Mozilla has released a new version of the Firefox Web browser with what is described as ‘significant security and stability improvements’. Details on the security vulnerabilities being patched were not available April 13 when Firefox 1.5.0.2 was shipped as a high-priority update. However, a source told eWEEK that the most serious flaw could allow ‘remote code execution’ attacks. A Mozilla spokesperson said information on the security patches will be publicly released soon.
There’s also a new SeaMonkey version available, release notes here: http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.0.1/
Also, if you want to spice up seamonkey’s default theme I have a new version of the SeaFox theme ready which blends Seamonkey’s look nicely with GTK/Gnome.
http://markbokil.org/index.php?section=tech&content=c_linuxseamonke…
-Mark
Usually when I know a release is imminent I sit on the FTP site and reload every few hours until the source/binaries show up, then I post them.
Now, all you have to do is go to “About->Check for Updates”.
Voila, instant update. For those running linux with distribution provided binaries, wait for those updates as it’s designed for you system, you’ll likely get permission problems trying to update via the menu. This option may even disabled for your distro.
Thanks Mozilla, y’all rock.
Jesus. The update closed can of worm
If they disclosed details before the rolling the Foundation would be virtually done PR wise.
FF security image just collapsed in my eyes. It may be still good choice as it’s not worse than IE and the populatrity is still well ballanced: enough to catch web designers eyes but still sneaks out of malware developers radars.
Now I’m praying for it not to get too popular.
Well, some people just don’t get it. IE doesn’t show what was fixed and which security flaws it had. Remember a bug unknown is still a BUG, fixing a lot of BUGS is better than fixing none. So Firefox Security and confident has just got higher for me since they fixed a lot, now be afraid if they just release a patch that says, “This fixes a security vulnerabilty that could allow an attacker to compromise your system.” That line sounds familiar? And when that patch is available it was 2 years ago that the security issue was found.
It’s not only about the security team reactiveness (which is 1000x better than MS’ was for years despite noncopmarrable financial resources). I actually believed that mozilla internal architecture is inherently more secure. This buletin just proved me wrong (previous were milk and butter compared to this). Now take chance to imagine that one of those white hats was actually black (or somebody comes with a big paycheck to inspire such a change in the future).
Do you see the consequences?
I have a nice excercise to moz developers. Seed some intentional security errors in the code (those would be fixed before next point release) Than let’s see how many of them will be caught by researchers compared to new ones. The can be used to roughly estimate overall remaining error number.
Well, some people just don’t get it. IE doesn’t show what was fixed and which security flaws it had…
A short and sweet way to see this is to not get carried away with the hype when a security notice is released. I am sure there will be more security updates. You have to look at the overall benefit of the open source process versus the slew of vulnerabilities in IE that are not discussed or make it to the press. I prefer openness and well documented updates.
Why did it collapse? Give me a single program (that’s larger than 1 MB) and doesn’t contain *any* bug whatsoever.
Hint: it doesn’t exist.
If you’re looking for a browser with absolutely no bugs, then you should ask your god to create one for you. There are no browsers with no bugs. It’s not possible. The only thing that matters is whether browser A has less flaws than browser B. And Firefox has less flaws than IE.
Can you guarantee that?
I can guarantee you that there is no web browser in this world that has 100% support for HTML 4, XHTML, CSS 2.1, DOM level 1, 2, 3 and Javascript 1.5, while still having 0 bugs.
Sorry, I meant can you guarantee Firefox has less flaws.
Those numerous for a time period.
Either the researchers called for action in prev month or mozilla kept some old vunls in secret waiting for some JS engine overhaul or the engine should enjoy serious audit.
There are no updates on http://www.caminobrowser.org ……
I’m confused.
Where are the fanboys to denounce the work of the Mozilla Foundation because of this security vulnerability? They pop up in all the IE flaw stories …
One more good reason to switch to Opera, it’s free, it’s faster, it’s much more secure it uses a lot less space and RAM, and it has more features.
And you won’t have to waste your time with all those silly ajax sites
I’m not sure I follow.
e.g. you won’t have to bother with calendar.google.com.
I mean I really like Opera. Its just gecko based browsers grabbed all the attention and most sites that aren’t IE only, usually bother to support only this.
As CSS is relatively well followed rendering is OK but situation is worse with DHTML.
Until W3 employs strict compatibility testing alas sun with java, ajax will be hardly portable.
Opera has a native XMLHttpRequest, so that’s not the problem. It’s likely poor coding.
As far as google calender.. it’s not out yet, so why do you say it won’t work? I’m a bit lost.
Also, remember, Opera9 is coming out in a few months with more suppotr for stuff.
As far as google calender.. it’s not out yet, so why do you say it won’t work? I’m a bit lost.
It is out and I already have an account. On Slashdot they reported that it didn’t work with Opera. So when I saw your post, I tried it out on Opera 8.52 on Linux and it would not load my calendar page after login. Opera wanted to download an upgrade to 8.54 so maybe that includes a fix for it.
Ok, yeah, I found it now. Some reason calender.google.com typed in my browser didnt load at all, server error, when I tried it orignally.
I tried it now and it works on Opera9 just fine.
I’m surely going to put it to test!
“One more good reason to switch to Opera, it’s free, it’s faster, it’s much more secure it uses a lot less space and RAM, and it has more features.”
Links to this please?
Links to this please?
Try http://www.opera.com/download/
Run it for yourself and see. You may be surprised.
I’ve used Moz since the M17 days. Switched to Opera right before they removed the ads (at the time there was a special promotion where they were giving away activation codes). Haven’t looked back. But that’s my experience.
Try it for yourself and see.
Actually I was referring to the links that prove it is faster and more secure. Last I tried Opera I found it limiting in the websites I could view in thier full splendor so to speak. As well I found it is no faster nor slower then Firefox. I guess I was looking for where the studies were done, and not just someone’s opinion on it.
Here it is, comprehensive browser review for all platforms.
http://www.howtocreate.co.uk/browserSpeed.html
as for security, just check secunia.com for info.
Opera is by far the most secure browser for windows on the market.
Links to this please?
No need. Just test it and see for yourself.Open your terminal and see how much RAM both applications use.
Until Opera adds a rich text editing component, that will work with sites such as Blogger, Gmail and Zohowriter, it is a no-go for me.
9 is adding rich text editing amongst other things.
Opera is a toy browser. Safari FTW!!
Opera is a top quality toy and Safari is the cheap wannabe toy
Yes you are Right.. 5 tabs of the same website..
FireFox = 100mb
Opera = 45mb
And now i use IE7 for normal stuff, and Opera for porn(to delete the evidence)… O_o
That is a bit vague without specifying the system. In my case with this system running Fedora Core 5:
Ahtlon64 3200+ Venice
Gigabyte K8NSC-939 Nforce 3
1GB DDR-RAM
Nvidia Geforce FX5600XT
Ram usage with 6 different tabs on these following browsers:
– Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.1) Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text – 49.4 MB
– Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686; en) Opera 8.54 – 26.9 MB
Comment: the margin of ram consumption between the two browsers is only about 23MB.
Lesson: better provide a very good information about the system. Although Opera uses less ram than Firefox, its interface is less intuitive such as confusing shortcuts and odd places for search engine. IMHO, Opera developers should rework on interfaces.I use Opera for web development.
The thing is that Firefox use more memory thats all.
The thing is that Firefox use more memory thats all.
but no as dramatic that your previous post seems to imply which is why I intentionally gave a detailed information about memory usage including the system used for the test.
The search bar is in the same place in Opera as in Firefox and Safari. (I always disable it, though, using the address-bar based searching instead.) The Firefox team has already stated that they’re hoping to copy Opera’s shortcuts for Fx 2.0. Will they be as “confusing” when they’re in Fx?
“uses a lot less space and RAM”
Last time I tried Opera 8.5 on linux ( RHEL 4.3AS ) it consumed more RM (Resident Memory) than firefox 1.5.0.1. My test included 10 tabs with web sites heavily rendered by flash animation and shockwave; and it consumed 190 MB, firefox consumed 160 MB.
Now, try adding extensions just to be able to do all the same things you can in Opera. That will change, fast.
!!!
“I’m confused.
Where are the fanboys to denounce the work of the Mozilla Foundation because of this security vulnerability? They pop up in all the IE flaw stories …”
—-
Well, as you said they are just popping up now in all the IE flaw stories…
They’ll come in a couple of minutes to make you happy!!
So, I guess that, now that you have patched your IE with the 10 new updates, you will be able to read their posts, without IE without crashing it, getting malware, or being hacked every 10 minutes…
But unfortunately it won’t las more than 10 days, and you will need to patch it again 10 times…
!!!
Firefox is a good browser. And it is faster and more secure than IE. And it is my default browser of choice. But honestly I don’t know how it got to be the big name it is.
If you read about how the backend compares to KHTML for example, its not as crisp and clean and secure as most people seem to think.
Also, the fact that when Firefox (and Mozilla) came out Opera was still putting gigantic adds in their browser certainly explains why Opera isn’t as well known. But can all the Opera champs out there explain why most people (me included) have no interest in trying Opera?
In the end I have two points. Firefox is nice, and everytime they release a security fix I become more confident in it. Anyone who knows software knows bugs and security problems are inevitable. Seeing a foundation aggressively fixing bugs is encouraging, not discouraging. Also, I wonder how well Firefox will stack up after IE7 comes out. The rumor mill would have us believe its very secure, and much slicker interface-wise than IE6 was.
The future for Firefox will be very interesting to see. After all, in the end, you don’t really need much from your web browser.
!!!
I love both, Firefox and Opera… And I used them alternatively for differnet sites. If I have many Web Sites open I use Mozilla-Seamonkey, cause is more solid and stable. With 20 or 30 sites open Opera tends to crash, while Mozilla-Seamonkey hold on the pressure… Sometimes I use Epiphany and Konkeror, pretty solid and quick too.
I think Opera is slightly quicker and more complete, but depending on the PC and OS I use crashes a lot sometimes… (it crash much less to me since I have installed the last beta resealse). Opera’s source code is closed. I would like to see it open one day…
Anyway, Firefox with some plug-ins and some settings done is a terribly good Navigator…
“The future for Firefox will be very interesting to see. After all, in the end, you don’t really need much from your web browser.”
—
I agree with most of what you say in your post, but not with this sentence.
You can need plenty from your browser, and you will need each time more from it…
Thats is why so many new habilities are created for the browsers, ans why so many plug-ins are added too…
Browsers in the future will be able to handle many more aplications and tasks even, than they handle now (Wordprocessing-Office-PDF, multimedia video-Film-TV-Music, more complex navigation utilities, Agenda etc.)
And fortunatelly navigators like firefox are in the right way to achieve this (also Seamonkey and Opera and others)
.
So many people think as long as they use firefox [on windows], they’ll never get malware. These advisories prove its only a matter of time.
I know people still using 1.0.x because 1.5 gives them too many problems. Is it their fault if they get infected with something because they aren’t patched? Well, yeah. But if 1.0.x works a lot nicer for them than 1.5, what do you expect them to do?
This just goes to show you that Mozilla doesn’t do anything special in the development process when it comes to security. The thing that keeps them apart from Microsoft is how quickly they get patches out (though there are many reasons for that, some of them out of Microsoft’s control). People need to stop wrapping themselves in a false sense of security with Firefox. You’re safe now, but in time, it will be targetted more. Will it reach the same levels as IE? I highly doubt it. They have the luxury of learning from IE’s mistakes.
For now IE is much more fertile ground for malwarers. Even more that raw market share would indicate as FF tends to be used more by computer literate people or those who have somebody of this kind around.
If you can install FF, you probably have antispyware installed and know something about security.
Yes, you’re right. Which is why it’s not a problem, yet.
I run Firefox, Opera, and Konqueror on Linux. All three are wonderful. That said, I don’t really trust them. Opera and Konqueror may have remarkable security records compared to Firefox, but I suspect that’s because people haven’t been looking hard enough.
As for Internet Explorer, I don’t trust it either. Partly it’s the OS integration, the ActiveX, the BHOs, but mostly it’s Microsoft. Microsoft doesn’t patch in a timely fashion unless the PR is killing them. That’s no way to handle security. I use Firefox, Opera, and Konqueror, because the patches will come in a timely manner.
A couple of words about trust: When I say I don’t trust any browser, I mostly mean I don’t trust their Javascript implementations. I tend to browse with Javascript shut off. Opera is good, because hitting F12 lets me turn it on when needed. Konqueror lets me enable certain web sites, but ban the rest.
Firefox has the Noscript extension. Not only can I selectively enable certain Web sites, I can enable certain servers within the Web site. For example, Osnews offers Javascript from both its servers and Falkag. Noscript lets me allow Osnews while still banning Falkag.
I have a couple of other security measures up my sleeve: I regularly update my “hosts” file from http://mvps.org/winhelp2002/hosts.txt. I run Adblock with the FiltersetG filters (along with lots of my own) on Firefox. Konqueror can also use the filters directly. Opera can use them with a bit of massaging if you incorporate them in filter.ini.
I also use the Privoxy filtering proxy on all three browsers. Before that I used Proxomitron (yes, even on Linux).