MozillaZine

Firefox, Thunderbird, Mozilla Suite Upgrades Released

Wednesday August 4th, 2004

mozilla.org today released minor upgrades to three of its major products. Firefox 0.9.3, Thunderbird 0.7.3 and Mozilla 1.7.2 are all now available. These three new releases were created to correct 4 possible security vulnerabilities in past versions of each product. The Buildbar has links for all three releases.


#1 Setup still says 0.9.2...

by anthropolemc

Wednesday August 4th, 2004 10:54 AM

Reply to this message

...but it's really installing 0.9.3. Oops :)

#36 Re: Setup still says 0.9.2...

by DP3_001

Wednesday August 4th, 2004 6:30 PM

Reply to this message

I downloaded FF 0.9.3 from MozillaZine's link on it's home page, and everything worked out fine for me. I guess they haven't posted the updated file on FF's home page yet.

#37 Oh, and by the way ...

by DP3_001

Wednesday August 4th, 2004 7:27 PM

Reply to this message

This is just another example of how much of a priority security is for the Mozilla Foundation, and how it ISN'T for Microsoft. Does anybody see Microsoft even trying to address this type of stuff in timely manner? They've always A.W.O.L. on this subject ... until it blows up in their face.

#51 Re: Oh, and by the way ...

by Smigit

Thursday August 5th, 2004 12:54 AM

Reply to this message

actually they have security updates in what appears to be a monthly schedule....

some of these bugs were opened 2+weeks ago, some people might claim that is untimely. But Microsoft definetly doesnt not update its software.

#59 Untimely, and totally unacceptable.

by DP3_001

Thursday August 5th, 2004 4:07 AM

Reply to this message

They only update it when some puke hacker uses one of their bugs to launch an attack against somebody ... which doesn't surprise me. These arrogant f*cks think, because they "own" the computer market, that they can take their sweet time with this type of stuff, thinking that we won't go anywhere because "there's no place to go."

#88 Re: Untimely, and totally unacceptable.

by miken32

Thursday August 5th, 2004 8:01 PM

Reply to this message

Yeah, like that Blaster worm last year, the one they released a patch for in April, and then the worm hit in July, and still spread like wildfire despite the 3 months people had to patch. Arrogant bastards?

#108 My EUR 0.02

by Ashmodai <ashmodai@mushroom-cloud.com>

Saturday August 14th, 2004 4:24 PM

Reply to this message

Well, I have to agree that most bugs get exploited once the bugfix has already been released. However the problem is that Internet Explorer has too many bugs because it is bloated and only held together by what could be metaphorically described as a truck load of industrial strength duct tape. It's not that they don't fix security holes, it's that they apparently didn't avoid them properly in the first place.

However, to my understanding, the biggest security hole is and remains ActiveX and the fact that you have no idea what MSIE does exactly because you don't know its source code and that it's an actual part of the OS (hell, I don't really care much whether any of the conspiracy theories regarding the FBI and whatnot is true, but with a browser as exploitable as MSIE I would feel an awful lot more comfortable if it wasn't embedded into my OS).

#109 Re: My EUR 0.02

by roseman

Monday August 16th, 2004 8:48 AM

Reply to this message

how can you patch swiss cheese?!? no matter how many holes you plug on the surface, the underlying structure is still swiss cheese. MS-SC 6.0 ?

#110 Re:

by foxyshadis

Thursday August 19th, 2004 8:35 PM

Reply to this message

Right, I'm sure you have Mozilla's source code down cold. I'm sure you personally vet the entire thing whenever you upgrade. All you're doing is trusting the highly competent mozilla engineers' opinion that it is, rather than the highly competent IE engineers' opinion that theirs is. That's not a good argument for open source. Much better is that the lack of deadlines and constant betas leaves a much longer window for testing and perfection. (See microsoft's recent trend toward long-term beta-testing every major product release and the resultant better products because of it. They aren't stupid about adopting new methodologies, just slow.) Given recent security oversights in production mozilla code, even the indirect ones, I'm a bit less inclined to fully trust it, but I still believe that they are creating an overall more secure product, since it isn't an everything-and-the-kitchen-sink piece of code and because of the quality so far.

#70 Re: Setup still says 0.9.2...

by Smigit

Thursday August 5th, 2004 7:47 AM

Reply to this message

well i had to refresh the /products page before the .9.3 link was there.....i spent over an hour downloading a .9.2 copy as the page didnt refresh....this isnt the 1st time and im not the only one too. *moans*

#2 XPI updates

by koriordan

Wednesday August 4th, 2004 10:55 AM

Reply to this message

Any XPI updates like the last time so we don't have to download the full browser package all over again?

#3 Re: XPI updates

by mlefevre

Wednesday August 4th, 2004 10:58 AM

Reply to this message

No. Last time the fix was actually just a configuration change - easy to make a XPI for that. These fixes mean a new Firefox executable, which isn't easy to do as a XPI.

#57 Re: Re: XPI updates

by prandal

Thursday August 5th, 2004 4:02 AM

Reply to this message

Ben's just checked in new updater code for Firefox 1.0 which will allow in place software update. See Bug [url=<http://bugzilla.mozilla.org/show_bug.cgi?id=253220>]253220[/url].

#96 How about this "bug"????

by ronin65

Friday August 6th, 2004 11:26 AM

Reply to this message

Yea!

#58 Re: Re: XPI updates

by prandal

Thursday August 5th, 2004 4:03 AM

Reply to this message

Ben's just checked in new updater code for Firefox 1.0 which will allow in place software update. See Bug 253220 ( <http://bugzilla.mozilla.org/show_bug.cgi?id=253220> )

#81 Re: Re: Re: XPI updates

by MarkHB

Thursday August 5th, 2004 11:31 AM

Reply to this message

Is anyone doing / has anyone done the same for Mozilla-the-suite?

#86 Re: Re: Re: Re: XPI updates

by asa <asa@mozilla.org>

Thursday August 5th, 2004 4:12 PM

Reply to this message

"Is anyone doing / has anyone done the same for Mozilla-the-suite?"

Not to my knowledge. Firefox and Thunderbird are the future.

--Asa

#87 Re: Re: Re: Re: Re: XPI updates

by roseman

Thursday August 5th, 2004 4:41 PM

Reply to this message

some of you most loyal subjects here still use the suite! (many of us used netsscape in the old days, since 2.xx) i know the firefox crowd is more vocal, but the suite is still an excellent product. if i did not have to relearn all the names for editing preferences, i might even try firefox alongside the suite, but for now the suite is my choice (and probably the easier one for former netscape users to migrate to, to ween them off of other browsers & get them started with mozilla) -- i hope you can keep the suite updated :)

#91 Booohoooooo

by Galik

Friday August 6th, 2004 5:24 AM

Reply to this message

(sobs) but... but... Mozilla is my friend... (sobs)

#4 Where's Microsoft?

by wgianopoulos

Wednesday August 4th, 2004 12:00 PM

Reply to this message

How long do you think it will be beofre IE gets a patch for this?

#20 Re: Where's Microsoft?

by jesse <jruderman@hmc.edu>

Wednesday August 4th, 2004 2:29 PM

Reply to this message

Most of these security holes were specific to Mozilla. The libpng one wasn't, but I don't know if IE uses libpng to render PNGs.

#29 Re: Re: Where's Microsoft?

by wgianopoulos

Wednesday August 4th, 2004 4:15 PM

Reply to this message

That is the one I was reffering to. The test case for the libpng issue crashes IE.

#35 Re: Re: Re: Where's Microsoft?

by robdogg

Wednesday August 4th, 2004 6:29 PM

Reply to this message

>The test case for the libpng issue crashes IE.<

Ah, no, it doesn't. Try it out before spreading FUD.

#61 Re: Re: Re: Re: Where's Microsoft?

by niner

Thursday August 5th, 2004 4:14 AM

Reply to this message

> Ah, no, it doesn't. Try it out before spreading FUD.

It seems like it does crash at least some versions of IE6. I've just read a handful of reports in the heise.de news forums.

#77 Re: Re: Re: Re: Re: Where's Microsoft?

by robdogg

Thursday August 5th, 2004 9:47 AM

Reply to this message

Why not just try it on your own PC, rather than reading reports.

#90 Re: Re: Re: Re: Re: Re: Where's Microsoft?

by niner

Friday August 6th, 2004 2:14 AM

Reply to this message

> Why not just try it on your own PC, rather than reading reports.

Maybe because I just don't have any Internet Explorer on my own PC. And I don't want to buy and install a copy of Windows just for convincing you, that it's possible that IE has such a flaw. I just wonder why it should be impossible and any other comment is "FUD".

#63 IE also crashes!

by durbacher

Thursday August 5th, 2004 6:01 AM

Reply to this message

My IE 6 crashes on <http://www.graphicsmagick…png/beta/samples/bigw.png> (caution: Mozilla also does).

Some say IE doesn't use libpng officially but "stole" the source (well, violated the license when copying code), so has the same error. However, I don't have the time to look more into this and maybe verify it.

#65 Re: IE also crashes!

by durbacher

Thursday August 5th, 2004 6:12 AM

Reply to this message

One correction: MS didn't violate any license, <http://www.libpng.org/pub…ng/src/libpng-LICENSE.txt> explicitly allows usage in commercial products. Which OTOH makes me wonder even more why IE's png support is still that incomplete...

#72 Re: Re: Re: Re: Where's Microsoft?

by wgianopoulos

Thursday August 5th, 2004 8:22 AM

Reply to this message

IE6 with all the latest security patches on a WIndows/XP system with all the latest security patches crashes on the test URL listed in the Firefox bug report.

I am NOT spereading FUD and I suggest you check your facts.

#76 Re: Re: Re: Re: Re: Where's Microsoft?

by robdogg

Thursday August 5th, 2004 9:46 AM

Reply to this message

I just updated my XP workstation with the latest patches from WindowsUpdate and tried it again. It does NOT crash. I also had a co-worker with IE 5.5 try it. It does not crash.

#82 Re: Re: Re: Re: Re: Re: Where's Microsoft?

by wgianopoulos

Thursday August 5th, 2004 12:58 PM

Reply to this message

Odd. wonder if it depends on the size of your cache otr something. IT sure crashes for me.

#83 Re: Re: Re: Re: Re: Re: Re: Where's Microsoft?

by wgianopoulos

Thursday August 5th, 2004 1:01 PM

Reply to this message

well, actually I just tested againa nd it no longer crashes. Why? Becuase the image has been removed from the website.

#84 Re: Re: Re: Re: Re: Re: Re: Re: Where's Microsoft?

by wgianopoulos

Thursday August 5th, 2004 1:15 PM

Reply to this message

The other thing that can fool you into thinking that IE does not have the problem is that depending on how you have things configured for which application handles .png files that URL in IE can make the png file open in an external viewer which migh not have an issue. The way I was actually testing this all with several different browsers is that I saved the bigw.png file to my desktop and then created afile called test.html on my desktop with the following content:

<html> <title>test</title> <body> <img src="bigw.png"> </body> </html>

I then opened test.htm in IE and this produced the crash.

#5 Displayed versions on mozilla.org

by dorsan

Wednesday August 4th, 2004 12:28 PM

Reply to this message

Mozilla site finally stopped doing the 1.7/1.7.1 and 0.9/0.9.1/0.9.2 display on the products. It looked messy and they have changed now to displaying only the current released version number. IMHO it looks far cleaner this way and newbies will know what they are getting. I Just hope there are no more minor releases required until 1.0 on Firefox.

Oh and today I got my boss to switch to Firefox. He couldn't help but be impressed. And to make sure he gives it a fair chance I've removed access to IE. I know this isn't the place but my recommendation for the bundled extensions with 1.0 is "adblock" and "all in one gestures", they are essential kit.

#16 Re:

by doron

Wednesday August 4th, 2004 1:54 PM

Reply to this message

That is because 1.7.1 was windows only, that security hole was on win2k/xp

#26 Re: Displayed versions on mozilla.org

by chstuder <christoph@studer.tv>

Wednesday August 4th, 2004 3:29 PM

Reply to this message

dorsan, I'm currently beta-testing a website where users can report their conversions... Could not resist to post an answer to your comment ;) More details here: <http://studer.tv/newsweblog-detail.page?news.id=22> Head over to <http://studer.tv/zillivisation/> , register and get some points ;) Thanks...

#97 How about this "bug"????

by ronin65

Friday August 6th, 2004 11:32 AM

Reply to this message

Plus Bookmarks Backup (with "all" enabled by default), Tabbrowser Extensions, and Grippies (with added grippies for more than just the sidebar. There are probably a few others that belong in FF by default to give it the capability of Mozilla "straight out of the box" with no input from the user required.

#101 Re: How about this "bug"????

by Waldo_2

Friday August 6th, 2004 1:56 PM

Reply to this message

Bookmarks Backup is useful only for those users who regularly uninstall and reinstall Firefox or for those who regularly mess with their system. If the point is to make sure the bookmarks are safe if something's corrupted, then it's a bandaid for a problem we shouldn't have.

Tabbrowser Extensions has good ideas, but it has way too many of them in one place. It's so many options that it's very easily almost too confusing for a newbie user. A few of the ideas need to get into Firefox (draggable tabs, single window mode, and if it were up to me a hidden preference for the transfer of focus on tab closes, among others), but the vast, vast majority aren't useful for even the biggest power user.

Grippies? I've never used it. Perhaps it's useful, perhaps not. If you're talking about something similar to the little widget that let you open the sidebar in the Suite without going through a menu, however, that's only a convenience and not a necessity. In my opinion it would also serve the same (dys)function as the Windows taskbar sometimes does for newbies: a quick way to rearrange the window without the user knowing it. No doubt you've seen someone who accidentally dragged the taskbar somewhere on the screen other than the bottom or expanded it to half the screen by mistake. The grippy for the sidebar would serve the exact same purpose. Just because it's easier for some may not mean it's not confusing to a few more.

This isn't to say extensions never belong in Firefox. It's just that many don't, while only a very select few do.

#6 Why we will never use Firefox at work

by nodata

Wednesday August 4th, 2004 12:54 PM

Reply to this message

We will never use Firefox at work for one simple reason: Internet Explorer has a better auto update facility - WindowsUpdate.

Until non-Microsoft vendors allow seamless automatic updates (i.e. with NO user interaction), the cost of maintaing a product such as Firefox is too expensive. Even if there is minimal user interaction ("just keep clicking next"), some users will get confused and call to ask what is going on.

#7 Re: Why we will never use Firefox at work

by sphealey

Wednesday August 4th, 2004 12:59 PM

Reply to this message

I think there is some truth to this, and I hope Mozilla.org is working on it.

OTOH, patches of this nature are typically rolled out using some automatic mechanism on most corporate desktops.

sPh

#8 Re: Why we will never use Firefox at work

by roseman

Wednesday August 4th, 2004 1:10 PM

Reply to this message

what the heel good does windows update do if microsoft has NOT EVEN RELEASED A PATCH?!? mozilla updates their software -- they fix bugs. wiht microsoft you can have the LATEST lack of patches... updated automatically to the latest lack of patches for the exploits already out there...

#10 Re: Re: Why we will never use Firefox at work

by wgianopoulos

Wednesday August 4th, 2004 1:15 PM

Reply to this message

Exactly the patch for the libpng vulnerability was released taday as soon as it was pemitted to be included. IE is still vulnerable and Microsoft is silent on the issue.

#52 Re: Re: Re: Why we will never use Firefox at work

by Smigit

Thursday August 5th, 2004 1:00 AM

Reply to this message

errr, does internet explorewr even use libpng....

#54 Re: Re: Re: Re: Why we will never use Firefox at w

by spliffster

Thursday August 5th, 2004 2:21 AM

Reply to this message

i guess not if u look at the way IE 5- trough 6 display PNG images (wrong?) ... just as an example ... alpha transparency doesn't work well in ie (if even). i am not a C++ programmer ... but it looks like libpng can do this ... IE not.

#89 IE PNG Alpha-transparency

by interra0

Friday August 6th, 2004 1:22 AM

Reply to this message

See <http://homepage.ntlworld.com/bobosola/>

There is Alpha transparency but turned off by some stupid IE architect decision.

Solution is to replace all PNG with SPANs that do filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='image.png', sizingMethod='scale'); instead of PNG.

#64 It does... sort of...

by durbacher

Thursday August 5th, 2004 6:06 AM

Reply to this message

Some say IE doesn't use libpng officially but "stole" from its source (well, violated the license when copying code), so has the same error. However, I don't have the time to look more into this and maybe verify it.

Anyway, my IE 6 crashes on <http://www.graphicsmagick…png/beta/samples/bigw.png> (caution: Mozilla also does) which makes those allegations somewhat credible.

#66 Re: It does... sort of...

by durbacher

Thursday August 5th, 2004 6:12 AM

Reply to this message

One correction: MS didn't violate any license, <http://www.libpng.org/pub…ng/src/libpng-LICENSE.txt> explicitly allows usage in commercial products. Which OTOH makes me wonder even more why IE's png support is still that incomplete...

#9 Re: Why we will never use Firefox at work

by roseman

Wednesday August 4th, 2004 1:12 PM

Reply to this message

what about the cost of having your whole network infected, because the exploits were out in the wild BEFORE microsoft realsed any patches to windows update?

#11 Re: Why we will never use Firefox at work

by flacco

Wednesday August 4th, 2004 1:22 PM

Reply to this message

"We will never use Firefox at work for one simple reason: Internet Explorer has a better auto update facility - WindowsUpdate."

amen brother. firefox could kick some serious ass in businesses if some administration niceties were there. automatic updates, easy cusomization, and roaming profiles would be fantastic.

#12 Re: Re: Why we will never use Firefox at work

by i5mast

Wednesday August 4th, 2004 1:33 PM

Reply to this message

on step a time. first it should be liked by home users. then i guess business users :)

#15 Re: Re: Re: Why we will never use Firefox at work

by taichi

Wednesday August 4th, 2004 1:46 PM

Reply to this message

Even as a home user, I would prefer to patch the current version rather than having to reinstall the entire application.

#53 Re: Re: Re: Re: Why we will never use Firefox at w

by dorsan

Thursday August 5th, 2004 2:19 AM

Reply to this message

Having suffered from wanting to stay up to date while also not wanting to have to manualy do evenything I wrote a batch file on windows for automaticaly downloading and installing the lastest nightly. It downloads the nightly zip, extracts, copies all current plugins and sherlocks to the new release and then swaps out the old for the new. Sorted easy updates. It does mean downloading the full zip all the time but since FireFox is still not a 1.x the changes are not as focused as being able to patch a single file or a few files. Windows update is all good and well but it's still offering me an update to my Nvidia card from Oct 2003 when I have installed the July 2004 drives. Hmmm, not the perfect system, although having seen v5 of windows update they are getting there (<http://v5.windowsupdate.microsoft.com/>).

#98 How about this "bug"????

by ronin65

Friday August 6th, 2004 11:34 AM

Reply to this message

That is very nicely done indeed, but shouldn't that capability be built into the browser itself to make it easy for a not very technically oriented user...this is supposed to be a replace IE with...type of campaign, isn't it?

#19 Re: Re: Re: Why we will always use Mozilla at work

by roseman

Wednesday August 4th, 2004 2:09 PM

Reply to this message

i already like it at home AND at work

#45 Re: Re: Why we will always use Mozilla at

by 3rdrob

Wednesday August 4th, 2004 9:58 PM

Reply to this message

>> Consumers/home users first

I'm not convinced that this is the right approach. Non-technical users have comfort with IE and will not change without significant effort. We are not in a good position to persuade them to learn how to install Firefox.

However. We are in a strong position to convince system administrators (*especially* at small/medium businesses) to force all of their users to use FF over IE. Once people have confort with FF at work, they will bring it home. Our best channel to the home is through our advocates: system administrators and techy sons/daughters.

#92 Re: Re: Re: Why we will always use Mozilla at

by leafdigital

Friday August 6th, 2004 7:02 AM

Reply to this message

That's not quite true - home users *don't* have 'comfort' with IE. With IE they have popups, viruses, and spyware. That's precisely why there is a chance to encourage home users to switch.

Corporate networks (business/education) would indeed be an excellent place to push Firefox for the reasons you mentioned but, as others said, some of the features are not yet quite there (automated update, deployment tools, etc.).

Right now FF may have a better chance to convince individual home users; even though such people are traditionally reluctant to install anything, the constant deluge of popups and spyware might remove that reluctance. (Or more likely, when they call their computer-knowledgeable relative to stop the machine displaying porn ads all the time, she might suggest installing Firefox and they'll just say 'yes'.)

--sam

#68 Re: Re: Why we will never use Firefox at work

by sleeping

Thursday August 5th, 2004 6:50 AM

Reply to this message

"firefox could kick some serious ass in businesses if some administration niceties were there. automatic updates, [...]"

Yeah... they really should implement support for ActiveX to allow for automatic updates... ... oh wait... ...

#14 Re: Why we will never use Firefox at work

by Squire72

Wednesday August 4th, 2004 1:45 PM

Reply to this message

Windows can autoupdate behind the scenes without windows update if you set it up that way. Unfortunately, the features that make Windows Update work in IE are the same ones that make it so risky to use.

#22 You don't need IE to do this

by stu82

Wednesday August 4th, 2004 2:47 PM

Reply to this message

Uh get a clue. If you want updates with NO user interaction, you just go to Control Panel, select the Automatic updates applet (or right click my computer in XP and choose Properties) and tick the automatically download updates and install them at 11:00 each day. IE's autoupdate facility (having to actually visit a website) is rubbish by comparison.

This requires no browser and uses Windows Services to do the downloading.

#24 Re: You don't need IE to do this

by nodata

Wednesday August 4th, 2004 3:26 PM

Reply to this message

> Uh get a clue. The post was about Firefox needing seamless automatic updates to be used in a corporate environment.

Internet Explorer can be updated seamlessly using SUS. Firefox can't. That was my point.

#30 Re: Re: You don't need IE to do this

by herman

Wednesday August 4th, 2004 4:16 PM

Reply to this message

> Internet Explorer can be updated seamlessly using SUS. Firefox can't.

Fine. But I don´t want to wait months or until doomsday, to get known IE-security bugs fixed. If you want comfort, take IE, but you´ve got to pay the price, risk. I seriously hope Firefox won´t go the same way, preferring comfort to security, to cater IE users.

herman

#27 Re: You don't need IE to do this

by roseman

Wednesday August 4th, 2004 3:33 PM

Reply to this message

uhh, does this not use the dangerous and scary ACTIVE-X components, which have been the source of MANY exploits on windows machines?? i do not believe windows update runs at all with active-x disbaled; and since active-x is unsafe at any speed...

#28 Re: Re: You don't need IE to do this

by mlefevre

Wednesday August 4th, 2004 4:13 PM

Reply to this message

No - like he just said, there's no browser involved, and there's no ActiveX involved. He's not talking about Windows Update, but the Windows "automatic update" feature. It doesn't use IE and ActiveX, it's actually a program in its own right installed on the computer which downloads the updates.

#31 Re: Re: Re: You don't need IE to do this

by herman

Wednesday August 4th, 2004 4:19 PM

Reply to this message

> it's actually a program in its own right installed on the computer which downloads the updates.

if and when they are available ;-) and a week later the updates to the updates ...

herman

#32 Re: You don't need IE to do this

by wgianopoulos

Wednesday August 4th, 2004 4:20 PM

Reply to this message

But that way you only get what Microsoft calls Critical Security updates. Many of the successful hacks exploit the vulnerabilites in the windows updates that Microsoft does not deem critical. These can only be installed maually using microsofts windowsupdate feature.

#48 Microsoft vs Mozilla

by StijnDP

Wednesday August 4th, 2004 10:22 PM

Reply to this message

If you are prepared to sacrifice security for convenience, fine with me. But there are dozens of known MS security issues that are not addressed by MS at all, because they think they can afford it because of their market share. Talking of an attitude. And I agree that first uninstalling Moz, restarting a computer, DL'ing the new version, installing that version and installing addons is very time consuming. My starting point is that it's quite dangerous out there as far as my business info on my pc is concerned.

However, IMHO, Moz needs 2 more things before it will be able to really break through. The one is visibility, which is happening at the moment. The second issue is functionality related. Moz competes with IE + Outlook. Whether you like it or not, Outlook's Calendar is far more developed than Mozilla's. It should be made much easier to communicate appointments via email for inclusion into one's diary. I've got my boss to use Moz Navigator, but he will not switch to Moz Communicator unless the diary issue has been solved, preferably to the extent that Moz and Outlook will be capable of exchanging appointment info.

My 2 cents.

Stijn

#50 Re: Why we will never use Firefox at work

by lacostej <coffeebreaks@hotmail.com>

Thursday August 5th, 2004 12:43 AM

Reply to this message

Big businesses have automated installs to handle that sort of things. Big businesses do not allow software to update itself because that's a security risk in itself. So if you work for a small company, maybe. In a big one these things are done properly.

#13 windowsupdate

by Hymagumba

Wednesday August 4th, 2004 1:41 PM

Reply to this message

well autoupdate in firefox is kinda working. It's getting there, slowly.

#25 Re: windowsupdate

by nodata

Wednesday August 4th, 2004 3:28 PM

Reply to this message

Cool. But can it be invisible to the user and managed centrally?

#33 Re: Re: windowsupdate

by wgianopoulos

Wednesday August 4th, 2004 4:24 PM

Reply to this message

Well,this is why windows will never be safe. Corporate customers insist on the central management. Central management relaies on the ability for some remote computer to be able to get onto your system without your knowledge and change stuff without your knowledge. His is kind of what the hackers are trying to do and Corporate America insists that Microsoft build stuff into the system to make it easier for them to do it.

#34 Pull?

by sdfisher

Wednesday August 4th, 2004 5:17 PM

Reply to this message

Automatic updates do not require push technology. Once a product is installed, it can easily pull updates if designed to do so. That does not require a remote computer have access to the desktop computer.

If Mozilla had a field for "LOOK HERE FOR UPDATE MANIFEST" that defaulted to a HTTPS Mozilla site, and could be customized to point to a corporate server, that would definitely provide centralized patch configuration without requiring backdoor passwords.

Honestly, I have no idea what your resistence is to a patching mechanism. For all the complaints I read about Microsoft being slow to release updates, at least every security update to IE is done with more ease than a complete re-install as is the case with Mozilla and FireFox.

#71 Re: Pull?

by rwc

Thursday August 5th, 2004 8:04 AM

Reply to this message

OMG a post in this thread that is actually rational! How is giving an administrator the *choice* to patch a 39kB .dll (multiplied by hundreds of desktops) vs. downloading a 5MB installer (and doing a new install, multiplied by hundreds of desktops) every few weeks inherently evil?! Sheesh! Armchair Firefox warriors drive me nuts...

#73 Re: Re: Pull?

by wgianopoulos

Thursday August 5th, 2004 8:24 AM

Reply to this message

Because the adminsitrator does the updating and not the user. The reason this is bad will become clear when XP SP2 is pushed to desktops and starts breaking things becuase the administrator doing the push does not know what mission critcal applications are onthe desktop in question that won;t work or need new version etc. to work with XP service pack 2.

#78 Re: Re: Re: Pull?

by rwc

Thursday August 5th, 2004 9:54 AM

Reply to this message

Your knowledge of network administration seems to be based on "Dilbert" and "Office Space".

#80 Re: Pull?

by aldo_ <mozilla@martinalderson.co.uk>

Thursday August 5th, 2004 10:11 AM

Reply to this message

Totally agreed - I just don't understand why Mozilla can't spend some time befofre 1.0 creating some tools to do roming profiles, silent upgrades (and maybe even centralized) and some sort of 'rollout express' version of firefox which would replace IE as the default browser, install itself, copy IE bookmarks etc over and report back when done - many people still use login scripts with Windows NT4 servers and it's dead easy for them to push along a new peice of software by a simple if-else statement in the batch file.

#44 Re: Re: Re: windowsupdate

by sproctor

Wednesday August 4th, 2004 9:48 PM

Reply to this message

as opposed to unix which disallows remote logins altogether. I'm not microsoft fan, but get your facts just a little bit straight before you go spewing gibberish. by your definition windows, mac os, unix/linux/etc are all unsafe. unless that was your point... that no operating system can be safe if it's to be useful. you should just come out and say that if it's what you mean.

#17 The 9.3 installer still reads 9.2.

by matt_d_walke <matt_d_walker@yahoo.com>

Wednesday August 4th, 2004 1:55 PM

Reply to this message

The 9.3 installer still reads 9.2.

#74 Re: The 9.3 installer still reads 9.2.

by logan

Thursday August 5th, 2004 8:25 AM

Reply to this message

#105 Read before post

by sn0wflake <sn0wflake@tdcadsl.dk>

Friday August 6th, 2004 9:13 PM

Reply to this message

Read the very first post. I don't know why I'm posting this since you probably don't read it ;)

#18 The 9.3 installer still reads 9.2.

by matt_d_walke <matt_d_walker@yahoo.com>

Wednesday August 4th, 2004 1:57 PM

Reply to this message

The 9.3 installer still reads 9.2.

#21 XUL Vulnerability

by aquarichy <aquarichy@gmail.com>

Wednesday August 4th, 2004 2:42 PM

Reply to this message

Argh, I was hoping <http://bugzilla.mozilla.org/show_bug.cgi?id=22183> (the bug concerning UI spoofing through XUL) would be fixed by this release :(

#23 Re: XUL Vulnerability

by logan

Wednesday August 4th, 2004 3:20 PM

Reply to this message

"fixed"?

#40 Re: XUL Vulnerability

by CTho <cst@andrew.cmu.edu>

Wednesday August 4th, 2004 8:00 PM

Reply to this message

How would you propose to fix this? What prevents me from making an equally-convincing mockup with DHTML? You're adding a false sense of security.

#62 Re: Re: XUL Vulnerability

by mlefevre

Thursday August 5th, 2004 4:24 AM

Reply to this message

Indeed. So the way to "fix" it will be to make it harder for sites to spoof the UI, but ensuring that some real UI exists on all windows. XUL spoofing is something of a red herring - the solution needs to cover (D)HTML spoofs too (and the problem exists in other browsers).

#75 Re: Re: Re: XUL Vulnerability

by brianiac

Thursday August 5th, 2004 8:31 AM

Reply to this message

Tools &#8594; Options &#8594; Web Features &#8594; Advanced... &#8594; uncheck "Hide the status bar" (and probably all the items above it).

#38 Loss of information when printing

by dgtlmoon <leighm@linuxbandwagon.com>

Wednesday August 4th, 2004 7:31 PM

Reply to this message

Well, If the web browser decided to not display things when rendering, this could be a security issue

So is mozilla-engine refusing to print some <DIV> tags

whats going? how come these kinds of printing bugs are not being addressed?

heres an example of something like this being exploited

<http://dgtlmoon.koan.net/…ting-loss-of-information/>

You can read more abuot this mozilla bug at

<http://bugzilla.mozilla.o…g_list.cgi?buglist=154892>

get onto it!!!!!!!!!1

#42 Re: Loss of information when printing

by logan

Wednesday August 4th, 2004 8:12 PM

Reply to this message

An major or irritating bug? Perhaps, but that's probably about as far as I would take it. The use of security and exploit seems highly inappropriate here.

You've read the bug haven't you? There's been active discussion and work off and on for the last two years. There is a patch, but questions have been raised about it. Sometimes problems like this and the fix, (negatively) affect other components. People aren't always available to devote a good deal of time to a particular bug, or other higher priority issues exist. It's not always so simple.

Discussion of issues like this are better suited for the forums.

#55 Re: Loss of information when printing

by spliffster

Thursday August 5th, 2004 2:32 AM

Reply to this message

don't ask yourself in which way this comment is related to this discussion. if you look trough MozillaZine you will find a post like this in nearly any discussion. and it's usually posted by the same person.

#39 Auto-Update

by troy1of2 <troy1of2@yahoo.com>

Wednesday August 4th, 2004 7:33 PM

Reply to this message

I can see where the complete re-install every time an update comes out will be a hard sell for a lot of the people I'm recommending Firefox to. For me, it's just a pain in the butt to have to un-install all of my extensions and the browser, install the new one and re-install all of my extensions then spend the time getting everything reconfigured the way I like it. For my technically declined friends who are accustomed to simply installing a patch for IE and being done with it having to do the complete reinstall bit is beyond just a pain in the butt, it's impossible. Which of course mean's they'll be calling me to do it for them, which means I have to make time to go do it. So, yes, I can see the guy's point about it being a major undertaking in a business network environment. The IT department would be tying a lot of resources up going around manually resintalling on every work station.

I still love it for my personal browser and it's worth the hassle for me. But not everyone is going to feel the same...

#67 Re: Auto-Update

by kquiggle <kquiggle@earthlink.net>

Thursday August 5th, 2004 6:37 AM

Reply to this message

For those of us who have to update hundreds of PCs in a corporate environment, auto-update is an important consideration. Security is also an important consideration - even though IE has autoupdate, it does not provide any mechanism to clean up PCs infested with malware, so we end up having to visit PCs anyway for cleanup purposes. Being able to auto-update Mozilla would be a big plus - if this is coming soon, we would like to know about it so we can factor it into our deployment plans.

#95 Re: Auto-Update

by GURT

Friday August 6th, 2004 11:15 AM

Reply to this message

i didn't have to reinstall any extensions.

delete firefox folder extract new version execute

#100 Re: Re: Auto-Update

by roseman

Friday August 6th, 2004 12:23 PM

Reply to this message

many of my extensions get preserved when installing a new Mozilla; some do not. i belive it has to do with WHERE the extension gets installed... globally into the program folder = available to all profiles, but disappears on re-install; or install extension into profile folder & it saves it when installing a new version, but is only visible to that one profile. some seem to install locally to the profile folder, others globally to the program folder, and SOME nice ones :) seem to ask you WHICH install location you wish (a few even tell you what the difference is, advantages/drawbacks of each) at the time you are installing them. p.s. i use mozilla suite, though i believe firefox acts same way (could be mistaken here.. anyone?)

#41 Re-install to patch a bug... Kewl! :-

by Linuxn00b

Wednesday August 4th, 2004 8:02 PM

Reply to this message

I certainly hope Ben gets some sort of patching mechanism in place before pushing v1.0 (which will no longer be "Tech Preview", but rather will finally be - GASP! - "FINAL") out. I'm afraid that the idea of re-installing a piece of software every time a bug is discovered and resolved (if I am to believe the sales dept. we're looking at less than 48h turnaround times here) might not exactly cut it with the wider audience (i.e. regular people, not Fx fanboys). Especially as the competition <cough> <cough> has this feature... AND already has a browser installed on 99.9(9)% of machines out there!

#43 Re: Re-install to patch a bug... Kewl! :-

by logan

Wednesday August 4th, 2004 8:17 PM

Reply to this message

Feel free to contribute something, perhaps even offer your assitence in making the update system better. This is not a one man show here, anyone can help. Or not...

#46 Re: Re: Re-install to patch a bug... Kewl! :-

by troy1of2 <troy1of2@yahoo.com>

Wednesday August 4th, 2004 10:15 PM

Reply to this message

Would if I had the expertise but since I don't I figure it doesn't hurt to point out a need so that someone who does have the know how can pick up the ball and run with it.

#56 Re: Re-install to patch a bug... Kewl! :-

by spliffster

Thursday August 5th, 2004 2:36 AM

Reply to this message

this is a bugfix release, all extensions/settings are not needed. why not just download the zip release (fro those windows folks) and extract it over the current installation ? huh ... is it sooooooo complicated to automate ?

i don't know how software is managed centrally on managed on windows ... but it would certainly not be hard to write a 2 line shell script daemon which checks for updates on an internal server, get's it and extracts it (as for bugfix releases) ... hell, it's not rocket sience!

#103 Re: Re: Re-install to patch a bug...

by ratman

Friday August 6th, 2004 3:07 PM

Reply to this message

if the need for an updater is so great, i don't see why someone doesn't just write an independent, stand-alone application (perhaps a mozdev project?) that downloads the zipped update and copies it into the appropriate program directory. if a more automated updater is required, perhaps the program could first check to see if an update is available and if mozilla (seamonkey/firefox/thunderbird) is running (and prompt the user to shut it down, if necessary). that way, the application could simply be added to the startup queue and could operate without user input required. as an independent program, it wouldn't open up additional vulnerabilities in mozilla itself, nor would it rely on xpinstall, and it could be made more customizable as well.

any enterprising programmers out there up to the challenge? personally, i much prefer manually updating both mozilla and windows, but hopefully all the clamor for a more "user-friendly" approach could generate some interest in such a project.

#104 Re: Re: Re: Re-install to patch a bug...

by Smigit

Friday August 6th, 2004 7:35 PM

Reply to this message

well IMHO an updater that is of any use shouldnt download the complete installation but only files that have changed since the copy currently installed. that is, if a bug is found you may download 1 100kb file instead of a 5meg zip archive. Having an auto updater that downloads the entire application isnt convinient for dial up users such as myself, in which case im probably better off downloading it manually with a download manager. I know the majority of people probably have broadband, but it has always been the goal of the dev team to make the dload package as small as possible and an updater of this nature would be a huge step forward in achieving that. Also it means at each new version release you wont have hundreds of thousands of people downloading 5megs each, but rather alot will be downloading alot less and hopefully have less server strain. I dont believe an updater that downloads only changed files would be possible as a 3rd party addon unless they hosted all the individual files themselves.

#106 Re: Re: Re: Re: Re-install to patch a bug...

by bzbarsky

Friday August 6th, 2004 10:15 PM

Reply to this message

Any change that affects the layout engine means downloading the 4-6 MB (on Linux; a little smaller on Windows) layout library.... and most changes _do_ affect the layout engine.

#60 Re: Re-install to patch a bug... Kewl! :-

by prandal

Thursday August 5th, 2004 4:10 AM

Reply to this message

#47 In-Place Auto Update check into latest branch!

by mrgoodgood

Wednesday August 4th, 2004 10:21 PM

Reply to this message

The Checkins: <http://bonsai.mozilla.org…e=&cvsroot=%2Fcvsroot>

And the corresponding Bug: <http://bugzilla.mozilla.org/show_bug.cgi?id=253220>

Hope that's what we have all been waiting for :)

#49 Default Download Folder still confusing

by Beau6183 <beau_scott@hotmail.com>

Wednesday August 4th, 2004 11:56 PM

Reply to this message

FF 0.8 had it right with a single click download (well, right click -> save file to disk). Having a screen pop up confirming where you want to save the file defeats the purpose of having a default download directory, IMO. I realize you can set up each file type to behave that way, but it's a lot more convenient to just do it .8 style. FF 0.9 was a downgrade in this aspect.

#107 Re: Default Download Folder still confusing

by petebull <petebull@web.de>

Tuesday August 10th, 2004 8:05 AM

Reply to this message

0.9 still has the funcionality: Alt-Click a link for direct download without questions to your predesignated location.

I picked that up here from MZ forums, a great source of knowledge for Mozilla related stuff.

#69 good work

by Virtuose

Thursday August 5th, 2004 7:34 AM

Reply to this message

no problem with this version. (firefox and thunderbird)

1.0 is hopefully for Firefox and Thunderbird coming soon...

#79 For the people requesting Auto update

by fedetxf

Thursday August 5th, 2004 10:00 AM

Reply to this message

The people requesting a user-transparent auto update feature with a central configuration, bug microsoft to provide it. On my OS of choice, all I do to upgrade Firefox is run this command:

apt-get firefox

Done. I don't even know what goes on. Tell MS to provide a tool to do that on Windows and you are set.

#93 That's far too complex

by leafdigital

Friday August 6th, 2004 7:11 AM

Reply to this message

You think I'm joking, right? I'm not. The update needs to happen completely automatically with only the simplest warning. 'There is a new version of Firefox available. For security reasons we recommend you update now.'

Anything that requires the user to initiate the process, rather than clicking a 'yes' button on a dialog that is presented automatically to them, isn't solving this problem.

(That said, the Linux install mechanisms are very nice in some ways compared to Windows. I think all three major operating systems (Win/Linux/Mac) make a hash of installing software and the way they manage software installations in general, but Windows is worst... Anyway, that's off-topic.)

--sam

#99 How about this "bug"????

by ronin65

Friday August 6th, 2004 11:40 AM

Reply to this message

I don't think it's off topic. There is no good reason why FF can not make things simple at least for itself. The other apps will have to fend for themselves.

#85 Bad download link for Tbird on mozilla.org

by neilparks1

Thursday August 5th, 2004 1:22 PM

Reply to this message

Go to <http://www.mozilla.org> . Click on Tbird 0.7.3 link. Click on Download Now link. You will get 0.7.2 sted 0.7.3 .

#102 Re: Bad download link for Tbird on mozilla.org

by neilparks1

Friday August 6th, 2004 2:19 PM

Reply to this message

Just checked again and found that the link has been fixed.

#94 Mozillazine should point to download.com

by ivanii

Friday August 6th, 2004 7:34 AM

Reply to this message

There was interesting marketing action for writing reviews on download.com (and other siters, I see just 6 reviews on snapfiles.com -ex webattack now). Logical move after that action is to point to download.com for downloading, as new version appears, in order to improve results in the number of downloads.

#111 Mozilla Over Firefox

by morpheus222

Tuesday August 24th, 2004 10:32 AM

Reply to this message

there are people like me that do not like firefox, it does not have the last page visited home page feature, you cannot customize what it does when you open a new theme or window, you can not auto fill in forms without downloading something, you cannot manage your stored passwords, you cannot block images.

That is why i choose mozilla over firefox.

#112 thunderbird for mac os 9.2?

by vic

Friday November 12th, 2004 5:22 AM

Reply to this message

Is there any development of Thunderbird for Mac OS 9.2? Where can I download it?