Mozilla released a security fixed version of Firefox, 1.0.4.
Firefox v1.0.4 available
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Mozilla released a security fixed version of Firefox, 1.0.4.
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
I browse with Firefox using the following settings:
I disable software installation.
I use the Tabbrowser Extensions. This allows me to turn off Javascript, except for a few select sites. I also use it to block the use of plug-ins, unless they are needed.
I suspect there will always be Javascript flaws in every browser, hence it’s a good idea to shut the stuff down.
I also tend to let sites know that I do not visit if their use of Javascript prevents me from using the site.
Prepare for 1.0.5 in a couple weeks. Reinstall and reinstall.
I’d prefer installing patches than the whole thing again and again. Oh well, I’ll still be using this beaut.
Personally i don’t give a damn if i have to update a lot.Better to update on time than a hd format.Keep up the good work guys!
yea patches are also cheaper for bandwidth
What kind of router do you use that works on Layer 7, which most of the flaws found in browser lies in?
A router wouldn’t protect against browser flaws, but just open ports a’la windows network.
for me, IE is better as long as I am behind a
firewalled home router
There is a problem in the above statement, and in the subject line.
Spyware vulnerability is not really affected by being behind a router. A software firewall that monitors outbound traffic would help more, but only after the fact.
Second, what constitutes “secure?” Mozilla found out about the flaw last Friday. They had an updated version in the “aviary” by Friday night. Microsoft has presented us with a single patch this month for a problem reported in January of this year. That’s almost five months. Oh well, that’s fast for Microsoft, but it’s not secure.
As for the other comments, let me add my voice for Mozilla to release patches in addition to the full package. Still, I get my updates from Debian, so I might not benefit.
Quick react. I like ff for that.
I use firefox, it’s good.
But….
the UI is a bit slow and buggy (anyone know how to compile for qt?)
you have to download new versions all the time
it takes over 10 seconds to start (on my 550 MHz 128 mb ram pc using linux)
It crashed on me once or twice
sometimes the top 2 pixels get chopped of a line of text (especially with smaller fonts) – this is probably a gecko problem
I hope this is constructive criticism, I don’t mean for it to be the other type of criticism.
From
Forrest
I use a normal user account instead of an account with Administrator rights, so the system registry is read only and Windows directory is read only.
It is not 100% safe, but a lot better than the default
Can’t wait until v1.1 comes out June/July. Auto update by patches, a fix could be distributed to *everybody* automatically, within a day. That is going to quash pretty much every argument any troll has got.
the UI is a bit slow and buggy (anyone know how to compile for qt?)
Just out of curiosity, what kind of computer do you have? I have a Pentium III 450 (5-year-old) with 360 megs of ram and Firefox is lightning fast.
I also have an 486 SX25 subnotebook that Firefox is rather slow on (to put it mildly); then again, X itself is slow and bloated on this antique.
There isn’t a QT version of Firefox. There is, however, Konqueror Embedded which runs nicely on QT embedded. http://www.konqueror.org/embedded/
There is also Dillo, which will basically run on anything that can run X on Linux. http://www.dillo.org/
– Sam
I use Firefox everyday (esp for the extentions), but I’ve had a problem with FF loading pictures from a site incorrectly. In other words, the pictures are not where they are supposed to be. Has anyone else had this problem because its very annoying. BTW, for IE users I would suggest using AvantBrowser. It adds Firefox qualities to IE. http://www.avantbrowser.com/
or use opera or galleon;same as firefox but doesn’t use xul interface ,so needs less mem.
or use opera or galleon;same as firefox but doesn’t use xul interface ,so needs less mem.
Needs less ram, yes. But it’s the xul interface that allows for extension development. And extensions are really the must have meta-feature of Firefox. Take http://platypus.mozdev.org/ for example.
No. Dont use any IE skins. it doesnt cover up the fundamental issues of IE non standards, activeX and so on
That FireFox made Cars as well as web browsers. Just think, your ligher stops working, Firefox gives you a new car, they find out that the left turn signal sticks, they give you a new car, etc. etc.
Reinstall instead of patching was acceptable in the pre 1.0 releases, but now it’s just plan sucks. It’s one of the major stopping points for getting Firefox in the Enterprise.
I like FF, I use FF, but I won’t/can’t deploy it corp-wide until they update via patch instead of reinstall.
Lol at </i?> above. The ambiguous format tag
Don’t feed those ill informed, half-assed trolls.
Don’t feed those ill informed, half-assed trolls.
Well, if you don’t reply, people could think: “Wow, this guy has some very good arguments, no one dares to comment on those, therefore it must be true!”
I know, most of the readers here won’t think like that, but the ignorant ones that don’t know, but and want to know, might…
for me, IE is better as long as I am behind a
firewalled home router
There is no such thing as secure software. To get better security you can’t rely on one program being more secure than the other.
So as long as you turn off the http protocol in your router, you are right. The router+IE solution of your is more secure than running only Firefox or only IE. This can be a good solution in companies where you need to use IE on the intranet to view non standard compliant pages but don’t need internet access.
However most people that use a web browser do so because they want to access pages outside their local network. In that case a router will be of little use as the router cant see any difference on good or bad stuff.
A better solution would be to switch to Linux and turn off the ability for the browser to run files it downloads and prevent it from seeing sensitive information. This can be done by running the browser in a security domain of its own and not allow transitions that would allow such things. If you are really paranoid combine this with chrooting, and standard Unix permissions and ACLs.
Now that you have many independent systems to provide security it doesn’t matter so much what browser you use. Of course, the more secure the better. All of the above doesn’t prevent some javascript related problems. I.e. problems like bugs that might reveal what sites you have visited previously as this is a bug that only involves the browser itself it can’t be prevented by SELinux, chrooting, Linux permissions. So this is where browser security becomes important. A good browser should be able to turn off javascript on all sites exept a few trusted ones where you really need it to get the work done. This is possible in Firefox.
If you run windows, you could probably use TCPA to get an extra layer of security on top of whatever browser you prefer. Personally I would use Firefox, not because it is more secure but because it is a better browser, more standards compliant, e.g. better CSS support, than IE. It also have a lot of useful feeturs that IE lacks, e.g. tabbed browsing.
>But it is still going to be slow and memory hungry than IE
Firefox has never been slow, and is not that emory hungry. IE is by far slower. Besides, who cares about memory… Windows eats up lots already, and to already need a shitload to work fuently with any application anyway. For the linux guys: never had any memory problem.
Whats slow and memory hungry depends on your hardwareconfiguration. E.g. if you have extreemely little memory your system will start swapping. If you have very much memory you could use it to create in memory caches to improve speed. In firefox such behavior can be trimmed to give maximum performance on your system e.g. look at
about:config:
browser.cache.memory.capacity = integer in KB
browser.cache.check_doc_frequency = 0|1|2|3
0: one check per url/session,
1: always use cache,
2: never use cache,
3: use rules
but I won’t/can’t deploy it corp-wide until they update via patch instead of reinstall.
As mentioned earlier, the devs are trying to get binary patching in for FF 1.1. However, I’m kind of surprised. I thought there were more requirements for corp deployment, such as msi installs and settings lock-down.
You also forget that IE hides quite a lot of it’s memory requirements by calling it “Windows”. IIRC the ram requirements of windows with IE stripped out is quite different from one with it intact.
Anyhow, please don’t feed the trolls. This place has really taken a turn for the worse lately.
As mentioned earlier, the devs are trying to get binary patching in for FF 1.1. However, I’m kind of surprised. I thought there were more requirements for corp deployment, such as msi installs and settings lock-down.
This is true. Binary patching will be in 1.1 scheduled for release in the next month or two, with earlier developer previews and release candidates. It would have been nice to have for these security updates, but oh well, it’s fixed.
MSI deployment packages are available if you just take the time to google them. It’s really not hard to deploy expanded zips though, IMO.
Firefox is excellent. Ive had no crashes in the 6 months ive been using it. I feel much safer with it than IE. No ActiveX crap to destroy my system. Id much rather download a new Firefox version once in a while rather than the weekly security patches for IE.
Would also be nice if they released their minor/security releases as source code diffs (like Vim does). Using FreeBSD ports and pkgsrc, I have to download a (mostly identical) 31 MB .tar.bz every time again.
With (e.g.) Vim, I only have to download incremental patches for each minor release.
“for me, IE is better as long as I am behind a
firewalled home router”
HAHAHA that brings me back to the days where that was actually true…
First IE people come on here and start yellin booyakasha because there was a couple bugs found in Firefox, as if IE wasn’t riddled with bugs… And what? 48 hours later there’s an official update to correct the issue (although there were patches out before I even found out about the bugs, and it seemed to easilly be avoided without a patch) and now the tone turns to “Updates! Hah! We don’t need to stinking updates!”… As if infrequent updates w/ IE was a convenience rather than a security hazard…
Look, there are those who like IE, those who like Firefox, those who like Opera, etc, etc. Personal taste is not open to discussion.
I use Firefox. I enjoy it’s simple interface, and it’s only slow when loading. Don’t forget that most of the libraries for IE are already loaded as the Windows Explorer, so you can’t just compare!
I also have Opera, though I have used mainly Firefox. Opera has some features that I like a lot, though I only use them in some situations.
I don’t like to use IE. Microsoft likes to push it’s view of what the user needs, so I dislike lots of “features”. There’s one thing I *extremely* dislike: if you make a mistake typing a URL, start trying to load it, and you press Esc to stop, it reverts to the previous URL instead of just stopping and letting you correct it. You have to write all of it again.
You can have a more secure IE just by turning off ActiveX, and only turning it on when needed (online anti-virus scan, for example). Though I think doing this is a bit too dificult for the home user with little or no knowledge of computers.
As for the updating through reinstall, I agree it isn’t the most simple or elegant way of patching, but at least it works pretty well (at least in Windows and I haven’t had much problems in Linux). If they are going to fix it, I have no problem with it for the time being.
I think Firefox is coming along just fine. Glad I have an alternative to IE in Windows.
Because Ubuntu apparently don’t think putting the Firefox bug fixes into their repositories is a good idea.
I’m seriously considering going back to SuSE or Fedora. 🙁
Hell, I even got a free licence of Windows Server 2003 a few weeks ago, might put that on instead. 😉
Nobody can deny that they are fast with fixing bugs and that’s what it’s all about as complex software will always have bugs as anybody who has a clue about software developement will understand…
There was an update of firefox on Ubuntu just yesterday. The version number didn’t change, but the bug fixes were backported.
“Opera has some features that I like a lot, though I only use them in some situations. ”
Just out of curiosity, have you found Firefox extensions to match those features? It can be hard list to wade through.
“There was an update of firefox on Ubuntu just yesterday. The version number didn’t change, but the bug fixes were backported.”
Yes, I noticed the update and got it yesterday, but why baackport and not release the real deal? 😕
That’s just how Ubuntu works. After a realease only bugfixes and security updates will be applied, no new versions will be used, as they could potentially have unknown and unwanted side effects.
Ahh, I see.
Annoying I suppose, but understandable.
Thanks.
You could try the Ubuntu backports repository for newer versions of some programs if you don’t like waiting until the next release.
How goes the infamous ‘exteension breakage’ problem when installing 1.04? Anybody have issues with extensions breaking this time around?
Actually, browsing with FF is a fast, if not faster than IE… this is the load time we usually complain about, which must be due to the fact IE is tighly integrated in windows.
Now, I just tried FF 1.0.4 and… it loaded faster on this Linux box than 1.0.3. I mean, it appears to load faster, maybe it’s just me… and I don’t know if they did something else apart from security fixes. Anyways, it works well 🙂
“Now, I just tried FF 1.0.4 and… it loaded faster on this Linux box than 1.0.3. I mean, it appears to load faster, maybe it’s just me… and I don’t know if they did something else apart from security fixes. Anyways, it works well :-)”
This is exactly why some distributions do backports of fixes. Instead of introducing new features that could lead to more breakage, they only fix the current problem.
Anon said:
MSI deployment packages are available if you just take the time to google them. It’s really not hard to deploy expanded zips though, IMO.
Yeah, I was aware that the ability is “out there”, but I’m thinking that for some corps, their non-supported, non-official nature is a drawback.
Jacques Mony said:
and I don’t know if they did something else apart from security fixes.
1.0.4 feels snappier to me as well. And apparently they did fix a dhtml performance regression that popped up in 1.0.3.
change log:
http://www.mozilla.org/products/firefox/releases/1.0.4.html#new
Now, I just tried FF 1.0.4 and… it loaded faster on this Linux box than 1.0.3. I mean, it appears to load faster, maybe it’s just me… and I don’t know if they did something else apart from security fixes. Anyways, it works well 🙂
< trolling >
Maybe that’s because some of your extensions are now broken and don’t slow down your browser anymore. 🙂
< /trolling >
even if ff would have patches by 1.1 (this is a 1.0.x release) , i find it funny people complain about FF’s huge downloads, when IE patches are from 500k to 30MB … go figure.
even if ff would have patches by 1.1 (this is a 1.0.x release) , i find it funny people complain about FF’s huge downloads, when IE patches are from 500k to 30MB … go figure.
But IE patches only come a few times per year. 😉
Personally i think alot of people dont notice when IE get updated/patched as its done through Windows update, so its hidden among the many windows critical updates. these people think that its windows and dont realise there are alot of IE updates.
If MS released IE updates seperatly then they would appreciate how good FF is. When 1.1 comes out and people wont have to reinstall etc… then people will stop arguing about patching etc..
You haf to reeeespec Firefox.
Can’t wait for binary patching, I have Firebird 0.7, Firefox 0.8, Firefox 0.9, Firefox 0.9.1, Firefox 1.0, Firefox 1.0.1, Firefox 1.0.2, Firefox 1.0.3 currently installed under my Windows ADD/REMOVE Software list.
Same for Thunderbird.
Sunbird is the only that’s ok, because it doesn’t install the same way.
I don’t use extensions…
Windows can be made to not use a lot of ram. I installed xp on a system last night and disabled everything I usually did and tweaked the registery blahblah blah and it now uses up about 28mb of ram on a cold boot.
not bad at all me thinks ;P
(thats the entire OS memory usage on boot including explorer, the services still running and kernel)
care to give us those tips ?
There is also a mozilla suite 1.7.8 release fixing the same vulnerabilities. It is a bit early to stop mentioning such a wonderful piece of software, isn’t it?
Anyway. Firefox 1.0.4 is great. Looking forward to 1.1 :-).
“Typical OSS garbage.”
Delete your core utils then. And your windows network compatibility. And your SSH server/clients. Also make sure you delete that safari browser.
the UI is a bit slow and buggy (anyone know how to compile for qt?)
I don’t think that it can be compiled against QT.
you have to download new versions all the time
Well, this is a good and bad thing, since it means that bugs are fixed quickly. Is the way it is worse than the alternative?
it takes over 10 seconds to start (on my 550 MHz 128 mb ram pc using linux)
You need more RAM, probably. You’re not using GNOME or KDE on that machine, are you?
It crashed on me once or twice
I haven’t had it crash since an old version.
sometimes the top 2 pixels get chopped of a line of text (especially with smaller fonts) – this is probably a gecko problem
This happens whehn text doesn’t get redrawn completely. It’s a problem, but I just hit ctl+a to select all, then click to deselect. That fixes it. Sucks, though.
> > it takes over 10 seconds to start (on my 550 MHz 128 mb ram pc using linux)
>
> You need more RAM, probably. You’re not using GNOME or KDE on that machine, are you?
Why would anyone need >128Mb RAM just for web browsing?
I myself don’t use FF (Opera user)
but it is a good news that Mozilla guys published a fix quickly
good job guys keep it up.
Why would anyone need >128Mb RAM just for web browsing?
Because they are using Gnome/KDE with Firefox.
No, this is not a troll at all. Gnome/KDE with Firefox uses a lot of memory.
when I get home I’ll post what all I usually do.
“amazing how these idiots at mozilla.org published a firefox 1.0.4 for the Mac that doesn’t work: the file menu does not appear, the bookmarks are gone, and i can’t type on forms. >:(”
I downloaded it last night for my G-4 iBook. Works just fine.
did the download
updatd
and all works fine!
as then i can burn em on cd and store them for later use if i have to do a recovery and dont feel like going online and do it all again. hell i can do that with the security updates for most linux distros. mirror the ftp that store the latest packages, burn, and if you have to do a reinstall then add those burns to the package manager and do a update after the install.
i would love for windows to have this feature. i know i can download the patches to hd (by jumping thru some insane loops with windows updates) but i still have to manualy install them 1 by one. i cant just point windows to them and tell it to go update itself. the nearest one comes is doing a slipstream of the latest service pack but that allso require the user to understand how to make a new bootable cd…
Fast and furious.
Personaly i think that some IE fun boys, forget something, major updates of firefox, is made to WIndows OS …
Well i am with my OS’s and don’t have a too many problemas with firefox.
Personaly, Firefox rocks.
I give mor credit’s to those who show their work, ans show us their code then other’s that are only preachers, all “sundays”, they are sayng, our products is the best, Linux and Other’s OS are evil …
But let me see i am working fine in Linux, i don’t have 100000000 spyware and virus that Windows do. With linux i made my mail server, with clamd amavis, etc works fine, no to damm spam, blocks virus, just working cool. I didn’t spent many time with it, and even saved some good $$ for the company.
So why to move, to an OS that costs about 350€ without any suite ????????????
Just to have IE ??? and damm good activeX ???
Personally I use epiphany on my Ubuntu ibook. I have no need for firefox extensions and find the interface slow and it doesn’t fit well with the rest of the apps I use. As far as adblock, there are far better ways to clean ads out of your browsing experience than some hacked up mozilla extension.
Why would anyone need >128Mb RAM just for web browsing?
Well, Firefox does take up alot of resources. It would work fine with a minimalistic WM and 128 MEGs of RAM.
I was just asking if, in fact, he was using KDE/GNOME. If so, Firefox is the least of his memory worries.
it takes over 10 seconds to start (on my 550 MHz 128 mb ram pc using linux)
I have a slower machine with less RAM and Firefox loads in half of that time. Whats my trick? Simple, I use XFCE. You can’t blame Firefox for the slowness of Linux’s most modern desktop environments. I’ve never had KDE OR Gnome run well with less than 600mhz and at least 200mb of RAM. Meanwhile, me and XFCE burn through the net faster than Windows 2000 can.
Sure, you shouldn’t expect not need big specs to web browse or make office documents. You also shouldn’t expect modern Desktop Environments (made for faster computers) to run well on whats now called ancient hardware.
Great thing about Linux, is that there are options for high end and low end computers. Most of the time when people complain about speed, its because they want to pretend their 5 year old machine is still high end. Its not…..
firefox here uses 32MB or so of ram…
two critical security advisories announced…
may 7th
fix released…
may 11th
mozilla understands how it should be and proves it.
Yes, the random crashing is an annoying problem.
Hopefully, they’ll fix it by the time 1.1 rolls around, although I’m beginning to wonder given that it’s been around since at least 0.9.3
To the troll: How did OSS mess up Firefox? It’s more of a community than a software component.
Yes, I agree Firefox 1.0.3 crashes all over the place, it has went down hill since the Preview release.
I hope the sudden crashes will get ironed out, if not it is back to Windows XP Pro, at least the web-browser IE does not crash all the time.
I’d take 1:2^32 odds that your crashes are related to a plugin or some other problem. I think I can count the number of times I’ve had firefox crash on me since 1.0, and I use a few handy extensions.
When I say plugin, I mean extension; sorry they’re synonims to me…
Yes, but Mozilla knew about it BEFORE May 7th. It was “leaked” against their wishes on the 7th. Shame on them, security through obscurity is NOT security.
Oh, good point… It’s a pity, though, since I actually USE Greasemonkey and NukeAnything.