm package installed?

      the https part of mozilla is often in a second package, maybe for export or something. if you
      only installed the rpm for mozilla, you may still have to install the personal security manager part.

      here's what rpm on my redhat 7.2 based machine shows for example:

      [root@mouser root]# rpm -qa | grep mozilla
      mozilla-1.0.1-2.7.3
      mozilla-nspr-1.0.1-2 .7.3
      mozilla-psm-1.0.1-2.7.3
      mozilla-nss-1.0.1-2 .7.3
      nautilus-mozilla-1.0.6-16

      so, check to see if you can install the mozilla-psm package and https should be all set

      here's the rpm -qi Description for mozilla-psm:
      Description :
      The mozilla-psm package provides Secure Sockets Layer (SSL) support
      for the Mozilla Web browser.

  • by kh0ng ( 594312 )
    This bug [mozilla.org] was reportet 2 years ago, seemed to be fixed, then again seems to be still present. It refers to tables with 'colspan' Tags that have a large 'span' value. They DoS the browser and can be embedded in any HTML Source - Webpage and EMail and (perhaps) Newsgroup articles.

    On a funny sidenode, while trying to use the link above:
    "Sorry, links to Bugzilla from Slashdot are disabled."

  • by bmajik ( 96670 ) <matt@mattevans.org> on Wednesday November 06, 2002 @02:00PM (#4610050) Homepage Journal
    1. You can do this by writing a 12 line VB app that embeds the MSHTML COM control on separate tab controls. Some projects already do this. (Yawn)

    5. uh, hit ctrl-H in IE6

    7,8. Hold control, scroll mouse-wheel

    17. IE does this

    22. This can be set in IE

    31. IE can do this

    46. Is this a joke ?

    77. I don't buy this. IE is a ship-component of Windows XP, and thus exists in 25 distinct locales.

    97. This is just fanboyism. There is no substance here.

    101. Got me there, champ.

    These are just the things I know are crap off the top of my _head_. Why does fanboy shit like this make it to slashdot on such a consistant basis ?

    • by Edgewize ( 262271 ) on Wednesday November 06, 2002 @02:16PM (#4610222)
      While the 101 list goes a bit overboard, you're wrong to dismiss a lot of the items.

      1. Tabbed browsing is inherantly slower with IE because it creates a new browser instance for each tab.

      5. The side bar is NOT just a history window. You can put virtually anything in it, including slashdot headlines or a google box.

      7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.

      17. At least with 5.5, the "cookie manager" is nothing more than a listview of all your temporary internet files. Mozilla has a real interface with more capabilities.

      22. The average user will not set this, and will inevitably install Bonzi Buddy or some other crap because they click OK too fast. Mozilla comes secure by default.

      46. You can run Mozilla from a network share without ever launching an installer. I'd like to see you do try with MSIE 6.

      77. Yeah, assuming that you have the appropriate locale of Windows. And that you'd never want to run a version that was different from your operating system's locale settings.

      97. True. But you must admit that Mozilla's security process is more open than IEs, and that there won't be major vulnerabilities that go unpatched for months. With IE you have no such guarantee.

      101. You just can't argue with that one. The lizard is cool.
  • by Anthony Boyd ( 242971 ) on Wednesday November 06, 2002 @02:02PM (#4610075) Homepage

    I think Mozilla is in a position to really get innovation going again. Being a Web developer who started back in 1994, I remember first using Mosaic and Netscape back when features came so fast and furious that you really like progress was an everyday thing. I haven't felt that way lately (at least about Internet Explorer). So without further ado, here are some ways to innovate at a fundamental level, changing some things that should have been obvious.

    First, making navigation buttons out of the link tags is great. But does Mozilla pre-fetch the "next" link, so that if I actually decide to go to the next page (likely), it comes up fast? WebTV has this feature. Makes the Web feel faster.

    Second, why am I entering HTML tags into a plain text field? Where is the HTML text field? You know, a form object that comes with B, I, and U buttons, and allows me to visually format the text before sending (and which is delievered as standard, XHTML 1.0 compliant markup)? I've seen that Microsoft's new Web-based Outlook tools have this, but they use over 100k of JavaScript files to accomplish it. Shouldn't we just have something like this: <htmlarea></htmlarea>???

    Finally, one of the things I've been waiting for is the ability to set images or other objects on angles. For example, if I wanted to have the slashdot logo appear as if it were on an incline, I might use CSS to specify the image display at -15 degrees. And if this were exposed to JavaScript, I could make some interesting animations. But I haven't seen this in CSS yet.

    In short, I remember fondly when Netscape pushed the envelope -- I remember Andreesen adding the img tag, I remember Netscape implementing the file upload tag. I think some working demos of this stuff might help it gain acceptance, and give people a reference model to work from. Not to mention make Mozilla seem much more useful than Explorer.

  • *blink* (Score:5, Funny)

    by Dave2 Wickham ( 600202 ) on Wednesday November 06, 2002 @02:18PM (#4610253) Journal
    "Supports blinking text
    You can make text blink."

    *blink*

    This is GOOD?
  • Already fixed? (Score:3, Informative)

    by Sj0 ( 472011 ) on Wednesday November 06, 2002 @02:22PM (#4610305) Journal
    I recall reading about this; those bugs were fixed before the bugs were reported this weekend.
  • by Kiwi ( 5214 ) on Wednesday November 06, 2002 @02:25PM (#4610331) Homepage Journal
    The problem with Mozilla's translation method is that it is designed in such a way that a translation team has to update a translation for every single release of Mozilla. That means that if a given translation team doesn't update the translation, newer versions of Mozilla have to be used in English.

    In particular, if I wish to have Spanish-language dialogues in Mozilla, I (as of a month ago) can not upgrade to Mozilla 1.0.1 because none of the volunteer Spanish translation teams [1] has updated their 1.0.0 translations to version 1.0.1; instead they chose to direct their translation efforts towards 1.1 and 1.2.

    Compare this to AbiWord, which has a translation structure such that, if a given translation team decides that meeting girls at dance clubs is far more fun than spending Saturday night translating dialogues, the translations still work for new versions of the program. If any new dialogues appear, those dialogues will be in English until someone steps up to bat to translate them, but any unchanged dialogues remain translated.

    IE has an edge here, since their translation teams are paid; guaranteeing that any formal release of IE will be translated in to all officially supported languages. The disadvantage to this is, if a given language is deemed by Bill Gates to not be worthy of translation, you have to use the application in English (or one of the other official languages).

    This structure causes Mozilla 1.0.1 to have translations available in languages like Estonian (a beautiful language [2] which has about, as I recall, 2 million speakers) but not in Spanish (which has more native speakers than English--about 325 million).

    OK, thinking out loud, it should not be too hard to set up a perl script which unzips a translation for a given version of Mozilla, compares the labels against the English version for a given later version of Mozilla, and then translates all of the labels it can; leaving the untranslated labels in English. This would be far more productive than posting to Slashdot; perhaps a Mozilla guru can tell me if a tool like this already exists.

    - Sam

    [1] There are three Spanish trnaslation teams: One for Latin American spanish, one for Argentinian Spanish, and one in Spain. The Argentian is the most active group right now.

    [2] One of my linguist teachers is a native Estonian speaker; she once talked to us in Estonian to demonstrate a language learning technique.

  • by alanjstr ( 131045 ) on Wednesday November 06, 2002 @02:50PM (#4610593) Homepage
    I'm sure there are security bugs in Mozilla that haven't been made public yet. That was the problem with the onUnload(). It was known about for a long time, but not until it became public did it get fixed.
  • by Hard_Code ( 49548 ) on Wednesday November 06, 2002 @08:35PM (#4613600)
    My favorit

    My favorite bug is wh

    My favorite bug is when mail cras

    My favorite bug is when mail crashes whenever I tr

    My favorite bug is when mail crashes whenever I try to sen

    My favorite bug is when mail crashes whenever I try to send a message

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...