“Firefox 1.5.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version.” Improvements to product stability were made, several security fixes were added, as well as changes for the Frisian locale (fy-NL). Buter, brea, en griene tsiis; wa’t dat net sizze kin, is gjin oprjochte Fries. No, I’m not either.
On my previous job, the only guy got hit by a spyware used FireFox and the rest of the group used IE.
You don’t have to reinstall to apply FF patches.
It is about the same – you need to download the whole thing, right ?
No, it downloads the updated parts, installs it and you’re updated. Only one browser restart is required.
It is about the same – you need to download the whole thing, right ?
The patch that Firefox downloaded for itself was around 560 KB. The full download of Firefox is 4.9 MB. So no, not really “about the same” at all.
The update was available sometime last night around 5pm EST.
Firefox downloads a binary delta file and applies it similar to the way windows update does. This makes it more convenient to upgrade firefox and a smaller download.
Fryslan boppe!
Fryslan boppe!
Huh, wasn’t it “Grunn boppe, Frieslan noar de knoppe?”
.
does it have something against this:
http://www.heise-security.co.uk/news/76019
does it have something against this:
Actually, there’s a better tool equipped to handle that … it’s called common sense.
Actually, there’s a better tool equipped to handle that … it’s called common sense.
And when you see this “common sense” in action, do post and let us know.
—-
And, durn you, Thom, I’m now trooping through Wikipedia learning all about polders, the Isselmeer, and the St. Lucia flood.
If “common sense” is a reasonable defense for browsers, then Internet Explorer should be just fine for everyone.
If “common sense” is a reasonable defense for browsers, then Internet Explorer should be just fine for everyone.
Experience tells us otherwise. Of course, almost all of the holes that allowed someone to install spyware without user interaction have been plugged by now.
If “common sense” is a reasonable defense for browsers, then Internet Explorer should be just fine for everyone.
Not necessarily. There’s a difference between installing random plugins you get via email and visiting a website and having your entire machine infected without you having to do anything.
…I can get Opera which is 10x more powerful and lighter, for free ?
I tell you what. I’ll answer your question the next time an article about a new version of Opera gets posted.
a) because it’s not really 10X more powerful
b) doesn’t have lots of neat extensions
c) costs the same as Firefox
d) has a QT gui which some, like me, just don’t like
Because Opera does not have the massive amount of extensions that Firefox has, and I’ll be damned before losing all my cool toys.
Anyone else notice the new icon (titlebar / window list)? Or is that just mine + some random extension?
12 Security patches a month is a little much.
And why all the secrecy? Even last month’s patches are secret in bugzilla.
Sure, some of them took 5 or 6 months to fix, but still!
Edited 2006-07-27 20:48
I dont understand. Are you complaining that they issued 12 security patches? Shouldnt you be happy about that? I know I am when Microsoft releases a bunch of patches to fix holes in XP. Just gives me a bit more confidence in the OS! I know all software is buggy and XP probably is the most buggy software known to man when it comes to security but I welcome to the fixes at least.
Well, its a rare month that XP itself has more than a couple of patches. Its now 2 months in a row that Firefox has 12. And thats just a browser.
Even IE6 wasn’t that buggy.
Even IE6 wasn’t that buggy.
Oh, how quickly we forget.
Microsoft often bundles numerous fixes in a single patch, like Firefox did now. Firefox hasn’t had 12 patches in 2 months. We are only on 1.5.0.5, and Firefox 1.5 was released more than 2 months ago. Can I have some of what you are smoking?
Well, its a rare month that XP itself has more than a couple of patches.
Errr… Firefox 1.5.0.5 is a SINGLE patch, not a dozen of patches. It fixes 12 security problems. Usually security patches fix multiple problems instead of just a single problem.
Would you rather them not patch the vulnerabilities? I would be more concerned if they weren’t patching personally.
Since 1.5, Firefox had a very annoying bug for yahoo mail users from many places (Europeans who use ISO-8859-1, but probably others too). Every special character (non English) got corrupted when trying to reply to an email or when attaching a file.
At last this has been fixed in this version and MANY users who had to give up Firefox for this reason can start using it again
https://bugzilla.mozilla.org/show_bug.cgi?id=315381
I run two versions of Firefox, one for Linux, and one for Windows (using Wine). Updates work just fine under Wine, because all of Firefox runs under my home directory and all files have permissions associated with my user name. Here, I click on Help, and then on “Check for updates.”
With Linux, you have a couple of options: You can wait for an update to hit the repositories of your Linux distribution (anywhere from a week to a month, and it will most likely be a download of the complete program). You can also grab a copy from mozilla.com.
With the update from the Linux distribution, the Firefox executables cannot be modified by the user. One typically installs the version from Mozzila off of the /opt, or /usr/local directories. These, likewise, cannot be modified by the user. Hence, checking for updates doesn’t work; indeed, the option is grayed out.
What I don’t know is whether a properly set up Windows XP Pro, or Windows 2000 would also block a Firefox update by a normal user. They should block it, or the whole notion of user permissions becomes pretty meaningless.
Edited 2006-07-27 22:32
In fact, you can update Firefox in Linux the same way as in Windows without having to wait for your distro to upgrade it and having to download the whole version. It is just a problem of permissions.
At least with some distros it works:
http://www.vectorlinux.com/forum1/index.php?topic=10754.0
On XP, I just wait until a release is available, then run Firefox once as an Administrator user, so I can get the update. It’s not really a permissions ‘problem’; it’s quite right that not every user should be able to modify executables, especially something like a browser with all the exploit-potential that would bring.
Not that I’ve tried it, but if you install the Mozilla.org Linux release into a non-user-writeable dir, I imagine you can run Firefox as root and get the update that way. Just do ‘kdesu firefox’ for KDE or ‘gnomesu firefox’ (I think) for Gnome.
Personally I’m on Gentoo so my FF updates are NEVER quick
I don’t understand why you complain.
I do not complain when patches come out, no matter its Windows, Linux, Firefox or IE.
As long as unknown vulnerabilities become known and fixed BEFORE they go wild, it is a Good Thing(TM).
It means the developers are working, and they are faster than other crackers out there, and they keep their users safe.
And for the trojan extension, would those people try to understand the nature of infection first, before complaining Fx as not secure? It actually takes advantage of OTHER (e.g. IE) vulnerabilities to infect your Fx. Theoretically these kind of infection can infect ANYTHING you can access. Fx is just a victim of such consequence.
Also please take a look at the following URL, and check out what Psyme is. It exploits ADODB.Stream vulnerability that was patched in 2004.
http://vil.nai.com/vil/content/v_140256.htm
What do you think if your system is not yet patched with a fix released in 2004?
“If “common sense” is a reasonable defense for browsers, then Internet Explorer should be just fine for everyone.”
Well if common sense were common, everyone would have it. So we should all know thats not true.