Mozilla Firefox 1.5.0.3 Released

Mini-Geek writes "Mozilla Firefox 1.5.0.3 has been released. As with previous 1.5.0.x patches, 1.5.0.3 can be downloaded as a small, incremental download. From the article: 'This update fixes a publicly disclosed denial of service weakness. All users are encouraged to upgrade to this version. The bugfixes previously planned for Firefox 1.5.0.3 were shifted to 1.5.0.4, and a quick update was released shortly after the recent to address the publicly reported issue.'"

Just a minor revision

[Seriously, who]

Seriously, who finds this interesting? This is a minor point release to fix a small security hole, not front page news.

luv incremental updates

[scott_evil]

Gotta love the small update size. More software should work this way and instead of giving us everything each time, just give the changes. Well... more windows software needs to do it, other platforms seem to manage it ok.

Can someone fix the damn javascript console

[hsmith]

The javascript console bug has an annoying ass problem of spewing out tons of debug information for CSS errors, which no one cares about because you have to do so many hacks to get styles to look right in all browsers. Console2 was to fix this, but it hasn't been worked on in forever and isn't compatable with 1.5.X. 100 CSS errors every time you load a page gets annoying when you are searching for a few JS errors

Re:Nice....

[voice_of_all_reason]

You're far too trusting. Letting random strangers automagically execute code on your machine?

Re:Just a minor revision

[christopherfinke]

Seriously, who finds this interesting?

Well, I do. Mostly because I'm an extension developer and I like to make sure that all of my extensions work with the latest version of Firefox, but also because I just find Firefox to be interesting software and news about it is almost never unwelcome on my screen. Slashdot is reserved regarding posting about Firefox compared to Digg, where even articles about speculation about point-releases are promoted to the front page almost immediately.

Re:Yet again I was interrupted while I work

[malsdavis]

But isn't the ability of the end-user to customise the software to their exact preference/need one of the biggest advantages of Open Source?

Re:Yet again I was interrupted while I work

[Blahbooboo3]

Yes! However, it's the attitude of "figure it out moron" from some people that is the problem with open source projects.

auto-updates make security easier

[MikeFM]

It's definately a role model that other software venders could learn from. For friends and family that I used to have to babysit their browser updates now all I have to do is let Firefox do it's thing. Seems to work well in Thunderbird too. It really does make it a lot easier for non-technical people to keep up-to-date and truth be told it makes it easier for a geek boy like me too.

The only other Windows program I have that seems to work as well is Azureus which is also opensource.

Re:Terminology matters

[Anonymous Coward]

It might have more to do with the natrual assumption Windows admins make about versions. With the Windows systems he knows that its upgraded to the latest version through either Automatic updates or through an intranet update. With multiple browsers with a different upgrade system he can not know for certain if your firefox is fully upgraded or is like most windows users computers and 50 versions out of date(there is a hell of a lot of issues caused by people who could have just upgraded their computer). Plus too with just one browser if something happens or shows up out in the wild he can react accordingly. with firefox plue IE he has to track twice the issues and figure out how they affect things.

Its more about managability, imagine the administrative headache you would have if you had users using netscape(and yes I have seen this, only way I managed to get that user off of it was by sabotaging her computer so I had to "replace" it, couldn't get her offa it otherwise), firefox, IE, Opera and having them all running under redhat, debian, windows 98, windows 2000, windows xp, mac 9, mac X, etc...

It would quickly become a disaster. Personally if I had a consistent system throught I would slap you down hard for using something outside of the guidelines. Although I've been trying to convince the people here to dump IE and Office so I could go to Opera/Firefox and OpenOffice so I would be slapping everybody else for using IE. Trying but failing...

Re:Long Live Seamonkey

[wysiwia]

You can be sure SeaMonkey won't be dropped, the community takes care. For some users (mostly power users) SeaMonkey is much more useful, just look at the cookie manager or the preferences. Besides the SM/Mail has advantages over Thunderbird, I first had to write an extension (Folder selection) to make TB sort of usable for me. Sure enough it's good to be able to choose.

O. Wyss

Re:Just a minor revision

[zen-theorist]

Well, I do. Mostly because I'm an extension developer and I like to make sure that all of my extensions work with the latest version of Firefox, but also because I just find Firefox to be interesting software and news about it is almost never unwelcome on my screen. Slashdot is reserved regarding posting about Firefox compared to Digg, where even articles about speculation about point-releases are promoted to the front page almost immediately.

in that case, why not waste a couple of hours everyday on mozilla.org instead of slashdot.org?

Re:Just a minor revision

[Anonymous Coward]

Better to stay with Firefox, at least when holes are found they are patched faster than any other browser that I know of.

That's good for you personally, but what effect does that really have on a global scale? Noone besides Mozilla - and they don't seem to be willing to share those stats - knows how long it takes for a patch to reach critical mass (where a large majority of users will be protected, greatly reducing the effectiveness of using an exploit).

Everyone throws all different aspects of security together into one big meaningless lump when there's quite a difference between a secure product and a secure userbase to name one. If you and I apply a patch minutes after it comes out but a hypothetical 70% don't for months to come, is Firefox a secure product or not?

In theory time-to-fix sounds like a great indicator but in reality time-to-distribute is the real challenge. Windows XP supposidly has a 10-something minute TTL which is a fact that spread like wildfire, regardless that keeping up with patches utterly negates that claim, but since the majority of users just can't be bothered (or don't even know) to update it's still seen as a fact.

In the years to come, Firefox won't be judged on how secure the lastest version is, but on how well Mozilla can convince people that regular updating is an utter necessity to remain secure.

Re:Just a minor revision

[Xugumad]

How about, it follows the standards? You may not care, but my job as a web developer would be hell of a lot easier if all browsers did! Having to write "And if the browser is IE, use this horribly broken method of doing things instead because the IE devs didn't read the spec" code is a real nuisance.

Also, irrespective of number of flaws, while the number of people using IE stays so high, my chances of browsing a page with a security exploit for my browser is dramatically higher when using IE (I should add here, I don't want to see Firefox, IE, or any other browser having most of the market; I'd love to see the market split into fairly equal slices between at least three different browsers).

Mostly On Topic: Updating Multiple Win2k/XP Boxes

[kwalker]

This is sorta off topic, but relavant because of the new update.

Where I work, I've been pushing hard to get the company to use Firefox instead of IE. I've got most people using it every day. However these are normal office workers, they don't click on the update icon (They don't even wonder about it), and I find that they're running an older version. Does anyone know of a way to add the update to a login script, so it is silently installed when they login? I've googled around, and maybe I'm not using the right search phrases, but I'm not finding anything useful. I'm even willing to download a whole new .exe file for 1.5.0.3 if I can figure out a way to have that auto-installed on the 35 machines here.

Denial of Service my ass

[brunes69]

There is no such thing as a "denial of service" attack in a web browser. At worst it causes a crash, and potentially makes you lose unsaved data on some web forms.

If we're calling anything that locks your browser a DOS now, then how come this bug [nyud.net], which is over 3 years old and seems dead simple to fix, is not? I can make a browser DOS on any web page I want:

<script>
while(true) alert('Boom!');
</script>

Such a piece of code does not trigger the "script is taking a long time" message because it fires alerts. And the alerts are content-modal so you can't do *anything* to close the browser or tab causing the alerts. You have to kill it off.

No different from the "denial of service" bug mentioned in this posting.