The Mozilla Corporation today issued small updates for its popular Firefox Web browser and Thunderbird e-mail applications, primarily targeting security problems. The updates take both products to version 1.5.0.7, and were issued via the vendor’s automatic update system this morning, Australia-time. The less popular SeaMonkey mail and browsing suite was also updated to version 1.0.5. Update: DesktopLinux has a detailed explanation on the changelog. Also, Camino 1.0.3 of OSX was released.
Welcome update for Firefox…
If IE had this type of update then reaction would have been… [ Another update for IE!!!!]
I’ve never had to reboot my computer for an Firefox update…
Neither with Opera. No need to update, it’s bug-free, not like Firefox or IE.
ouch!!! Joe User plays Joe Troll it seems!
Eh eh! Actually what I said is true, Opera is the most bug-free browser you can find. Being closed-source increases to its security too. Maybe there are a few bugs but they remain unknown, hence more security.
Being closed source does not make it more secure. That’s a blatent troll.
I’ve submitted a bug report to Opera related to their JavaScript and DOM implementations back for the version 8.52
When version 9 came out and the bug was still not fixed I re-submitted it. After that 9.01 came out. Care to take a guess if the bug is still there?
By contrast, I submitted a bug report for the wmlbrowser extension for Firefox. In the same day I was contacted by the developer asking for help in reproducing it, and two days later a new version of wmlbrowser with the bug fixed came out.
Edited 2006-09-15 16:42
So? There are bugs for Firefox that have gone unfixed.
You give one example, what is the point of it? It gives the vibe that Mozilla response and Opera does not. That’s stupid.
it’s bug-free
Not even Opera developers would say that.
Back on topic, 3 memory leaks were fixed in this release.
Another 7 security holes. 4 critical with capabilities for arbitrary code execution.
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Another 7 security fixes.
Please don’t take the following *too* seriously. It started out as a sort of defense of FF. But as I wrote and rewrote, it changed. You’ll find little in the way of FF defense in it. I almost deleted it. But decided to post anyway and see what people thought.
===========
I’m am FF fan, but I have to admit you have a point.
There is indeed a never-ending flow of patches out of mozilla.org.
The standard mantra is that “all software has bugs” and that what is really important is how fast patches come out once the security vulnerability goes public.
But any reasonable person who actually thinks about the issue will see what a brain-dead cop-out that really is.
First of all, it’s dishonest to call a security vulnerability a “bug”. OK. Maybe it *is* a bug. But it’s a special kind of bug that has ramifications that go beyond a run of the mill “bug”.
These problems should not have been there in the first place.
I’ll agree that it is impossible to eradicate all security vulnerabilities. But the “all software has bugs” rationale has simply validated that idea of releasing swiss cheese software, and then raking in the kudos by issuing patches for the problems, which should never have been there in the first place, quickly.
I think I sense a tide of people out there who are about to tell me that I’ve no right to complain because I got the software “for free”. I sense that someone might want to tell me that if I care so much, I should be contributing to the project.
But the fact of the matter is that I *do* pay for it. Every day. With every search.
Mozilla.com (Note that it is not .org anymore) makes *millions* off of us, the users. Every time we search, more money goes into the mozilla.com coffers.
They are now a for profit, as opposed to a non-profit entity.
But they are not publically traded, so they don’t have to disclose anything.
But I’m vering a bit off topic, aren’t I? Sorry.
I was talking about security.
I’m not an expert. I don’t claim to be. But when I saw Michael Zalewski throw random content at FF and crash it in seconds, as opposed to IE which lasted hours with the same random content, it was one of those things that made me go “hmmm…”
Keep in mind that every one of those crashes was potentially exploitable. And no one, before, had ever bothered to check whether FF did basic input validation.
One of the major anoyances in FF, for me at least, is the way it silently renames downloaded files, without asking the user, if it sees another file with the same name.
This is particularly annoying because it can actually change the apparent version of a piece of software you have downloaded. It adds a numeral to the name. Not to the end, no. But somewhere in the *middle* of the name.
Now, It seems to me that naming files in a way that the user does not expect is not only bad UI policy. It also has security repercussions.
I said so on bugzilla.
The response:
“Show us a specific vulnerability.”
This, I believe speaks volumes about the way the FF devs vew security. There is nothing proactive about it. It is all reactive.
And we keep reinforcing that by patting them on the back and saying “attaboy!” every time they quickly release patches to correct their “freakups”.
This really has turned into a rant. When I started typing, I truly did not intend for it to. But reading back over it, I really don’t see anything that I could ethically take out.
Let’s see. What could I do to hurt my reputation further on this site? Well, I could bring up the name of D.J. Berstein. I hate the guy’s attitude, and his arrogance. I think he’s a turd.
But the more of this “all software has bugs” attitude I see, the more I am forced to wonder if he doesn’t have a valid point.
Perhaps FF would benefit from a major zero day exploit that left the devs in a state of absolute humiliation.
It would set back FF adoption. But I wonder if we would not come out ahead in the long run?
I dunno. Gotta think about that one some more.
Take care all,
Steve
Edited 2006-09-16 15:36
This, I believe speaks volumes about the way the FF devs vew security. There is nothing proactive about it. It is all reactive.
I think you have a point there. I don’t think Mozilla ever really expected the massive quick growth that Firefox received, and they have been focusing most of their attention the past few years on the UI and getting pages to display correctly. Perhaps this will start to change, though. Didn’t they just hire some security chief or something from the MS IE team?
That said, in my mind the most important factor with security is turnaround time, and they have been doing a fairly good job at that.
Edited 2006-09-16 19:53
I know many Mozilla developpers, they are all obsessed about security, I have also met lots of people working in really secure environment (army, defense, space R&D, biochemistry research…) they all evaluated and use Firefox for their work environment.
Anyway, whatever mozilla does about security, they will be criticized. When they didn’t have an auto update system they were criticized for not having an easy way to provide security patches like windows update for IE, now that they have one, they are criticized for using it. When they delay releases for security reasons, they are criticized for not respecting planned release dates, they don’t support risky things like activeX or links to file:// resources and get criticized for not following the IE de facto “standards”, when they didn’t have an antiphishing filter while Microsoft announced it planned to add one in IE7 they were criticized, now that there is one in beta state they got criticize because it is not good enough (it’s bloody beta software, the phishing sites database webservice isn’t even finished!!)…
Criticizing mozilla software has become the latest hip thing, it sells paper and adspace on the web. When IE7 is released and they do a first security patch to it, they will probably receive the same unjustified critics because it will sell more adspace.
camino is up to 1.0.3 which includes the above fixes, as per the release notes
http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
Hooray!
… every time I install an update, it breaks my desktop icons and start menu links for Opera, Coffee Cup (my preferred HTML text editor) and DreamWeaver.
Yet, it leaves the links for IE, Firefox and Lotus Notes unscathed.
Go figure.
—
And yet, I like SeaMonkey enough that it’s my other browser on WXP.
It is my favorite one.
my did not auto update, I had to update manually. I like it when sites like this reports about software updates.
Auto updates are staggered out over several days in order to keep the servers from being overloaded. It would have been your turn eventually.
Hmmm, this is strange. The 1.5.0.x updates have normally been around 600kb. However this most recent update is 6.1MB. Anyone know why? Thanks!
This happens when there is a problem delivering a patch to your specific version, it can be because your Firefox looks weird to the upgrading system or because the patch for your language isn’t available on the mirror you are directed to.
If the upgrading system thinks there is a risk of an upgrading patch that would screw your binary, it sends you a full binary instead of a patch.
Well explained, thanks!
“””Anyway, whatever mozilla does about security, they will be criticized.”””
Unlike IE which can do no wrong.
What goes around comes around, I guess.
Edited 2006-09-17 03:38
Am I the only one that has the problem of firefox.exe ‘locking’. I can’t delete it and obviously the updater can’t overwrite it so I can’t update. I have to use barbarian tacticts to delete firefox.exe and update my firefox…
got root?
I am a Seamonkey fan since I like to keep Mail and Seamonkey running and it uses less memory than running Firefox with Thunderbird. I disliked the way the user interface has been left to rot in the Mozilla Suite. I wanted to update the look of Seamonkey and introduce a different way to use the browser instead of the complex menus and options in Seamonkey. So I wrote this extension called Monkeymenu that should give Seamonkey a much needed lift. The user can popup the menu anywhere and have access to the most common features and some new features I added to make browsing more useful. Check out the UI design and working prototype here: http://markbokil.org/index.php?section=tech&content=c_linuxmonkeyme…
Update: I just added a developer’s preview of the Seamonkey add-on ‘MonkeyMenu’ to my site:
http://markbokil.org/index.php?section=tech&content=c_linuxmonkeyme…
If you are a Seamonkey fan please give it a whirl and send me some feedback/comments to make it better. Thanks, Mark.
And here’s a nice theme for Seamonkey that makes it look and feel much more modern.
http://markbokil.org/index.php?section=tech&content=c_linuxseamonke…
Bugs, updating and patches are an expected reality of modern programming. If you have ever done any programming for a commercial application you would find that applications are released all the time with bugs. It is virtually impossible to predict all security holes due to the complexity of applications, code libraries, and the OS spaghetti communication present. Most companies release programs with an ‘expected’ or ‘acceptable’ amount of bugs since some bugs are trivial and others are unknown. Good security testing of your application plus all the libraries it relies on helps a lot but the complexity of debugging a large application does not make this an easy task.
I have diss’d Firefox users many times on this board because of the way they crash every Opera thread, but the worm has turned. I write and sell software for a very small niche market, and I deliberately use a minimum spec pc on a dial-up so that I know what a buyer’s experience will be – I will NEVER tell a buyer they must upgrade to use the software they buy from me. So I get a much truer picture of how browsers perform on a first generation pentium dialup than you guys on cable modems with Pentium googleplex quadruple core pcs. And I can tell you this – something has suddenly changed – Firefox is no longer slower than Opera, and it is no longer a memory pig while Opera 9.x has LOST IT’S WAY and eats ram like crazy. I know this because this crap pc won’t recognize more than 40 megs of ram. Opera used to be the browser that would let you surf with ease on a 233mhz because the 56k modem was the limiting factor not the ram or cpu speed. But now opera will kill all your time making hot monkey love to your harddrive for an hour if you open more than two windows at ebay on a pc like this. Firefox is subject to the limitations of this very early pentium and the dialup connection, but does not CAUSE those limitations. This is a critical distinction. I’m here on Firefox right now, something I NEVER resorted to. It takes a few hours to get used to Firefox after being a faithful Opera user since version 3.62, but get used to it I did, I miss nothing but the recycle bin to open windows you closed in haste, and since Opera more or less swiped that from NetCaptor, I don’t see why Firefox can’t do it too. Or maybe they have, I haven’t looked it over that close yet. All I know is my harddrive isn’t ratcheting constantly like it does with Opera. This is completely the reverse of last year, so Opera better get it together fast. As for “no bugs”, Opera does NOT work right for online shopping carts – if it works at all it craps out before you’re done. I’ve learned to revert to Opera 8.x for paying bills and placing orders, but take a big guess what browser I try next time. Ditto with webmail like lycos, half the time the ‘send’ button simply will not click. I still say Opera is being taken down from within it’s own ranks since version 7.x, otherwise why won’t it work on sites that still work with not just Firefox but even 8 year old Netscape 4.72 ???
“””I write and sell software for a very small niche market, and I deliberately use a minimum spec pc on a dial-up so that I know what a buyer’s experience will be – I will NEVER tell a buyer they must upgrade to use the software they buy from me.”””
+1 for eating your own dogfood! I admire that.
otherwise why won’t it work on sites that still work with not just Firefox but even 8 year old Netscape 4.72 ???
Firefox is Netscape and thus supports all kinds of Netscape “features” (i.e., bugs).
“otherwise why won’t it work on sites that still work with not just Firefox but even 8 year old Netscape 4.72 ???
Firefox is Netscape and thus supports all kinds of Netscape “features” (i.e., bugs).”
————————————–
WHERE DID I SAY NETSCAPE HAD BUGS???
DID I SAY FIREFOX HAD BUGS???
MY POST SPECIFICALLY DELINEATED THE MANY ***BUGS*** IN THE 9.X SERIES OF OPERA AND HOW IT ***FAILS*** ON WEBSITES THAT WORK NOT ONLY ON FIREFOX BUT ALSO ON 8 YEAR OLD NETSCAPE AS WELL.
WASH THE WAX OUT OF YOUR EARS, TROLL.
YOU’RE NOT CONVERTING MY PRO FIREFOX POST INTO AN ANTI-FIREFOX POST.
AND I SAY THIS AS A ONCE *REGISTERED* USER OF OPERA SINCE 1998. IF YOU SPENT AS MUCH TIME MAKING OPERA WORK AS YOU DO PUFFING IT UP WITH FLUFF THEN FIREFOX WOULDN’T BE KICKING YOUR *SS OFF THE WEB LIKE IT IS.
“widgets” lol.
Thanks for playing, we have some lovely consolation prizes for you.