Mozilla Firefox 1.5.0.3 Released 250
Mini-Geek writes "Mozilla Firefox 1.5.0.3 has been released. As with previous 1.5.0.x patches, 1.5.0.3 can be downloaded as a small, incremental download. From the article: 'This update fixes a publicly disclosed denial of service weakness. All users are encouraged to upgrade to this version.
The bugfixes previously planned for Firefox 1.5.0.3 were shifted to 1.5.0.4, and a quick update was released shortly after the recent to address the publicly reported issue.'"
Just a minor revision (Score:1, Insightful)
luv incremental updates (Score:3, Insightful)
Can someone fix the damn javascript console (Score:3, Insightful)
Re:Nice.... (Score:3, Insightful)
Re:Just a minor revision (Score:4, Insightful)
Re:Yet again I was interrupted while I work (Score:3, Insightful)
Re:Yet again I was interrupted while I work (Score:4, Insightful)
auto-updates make security easier (Score:4, Insightful)
The only other Windows program I have that seems to work as well is Azureus which is also opensource.
Re:Terminology matters (Score:2, Insightful)
Its more about managability, imagine the administrative headache you would have if you had users using netscape(and yes I have seen this, only way I managed to get that user off of it was by sabotaging her computer so I had to "replace" it, couldn't get her offa it otherwise), firefox, IE, Opera and having them all running under redhat, debian, windows 98, windows 2000, windows xp, mac 9, mac X, etc...
It would quickly become a disaster. Personally if I had a consistent system throught I would slap you down hard for using something outside of the guidelines. Although I've been trying to convince the people here to dump IE and Office so I could go to Opera/Firefox and OpenOffice so I would be slapping everybody else for using IE. Trying but failing...
Re:Long Live Seamonkey (Score:2, Insightful)
O. Wyss
Re:Just a minor revision (Score:2, Insightful)
Re:Just a minor revision (Score:0, Insightful)
That's good for you personally, but what effect does that really have on a global scale? Noone besides Mozilla - and they don't seem to be willing to share those stats - knows how long it takes for a patch to reach critical mass (where a large majority of users will be protected, greatly reducing the effectiveness of using an exploit).
Everyone throws all different aspects of security together into one big meaningless lump when there's quite a difference between a secure product and a secure userbase to name one. If you and I apply a patch minutes after it comes out but a hypothetical 70% don't for months to come, is Firefox a secure product or not?
In theory time-to-fix sounds like a great indicator but in reality time-to-distribute is the real challenge. Windows XP supposidly has a 10-something minute TTL which is a fact that spread like wildfire, regardless that keeping up with patches utterly negates that claim, but since the majority of users just can't be bothered (or don't even know) to update it's still seen as a fact.
In the years to come, Firefox won't be judged on how secure the lastest version is, but on how well Mozilla can convince people that regular updating is an utter necessity to remain secure.
Re:Just a minor revision (Score:3, Insightful)
Also, irrespective of number of flaws, while the number of people using IE stays so high, my chances of browsing a page with a security exploit for my browser is dramatically higher when using IE (I should add here, I don't want to see Firefox, IE, or any other browser having most of the market; I'd love to see the market split into fairly equal slices between at least three different browsers).
Mostly On Topic: Updating Multiple Win2k/XP Boxes (Score:3, Insightful)
Where I work, I've been pushing hard to get the company to use Firefox instead of IE. I've got most people using it every day. However these are normal office workers, they don't click on the update icon (They don't even wonder about it), and I find that they're running an older version. Does anyone know of a way to add the update to a login script, so it is silently installed when they login? I've googled around, and maybe I'm not using the right search phrases, but I'm not finding anything useful. I'm even willing to download a whole new
Denial of Service my ass (Score:4, Insightful)
If we're calling anything that locks your browser a DOS now, then how come this bug [nyud.net], which is over 3 years old and seems dead simple to fix, is not? I can make a browser DOS on any web page I want:
<script>
while(true) alert('Boom!');
</script>
Such a piece of code does not trigger the "script is taking a long time" message because it fires alerts. And the alerts are content-modal so you can't do *anything* to close the browser or tab causing the alerts. You have to kill it off.
No different from the "denial of service" bug mentioned in this posting.