Please create an account to participate in the Slashdot moderation system


Forgot your password?

Firefox Update Kills Bugs, Adds Mac Support 232

Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release."
This discussion has been archived. No new comments can be posted.

Firefox Update Kills Bugs, Adds Mac Support

Comments Filter:
  • by Anonymous Coward on Friday April 14, 2006 @10:52AM (#15129298)
    This time around, almost all extension and theme authors got the version dependency right, so unlike after the previous update, your extensions and themes won't be disabled. It's a security update, so do install it.
    • This is because the maxVersion in the extensions for in the majority of cases is 1.5.0.*, so if your extensions work with and, they'll be compatible with any future security upgrades for this branch.
    • Several extensions broke down. "Compact Menu" -- had to go to the home page to reinstall (Firefox said no updates found), "Cute Menus" broke completely. "Mnenhy" broke.

      BTW, the update installation caught me by surprise. When FF asked confirmation for update, I checked the option "later" (meaning, ask later). Next time I started, FF updated itself, and broke some extensions.

      • You didn't read the message when you clicked later. The message said that an updated was already downloaded and ready to be installed. It asksed if you wanted to install it now (and restart Firefox now) or install it later (when you next restart Firefox).

        In the options under Advanced/Update the default is "Automatically download and install the update" but you can change that to "Ask me what I want to do" if you want. Of course, the "Warn me if this will disable extensions of themes" box is also checked by
  • Patch (Score:5, Funny)

    by Ryz0r ( 849412 ) on Friday April 14, 2006 @10:54AM (#15129317)
    Download the patch here! []

    haha, no, seriously.. i'm joking


  • by anandpur ( 303114 ) on Friday April 14, 2006 @10:54AM (#15129318)
  • Some leaks fixed (Score:5, Informative)

    by EggyToast ( 858951 ) on Friday April 14, 2006 @10:55AM (#15129324) Homepage
    Here's the big ones, IMO, from a mac user's perspective:
    • Memory leaks
    • 321283 - Using Find causes documents to leak.
    • 323532 - Leak when using history autocomplete.
    • 323377 - Lots of leaks in nsInternetSearchService.
    Numerous times would I come home to see Firefox using over a gig of memory and eating up about 40% of my proc cycles. A quick quit/restart of the app would fix it, but still -- I regularly close tabs and don't develop long histories on multiple open tabs, so it didn't make any sense.

    I just hope that those leaks are the ones I was actually experiencing...

    • Re:Some leaks fixed (Score:4, Informative)

      by bahwi ( 43111 ) on Friday April 14, 2006 @11:11AM (#15129479)
      They fixed a serious bug that was affecting me in the moz branch, that was ported over to the xulrunner nightlies. Apparently I was creating too many JS Obj's and crashing out the system. Now it works perfectly with my thousands of javascript objects, mwa-ha-ha. =)

      But seriously, it's a CRM app loading stats from an XML source on the server side, and when using E4X you get an XML Object for each XML file(or entry, depending) so it's easy and quick when running yearly stats to generate a bunch of objects. But now it works like a charm, smooth, and fast. The only prob is it's a nightly, not a release. But working is working.
    • I doubt it, it happen to me also and I'm not using Find or history.
      I'm not sure about nsInternetSearchService though..
    • What gets me is that they effectively started over in 1998, but still chose a language which doesn't have garbage collection (or a bunch of other basic features). I mean, what programmer sits there worrying about who owns a piece of memory anymore?


      • What gets me is that they effectively started over in 1998, but still chose a language which doesn't have garbage collection (or a bunch of other basic features). I mean, what programmer sits there worrying about who owns a piece of memory anymore?

        Is HotJava still around, maybe you could try that? But seriously, what did you expect them to use - Java? Or let me guess, some uber-functional language like Haskell? But even to this day, there's really not a really great crossplatform alternative to C++. In
        • Well, if you follow the link in my signature, you'll get a good idea of which language I'd recommend. And yes, it's impure functional.

          What you say about Java is right -- but just because one garbage collected language sucks badly does not imply that all GCs are bad.

          Interestingly, rendering engines as powerful and complete as Gecko have been written in functional, garbage collected languages. The most advanced is PrinceXML [] which is written in Mercury [], which is not just "uber-functional", but a logic pr

  • by YU Nicks NE Way ( 129084 ) on Friday April 14, 2006 @10:57AM (#15129347)
    Sweet baby Jesus, it fixes 21 separate issues *all of which can be used to execute arbitrary code*! Did they have time to fix any vulnerabilities which were only "somewhat critical"?
    • by Anonymous Coward
      Considering how much Firefox gets touted as being superior to M$IE, I'm concerned about the sheer number of "arbitary code execution" fixes were in this 0.0.1 version increase. Maybe it's not as secure a codebase as the foundation thought?

      How does a browser that doesn't even run activex GET arbitary code exploits???

    • I suspect that some of these are bugs found by HD Moore of The Metasploit Project [] in Firefox last month - some details here []. We can probably expect a similar slew of updates from Microsoft in a future "cumulative update" for Internet Explorer since there were more than 50 brand new flaws (not all critical) found in IE as well.

      Take a close look at the techniques used, and it's no wonder those "criminal cracker gangs" we keep hearing about have no apparent problem coming up with fresh 0-day exploits to sel

      • by YU Nicks NE Way ( 129084 ) on Friday April 14, 2006 @11:50AM (#15129855)
        That's what I thought, too, but, in fact, no. Per Secunia's summary of sources:

        1, 9, 10, 12, 18, 20) shutdown
        2) Igor Bukanov
        3) Bernd Mielke
        4) Alden D'Souza
        5) Martijn Wargers
        6) Bob Clary
        7) Tristor
        8) Michael Krax
        11, 14, 21) moz_bug_r_a4
        13, 16) TippingPoint and the Zero Day Initiative
        17) Claus Jørgensen and Jesse Ruderman
        19) Georgi Guninski
        Metasploit isn't mentioned anywhere.
    • This is why Mozilla restricts access to security bug information. It's only an issue if it becomes public. By the way, I only count seven security-related bug fixes []. Where are you getting 21?
    • Actually, MFSA issues 09-19 [] were fixed before this release - the only new ones for the 1.5.x branch are 20 []-29.
      • I don't think so. Looking at those in detail, Moz claims they were fixed on 4/13/2006, not earlier. That would mean they were still alive until came out -- not that they were fixed in previous versions.
        • No, many of those were fixed previously in the Firefox 1.5 series, and the fixes have just now been backported to the 1.0 series.

          If you look at MFSA2006-19 [] for instance, it says:

          Fixed in: Firefox 1.5
          Firefox 1.0.8
          Thunderbird 1.5
          Thunderbird 1.0.8
          SeaMonkey 1.0
          Mozilla Suite 1.7.13

          That's literally Firefox 1.5, not Firefox, which means that the bug was fixed months ago in the latest stable releases of Firefox, Thunderbird, and Seam

  • SeaMonkey too (Score:2, Informative)

    by Anonymous Coward
    SeaMonkey was updated to version 1.0.1 for security reasons too / []
  • Mac Support (Score:4, Informative)

    by Anonymous Coward on Friday April 14, 2006 @11:04AM (#15129416)
    Just to clarify, Firefox has long had Mac support. This distribution adds Universal Binary support so that Firefox is now native for Intel Macs.
  • It's nice to see that the update notifier now prompts you with options. I would rather this approach than the previous way of updating at startup without any warning or choice.

    - Andrew
    • Re:It is nice (Score:3, Insightful)

      It still updates in the middle of use.
      The default button is still focused and easy to accept.
      If it only displayed this update message upon startup/New tab/window then I wouldn't have a problem, but if it detects an update mid session then it pops up then taking away focus.
      I personally prefered the update throbber in the top right.
      • That's true - I forgot about the throbber. I like the throbber idea but the update always crashed on me back in "those days".

        - Andrew
  • by Tumbleweed ( 3706 ) * on Friday April 14, 2006 @11:13AM (#15129491)
    But the good news is, that about:config trick where you minimize your window, then maximize it again still works.
  • by LiquidCoooled ( 634315 ) on Friday April 14, 2006 @11:14AM (#15129504) Homepage Journal
    It did it again.
    I have firefox set to inform me that theres an update.

    In my eyes that update check should only occur when I open a window, NOT when I'm in the middle of typing.
    I saw a flash of something whilst I was typing and realised I had inadvertantly accepted a popup box.

    I want to set Firefox to inform me of updates, but make sure it only does that when opening a new window or tab (so it knows I'm not actively typing).
  • If the release includes changes other than security fixes, wouldn't it be better to call it 1.5.1? In fact, Firefox 1.0.8 has been released too, and it increments the third rather than the fourth number for similar changes. Maybe Firefox developers want to convince users that the changes from 1.5 are really tiny? But it's not true, judging by the release notes.
    • I just read the changelog and I don't see any major functionality changes (unless you consider making the thing not blow up functionality...)
    • Re:Why not 1.5.1? (Score:3, Informative)

      by Kelson ( 129150 ) *
      Because they switched to a more detailed numbering scheme with 1.5.

      Given: x.y.z.w

      x.y are the major/minor version numbers.
      z is for an update that changes the API.
      w is for an update that doesn't change the API.

      This way they can distinguish between updates that are likely to break* extensions (Firefox 1.5.1) and those that theoretically should not (Firefox

      *By which I mean actually breaking functionality, requiring programming changes to the extension -- not just needing to bump the extension's compat
  • In other news... (Score:2, Informative)

    by Rytis ( 907427 )
    Firefox is reported to pass the ACID2 test [] as well. Though it's just a development branch and there's still a load of work to do, it's nice to see they are finally getting to the finish.
    • Odd, I thought we wouldn't see that until atleast Firefox 3. I hope they plan to do enough regressional testing, although (here it comes) Opera 9 will probably beat it to the punch having already passed the test in weekly builds for some time now.
  • This is the one that I was looking for (Yahoo! Mail Beta randomly crashes, causing the loss of whatever email is being written) 3 []

  • by Dhar ( 19056 ) on Friday April 14, 2006 @12:31PM (#15130204) Homepage
    ...if Firefox hadn't updated itself before I got to read the article.

  • I just wish that it had told me which extensions will no longer be working *before* it did the update. You have to install the update before it tells you. Some extensions can be updated. Some will be killed.

    I lost AniDisable and AutoForm. I'm going to miss AutoForm.

    Progress has a price.
  • It would be interesting to see how many times the automatic update is downloaded. At first glance it seems like that might be a good way to get some sort of idea as to how many people really are using Firefox.

It's fabulous! We haven't seen anything like it in the last half an hour! -- Macy's