Firefox Update Kills Bugs, Adds Mac Support 232
Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox 1.5.0.2, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release."
Themes and extensions keep working (Score:4, Informative)
Re:Themes and extensions keep working (Score:4, Informative)
Re:Themes and extensions keep working (Score:3, Interesting)
BTW, the update installation caught me by surprise. When FF asked confirmation for update, I checked the option "later" (meaning, ask later). Next time I started, FF updated itself, and broke some extensions.
S
Re:Themes and extensions keep working (Score:3, Informative)
In the options under Advanced/Update the default is "Automatically download and install the update" but you can change that to "Ask me what I want to do" if you want. Of course, the "Warn me if this will disable extensions of themes" box is also checked by
Patch (Score:5, Funny)
haha, no, seriously.. i'm joking
..*ducks*
Re:Patch (Score:2)
Which do you mean, standard HTML/CSS or HTML hand-tweaked to look good in a browser with less than stellar support for the standards?
What's new in Firefox 1.5.0.2 (Score:5, Informative)
http://www.squarefree.com/burningedge/releases/1.
Re:What's new in Firefox 1.5.0.2 (Score:4, Informative)
Thank God! I've been waiting for this, I couldn't for the life of me understand why this no longer worked on the mac version. I also just found out that you can change firefox's keybindings to be emacs-like [mozillazine.org] on any platform. Actually that article shows you how to change the keybindings to be like anything you want, they just use emacs as an example.
Re:What's new in Firefox 1.5.0.2 (Score:2)
Ctrl+PgDn / Ctrl+PgUp still worked (does same thing).
Yeah, but I've got a powerbook, so that would be Ctrl+fn+uparrow, just too many keys (okay, the real reason is that I didn't know about it, but it's still too many keys).
Some leaks fixed (Score:5, Informative)
- Memory leaks
- 321283 - Using Find causes documents to leak.
- 323532 - Leak when using history autocomplete.
- 323377 - Lots of leaks in nsInternetSearchService.
Numerous times would I come home to see Firefox using over a gig of memory and eating up about 40% of my proc cycles. A quick quit/restart of the app would fix it, but still -- I regularly close tabs and don't develop long histories on multiple open tabs, so it didn't make any sense.I just hope that those leaks are the ones I was actually experiencing...
Re:Some leaks fixed (Score:4, Informative)
But seriously, it's a CRM app loading stats from an XML source on the server side, and when using E4X you get an XML Object for each XML file(or entry, depending) so it's easy and quick when running yearly stats to generate a bunch of objects. But now it works like a charm, smooth, and fast. The only prob is it's a 1.8.0.2 nightly, not a release. But working is working.
Re:Some leaks fixed (Score:2)
I'm not sure about nsInternetSearchService though..
Re:Some leaks fixed (Score:2)
Rich.
Re:Some leaks fixed (Score:2)
Is HotJava still around, maybe you could try that? But seriously, what did you expect them to use - Java? Or let me guess, some uber-functional language like Haskell? But even to this day, there's really not a really great crossplatform alternative to C++. In
Re:Some leaks fixed (Score:2)
What you say about Java is right -- but just because one garbage collected language sucks badly does not imply that all GCs are bad.
Interestingly, rendering engines as powerful and complete as Gecko have been written in functional, garbage collected languages. The most advanced is PrinceXML [princexml.com] which is written in Mercury [wikipedia.org], which is not just "uber-functional", but a logic pr
Re:Some leaks fixed (Score:2)
If you got some more memory, maybe 1GB, that would probably make everything faster.
"Fixes some security issues"? (Score:5, Interesting)
Re:"Fixes some security issues"? (Score:2, Insightful)
How does a browser that doesn't even run activex GET arbitary code exploits???
Re:"Fixes some security issues"? (Score:2, Insightful)
Re:"Fixes some security issues"? (Score:2)
Re:"Fixes some security issues"? (Score:3, Insightful)
Take a close look at the techniques used, and it's no wonder those "criminal cracker gangs" we keep hearing about have no apparent problem coming up with fresh 0-day exploits to sel
Re:"Fixes some security issues"? (Score:4, Informative)
Metasploit isn't mentioned anywhere.
Re:"Fixes some security issues"? (Score:3, Interesting)
Re:"Fixes some security issues"? (Score:2)
Here [secunia.com].
Re:"Fixes some security issues"? (Score:2)
Re:"Fixes some security issues"? (Score:2)
Re:"Fixes some security issues"? (Score:2)
If you look at MFSA2006-19 [mozilla.org] for instance, it says:
That's literally Firefox 1.5, not Firefox 1.5.0.2, which means that the bug was fixed months ago in the latest stable releases of Firefox, Thunderbird, and Seam
Re:"Fixes some security issues"? (Score:2, Insightful)
Next you'll be telling us that any bug in Windows is merely "serious", not "critical", as the DoD isn't running Windows on the systems used to control nuclear weapons launching, and that "critical" is too strong a word to describe anything that couldn't possible result in the annihilation of all life on the planet.
While we're at it, why not redefine "bug" as "a flaw in software that will lit
Hold on there (Score:5, Insightful)
Be careful with this line of reasoning. All along there's been this mantra of "Firefox is inherently more secure, and would be even if it were the dominant browser" spouted continuously. Well, I happen think the GP makes a great point about this, and your reasoning seems to fly in the face of the mantra. Don't get me wrong--I'm one of these said spouters--but I'm honestly feeling more than a bit hypocritical at this moment. These are some damn serious issues, and it's not just a handful.
Now, I suspect the reason for this is that the Firefox community as a whole (users and developers) are far more pre-disposed to actually finding and publicly disclosing such bugs. My guess is that we really only see the tip of the IE iceberg in terms of security.
However, we still can't have it both ways; these are indeed very critical bugs, and to dismiss them otherwise may seem beneficial, but it's actually a great disservice.
Re:Hold on there (Score:2)
If anyone's vulnerabilities ~should~ be actively exploited it's FF's, because the source is read and there is full disclosure on the vulnerabilities. But I know of almost none that have been, and none that were widespread.
FF has at least 10% market penetration, which is a HUGE number of computers, more than enough for some hacker to make money on.
I don't know anyone whose computer is full of spyware because they use FF, but almost everyone I know who regularly uses IE complains how sl
Arguable (Score:2)
That's 10% of what market--all Internet-connected computers on the planet? I think not. It's only 10% of some arguably small subset of all possible users. I've seen many logs of consumer retail sites showing Firefox represents more like 3% of the market (8% if you include Mozilla/SeaMonkey plus Netscape). And I'd further hypothesize that the Firefox users are biased, due to se
Re:Arguable (Score:2)
Anecdotal as it may be, I have lots of evidence that FF is safer, and no evidence that IE is safer.
One of the complications in this argument is when comparing "critical bugs", the definitition of what is and is not critical is made by the vendor.
MS has been shown repeatedly to classify something as critica
Re:Arguable (Score:2)
Perhaps you think I disagree with you on this point, but let me assure you I don't. I totally agree with that particular statement. I never said Firefox was not safer than IE in the current environment (such as market share, education of users, and many other market forces at work).
But I would hasten to add that this is on a relative basis only, and I don't think it's necessarily a causal relationship.
Re:Arguable (Score:2)
What I take issue with is saying that FF has just as many and just as bad bugs or vulnerabilites as IE, and that they just haven't been found yet because FF is too small of a target.
I fundamentally agree with the way FF is developed and handled, and fundamentally disagree with the way security is handled and information stifled at MS.
I believe if both browsers
Re:Arguable (Score:2)
Well, I never said the part about the quantity, but I did say that the bugs are just as bad. You may not have reviewed the Firefox advisory, but exactly how much worse does it get than "arbitrary code execution" anyway? And if such problems exist, exactly how many of them are needed before it should be considered fundamental
Re:Arguable (Score:3, Interesting)
I'm simply trying to point out the difference between a vulnerability that could, theoretically, be used for arbitrary code execution, and one that IS being used daily for arbitrary code execution, drive-by
Re:Hold on there (Score:2)
One nitpick (Score:2)
How many people do you think are really "reading" the source. And when I say read, I don't mean downloading the source, opening up a couple files in vim just to check it out, then build it and be on your merry way. And I'm not talking about average C++ programmers either. I'm talking ab
Re:"Fixes some security issues"? (Score:3, Interesting)
Re:"Fixes some security issues"? (Score:2, Funny)
Re:"Fixes some security issues"? (Score:2)
Re:"Fixes some security issues"? (Score:3, Funny)
I'm uncertain.
Re:"Fixes some security issues"? (Score:2)
On MY computer, Firefox has 100% market share, so a Firefox security bug is infinitely worse than an IE bug. Don't downplay security bugs.
SeaMonkey too (Score:2, Informative)
http://www.mozilla.org/projects/seamonkey/release
Mac Support (Score:4, Informative)
Re:Mac Support (Score:2)
Don't get me wrong, Rosetta is decent (for an emulator), but Firefox has just been ungodly slow on my Intel Mac Mini. I've been waiting for an official Intel build.
Re:Mac Support (Score:2)
It is nice (Score:2)
- Andrew
Re:It is nice (Score:3, Insightful)
The default button is still focused and easy to accept.
If it only displayed this update message upon startup/New tab/window then I wouldn't have a problem, but if it detects an update mid session then it pops up then taking away focus.
I personally prefered the update throbber in the top right.
Re:It is nice (Score:2)
- Andrew
Re:It is nice (Score:2, Insightful)
still got memory leaks out the wazoo (Score:3, Informative)
Re:still got memory leaks out the wazoo (Score:2)
FF configuration to reclaim leaked memory (Score:5, Informative)
reclaim leaked memory [cybernetnews.com]
In case this poor bastard's site gets Slashdotted, here's the trick:
1. Open Firefox and go to the Address Bar. Type in about:config and then press Enter.
2. Right Click in the page and select New -> Boolean.
3. In the box that pops up enter config.trim_on_minimize. Press Enter.
4. Now select True and then press Enter.
5. Restart Firefox.
Once you've restarted, and been using FF awhile, minimize it, then bring it back, and the system (under Windows, anyway) will have reclaimed leaked memory (often LOTS of it). A new notice on that page says this works with Thunderbird, too, so I'll have to try that when I get to work.
Re:FF configuration to reclaim leaked memory (Score:2)
Anyways, thanks for the tip.
Re:FF configuration to reclaim leaked memory (Score:5, Insightful)
Re:FF configuration to reclaim leaked memory (Score:2)
Whatever it is, it's memory being recovered after minimize/maximize. Call it what you like.
Memory is a cache, not leaked (Score:2)
Now, whether this is the right thing to do or not is pretty contested, but that's the design.
Re:Memory is a cache, not leaked (Score:2)
That doesn't work (Score:2)
Annoying update message (Score:5, Insightful)
I have firefox set to inform me that theres an update.
In my eyes that update check should only occur when I open a window, NOT when I'm in the middle of typing.
I saw a flash of something whilst I was typing and realised I had inadvertantly accepted a popup box.
I want to set Firefox to inform me of updates, but make sure it only does that when opening a new window or tab (so it knows I'm not actively typing).
Re:Annoying update message (Score:3, Insightful)
Re:Annoying update message (Score:2)
Why not 1.5.1? (Score:2)
Re:Why not 1.5.1? (Score:2)
Re:Why not 1.5.1? (Score:3, Informative)
Given: x.y.z.w
x.y are the major/minor version numbers.
z is for an update that changes the API.
w is for an update that doesn't change the API.
This way they can distinguish between updates that are likely to break* extensions (Firefox 1.5.1) and those that theoretically should not (Firefox 1.5.0.2).
*By which I mean actually breaking functionality, requiring programming changes to the extension -- not just needing to bump the extension's compat
In other news... (Score:2, Informative)
Re:In other news... (Score:2)
Yahoo Mail Bug fix (Score:2)
https://bugzilla.mozilla.org/show_bug.cgi?id=3226
This *would* have been news... (Score:3, Funny)
-g.
The update kills some extensions. (Score:2)
I lost AniDisable and AutoForm. I'm going to miss AutoForm.
Progress has a price.
Accurate firefox usage information (Score:2, Insightful)
Re:It still leaks! (Score:2)
Re:It still leaks! (Score:5, Insightful)
Yeah (Score:5, Informative)
Re:Yeah (Score:3, Informative)
Re:It still leaks! (Score:4, Informative)
Re:It still leaks! (Score:2, Funny)
XML and Java APPLETS are teh BESTEST thing ever!! How could they possibly cause problems? They are the glue of the internet! Fast, efficient guarenteed to work everywhere and anywhare!!!!
Heretic!
Re:It still leaks! (Score:2)
Other browsers which have the same feature seem to mysteriously now be horrible memory hogs
Well there you go then - what's so 'mysterious' that keeping the last 50 (50 was the default on my session history) browsed pages in RAM? I am not denying that it could have other memory leaks, but I have never looked into the matter, and have no issues with FireFox myself..
Re:It still leaks! (Score:2)
I wouldnt expect that, since there is an apparent feature that FF keeps a certain number of previously visited pages in memory, regardless of which tab they were viewed in. If you expect it not to save the pages, then set the cache to store 0 pages.
Re:It still leaks! (Score:3, Insightful)
What platform are you on?
What version of Firefox are you running?
What extensions to you have enabled?
What types of things are you doing when you notice the memory increasing?
Are you legitimately using more memory or is it actually a leak?
C'mon, man, give us something useful.
Re:It still leaks! (Score:4, Informative)
you're not dealing with a memory leak (or at least, not an accidental one...they put this
in there on purpose).
I'm running 1.5.0.1 on gentoo linux (no gnome or kde) and experience no memory leak. I often
leave it running for days and, while my memory footprint varies with usage, it doesn't appear
to be behaving baddly (memory usage always approaches a base level after I finish most of my
browsing).
Re:It still leaks! (Score:2)
Re:It still leaks! (Score:4, Interesting)
Just because it works fine on one machine is no guarantee that it will work just as well on other machines.
I'm up to 80 megs used with only 4 tabs open (CNN
Firefox doesn't release memory like it should. It jumped from 50 to 75 when I opened a new window to view a QuickTime movie, when I closed it the memory wasn't release. If I watch a wmv file it will routinely jumped in to the high 90's low 100's. I opened the same pages with IE and when I close the window with the QuickTime movie the memory jumps back down.
Link? (Score:2)
Re:It still leaks! (Score:2)
Re:It still leaks! (Score:2)
Re:It still leaks! (Score:4, Insightful)
Who cares?
Seeing as that memory is now lost and unusable you **should** care. It is a sign of sloppy design anyways and the other two (Opera and IE) don't seem to have problems with memory leaks...
Re:It still leaks! (Score:2)
Re:spellcheker pleeze! (Score:2)
Anyone who has used both extensively have an opinion on the comparison?
Re:spellcheker pleeze! (Score:2)
This is one of the nice things about Camino (as a Cocoa application, it gets access to OS X's builtin spellchecking)
Ditto for Safari and OmniWeb. Actually all three work with my spell-checker, grammar-checker, dictionary/thesaurus, language translations, text transformations, scripts, speak text, encryption tools, md5 checksums, text statistics (word count, char count, pages, etc.), Web lookups, XML processing tools, content summarizer, and a probably few other system services I've forgotten. The fact t
Reason (Score:2)
Hmmmm, I could use autocorrect for typing my own last name in more than just Word. Put the accent marks in automagically.
Re:spellcheker pleeze! (Score:2)
http://forums.mozillazine.org/viewtopic.php?t=351
Re:colgroup bug still exists (Score:2)
Neither is bug 279867 [mozilla.org] fixed which is older then a year.
Re:colgroup bug still exists (Score:2, Informative)
http://www.w3.org/TR/html4/struct/tables.html#h-1
Re:colgroup bug still exists (Score:2)
If you follow the link you gave, you'll find the "align" attribute listed in the "Attributes defined elsewhere" section. (Although, as has been pointed out above, anybody using presentational attributes such as "align", which has been deprecated for 8 years now, really needs to realise that the technology has moved on.)
Re:colgroup bug still exists (Score:2)
And whoops, you already corrected yourself while I was off checking my facts. Oh well, serves me right for showing off :-)
Re:colgroup bug still exists (Score:3, Insightful)
It might seem like a fix is simple, but when you have a really large codebase and millions of web pages doing strange things, it's very easy for a "simple fix"
Re:Optimized Builds (Score:3, Interesting)
If you think about it your webbrowser is for the most part a on-the-fly compiler, parsing HTML, XHTML, JS, etc and compiling it into onscreen "stuff".
Your question is like asking when GCC will support SSE2 natively to speed itself up.
There may be a few graphic algorithms that can benefit from SSE2 but for the most part nothing else.
Tom
Re:Optimized Builds (Score:2)