Home > Mozilla, Gecko > Firefox 1.0.5 Is OutFirefox 1.0.5 Is Out Andrew Youll 2005-07-12 Mozilla, Gecko 108 CommentsThe Mozilla Foundation has released Firefox 1.0.5 which addresses several security issues.About The Author 108 Comments 2005-07-12 9:18 pm Joe UserFirefox has only 10% market share and has had so many security updates lately I would recommend Opera any day. 2005-07-12 9:20 pm On the other hand, its getting safer und safer. Do you know how many critical bugs are hidden in Opera? 2005-07-13 12:54 pm kfetCould you elaborate? My impression is Opera software is the fastest to handle any known security issue among the browser vendors. 2005-07-12 9:28 pm rm6990Firefox has only 10% market share and has had so many security updates lately I would recommend Opera any day.Yes, because market share dictates the quality of code. You’re absolutely right.I find comfort in the fact that they are taking the time to patch the product, instead of leaving security holes wide open.I’ll stick with my current version of Firefox, I’m tired of updating every month or so. I use Firefox for testing purpose only anyway, so…Yes, I find the 5 minutes a month completely exhausting….even more so than my 8 hour a day job. 2005-07-12 9:44 pm I won’t comment on your logic, but please use the term install base when that is what you mean.http://www.osviews.com/modules.php?op=modload&name=News&file=articl… 2005-07-12 9:21 pm It’s actually great that they address the issues rather than ignoring them. However, it’s ridiculous to assume people will cope with installing a new version every month or so. Heck, find a way to make it patcheable. 2005-07-12 9:34 pm orestesYou make it sound like a huge hardship. Installling the new version takes all of 30 seconds and doesn’t require a reboot. 2005-07-12 9:55 pm It’s 4.8MB (for win32), so wouldn’t that be more like 30 minutes if you don’t have, or can’t get broadband?How *do* people keep up with general security updates using a modem? 2005-07-12 10:07 pm orestesCloser to 20 on my old dial up. I don’t ever recall it being a hardship. OTOH, staying up to date on my Linux box while on dial-up was a legitimate pain in the ass. 2005-07-13 11:16 am once downloaded with broadband it took 11.86sec to to do the upgrade on Mac OS X 2005-07-13 12:17 pm thomasHow *do* people keep up with general security updates using a modem?Unplug it ? 2005-07-12 10:05 pm Reboot? Who talked about reboot? Manually downloading a whole program every month just to plug a hole isn’t my cup of tea. I tend to use computers to actually do stuff, not hand around keeping them up2date.If this were a MS issue, people would freak out. It’s good news that they’re working on auto-patching. The auto and the patching. 2005-07-13 12:52 am We could only be so lucky to have 5MB PATCHES for IE without MS sticking other soul-stealing stuff in behind our backs… For most people 5 MB is trivial.. come on, I’ve seen flash based web pages bigger than that!!! or how about all those people downloading MP3s.. that much for a whole new broswer? even over dial up it’s a non-issue to keep up with current Firefox versions. 2005-07-13 3:10 am LOL. It’d be trivial to update it if Windows had a proper installation system. Keeping up with software updates is for me a 10-second (literally) task once every few weeks. The fact that the Firefox people have to roll yet another auto-update mechanism for Windows is a very good sign of how broken its application model is. 2005-07-13 9:45 pm You make it sound like a huge hardship. Installling the new version takes all of 30 seconds and doesn’t require a reboot.rotflBeats patching and rebooting. 2005-07-12 9:22 pm According to your reasoning, Internet Explorer is the safest browser then. 2005-07-13 12:37 pm IE is no less safe than firefox. It just has a larger userbase. As is being proven with firefox, and its increasing userbase, if companies want to make spyware for anything (including your precious linux, which isnt a fraction as secure as you may think) they WILL make spyware. I wouldnt be suprised that within the next 5 years, IE far outdid firefox in security. But right now, firefox is less prone because it still has a relitivly small userbase, and the more annoying companies dont care yet. 2005-07-12 9:23 pm BobmeisterThe next version, 1,1 now in Alpha WILL have auto-patching capability. I just had it on my computer yesterday…I went back to the current releases to make sure that I have a nice stable browser, so it’s coming!I’m glad as well that they ARE patching it. It’s a good browser, as is Opera. Personally, I like Firefox over Opera as it seems to render pages better, but that’s just a choice thing…. 2005-07-13 3:45 pm eMagiusFirefox only renders broken code “better” — which makes sense, given that it’s just a hacked up Netscape Navigator. 2005-07-12 9:24 pm Joe UserI’ll stick with my current version of Firefox, I’m tired of updating every month or so. I use Firefox for testing purpose only anyway, so… 2005-07-12 9:29 pm So the ONLY time that you will use it to surf, you’ll get to an evil site that will exploit the bugs, install spyware & cie.It never happens only to the others. Never overestimate your luck 2005-07-13 11:15 am cyberpsiI used to believe in this untill lose $1000 to crackers in my bank acount 2005-07-12 9:34 pm Joe UserSo the ONLY time that you will use it to surf, you’ll get to an evil site that will exploit the bugs, install spyware & cie.I don’t visit warez web sites. And I don’t use Firefox nor IE. I use Opera 8.01. 2005-07-12 9:44 pm SaemYou’re being daft, like many others. Constant updates is a sign of improvements. A better patching system would be nice, but at least we can be assured that they’re fixing bugs. One wonders why Opera and IE don’t have a simillar rate or improvement, they seems less vigilant. 2005-07-13 12:50 pm abdavidson“Constant updates is a sign of improvements”You’re joking! When MS had to release patches every month for IE it was a bad thing, but more releases for Firefox – specifically aimed at fixing security issues – somehow makes it better?God DAMN some people are obtuse.“One wonders why Opera and IE don’t have a simillar rate or improvement, they seems less vigilant.”Look at Secunia. Firefox has had vulnerabilities outstanding for months. Opera doesn’t. Speak sense. 2005-07-12 9:46 pm I don’t know fighting that much for a 30 seconds install of a binary program of less than 5 MBs. Now I should be the one annoyed since I use gentoo and the source of firefox is 32MBs and the install takes 45 minutes compiling all the code and putting it togheter. Though I’m happy doing it. 2005-07-13 12:18 pm gothicI use binary.. and that’s your problem.. that’s the price of using gentoo. 2005-07-12 9:50 pm Opera has become my favorite browser ever since I gave it a fair shot starting with 8.0. Plus the more I use it and discovers it’s features, the more I like it. I even use it on my BSD box now over Firefox. 2005-07-12 9:57 pm agildehausFirefox developers are working hard to bring a decent auto-update mechanism into place for 1.1. Meaning no more downloading of installers. The auto-updater also will refuse to download new versions of Firefox if doing so will break installed extensions (though there’s an option to allow that). 2005-07-12 10:04 pm jondoorwhatever something is “popular” it gets picked apart, if it has security problems then we all point to those as reasons why it’s a bad product or why no one should use it. If it gets patched a lot, avoiding security problems, well that’s just too anoying, why would anyone want to be annoyed so much of the time? 2005-07-12 10:08 pm It’s annoying that it *don’t get patched* but rather reinstalled every time. Is my english too hard to parse? 2005-07-12 10:07 pm Joe User One wonders why Opera and IE don’t have a simillar rate or improvement, they seems less vigilant.This is a serious accusation you’re claiming. Opera has nothing to do with Microsoft. The Opera coders are serious and hard-working people. Microsoft staff doesn’t talk with the user base the way Opera programmers do. Opera Software is not less vigilant than the Mozilla Foundation. 2005-07-12 10:10 pm jondoorAgreed things could be better, but that’s true about everything. 2005-07-12 10:11 pm y’know, it’s Firefox, not FireFox. 2005-07-12 10:14 pm Pedant. 2005-07-12 10:13 pm Joe UserIf this were a MS issue, people would freak out.Too pathetic. This drives me so mad. The same people who moan at Microsoft each time hackers discover security flaws say it’s no big deal when it happens to Firefox. Gimme a break! 2005-07-12 10:14 pm Joe Usery’know, it’s Firefox, not FireFox.You know, it’s “You know”, not “y’know” 2005-07-12 10:15 pm The link provided does not list 1.05 security fixes. Is there a link for this? 2005-07-12 10:37 pm I used to keep up to date with Firefox on my Windows machines. But, for the last few versions, they have not produced the good installer. I mean the one you just unzip into a directory and you are done. All they have is some silly executable and I sure don’t want that. 2005-07-12 10:42 pm DrumhellarRemember when Opera’s biggest feature was that it fit on a floppy?Opera bugs me in that, for the life of me, I can’t figure out how to get the tab bar to sit below the address bar. 2005-07-12 10:48 pm Joe UserOpera bugs me in that, for the life of me, I can’t figure out how to get the tab bar to sit below the address bar.Err… This wouldn’t make much sense… 2005-07-13 12:14 am It makes perfect sense. You must work for Opera. That is exactly the kind of jerk responses I used to get from Opera’s tech support when I would suggest them making an option to allow me to use my browser the way I want to. “No, we know better than you” would always be the response and now I no longer send them any money. Leave it to you jerk Opera employees to fill up a thread about Firefox with stupid self promotion for Opera. 2005-07-13 5:22 am Opera bugs me in that, for the life of me, I can’t figure out how to get the tab bar to sit below the address barI don’t know that you can do that, but what you can do is drag a URL bar and whatever else you want to the main bar, which naturally sits above the tab bar.Just stick the widgets and stuff you need there, get rid of those you don’t and hide the regular address bar. 2005-07-13 5:26 am The only weirdness with that is if you tile or cascade the pages, there’s only one URL displayed which corresponds to whichever is active; with the address bar visible, each page gets its own URL field. 2005-07-12 10:42 pm http://www.getfirefox.comclick on … 2005-07-12 10:42 pm Joe UserI mean the one you just unzip into a directory and you are done. All they have is some silly executable and I sure don’t want that.LOL With radically opposed stand points, I doubt everybody will be happy!As for myself, I don’t call a zipped archive an installer! Unzipping an archive is fine for beta testing, but in the end one need a setup.exe, at least for the end user. 2005-07-12 10:47 pm actualy i am more fond of the zip file, didnt have to wait for anything to be installed, could stick it on a usb stick and use it at school even tho i dont have necessary permissions to install software… guess i am stuck using the old one…wonder if you could install, zip up the fifefox folder and go from there….why would a user care more about “installing” than just unzipping… 2005-07-12 10:50 pm Joe Userwonder if you could install, zip up the fifefox folder and go from there….Yes you can do this. I have done this with older versions of IE because I need to have several versions of IE at the same time on my computer when I test my web pages to check out backward compatibility. It’ll work just fine with FF. 2005-07-12 10:49 pm oh and it was cool to have the installed version and the zipped version, i could have one with my accelerator and one without… 2005-07-13 4:14 am I am a developer, but not a Firefox developer. So, I am an end user for Firefox and the only good installer is me. I don’t want a program messing with the registry or other nonsense when installing. I just want to unzip to a directory and go. I have no idea what you mean by stand points. 2005-07-12 10:51 pm Dark_KnightNovell provides the update for SuSE Linux users via YOU (YaST Online Update) or via FTP source directory. Unfortunately not all distribution developers offer such a service for third party software. Since not all Linux distributions are LSB certified I’m sure this would provide a packaging nightmare for the Mozilla developer. 2005-07-12 10:52 pm i just cant stand the ads, and by default it looks sooooo confusing with a dozen toolbars and other stuff…. 2005-07-12 11:02 pm Joe Useri just cant stand the adsThen buy your copy. What does 39 bucks represent in your yearly budget? This is what you spend everyday at Albertson’s !Opera’s is reported at 1%.Yes, so it is less likely that crackers will target Opera. Makes sense, doesn’t it? 2005-07-12 11:12 pm why pay for opera when i can get firefox….opera also crashed a time or two when i tried it last which wasnt long ago….i do like some of the features but do not really end up using them that often. I do like how you can turn pics OFF, ON, or CACHED only from the toolbar…that was cool if i was in a hurry 2005-07-12 10:53 pm JPortalFirefox has only 10% market shareOpera’s is reported at 1%.and has had so many security updates lately Security updates are a bad thing?Firefox has had a lot of security updates, but none of them were exploitable for very long before they were patched. Number of wide-spread exploited bugs: 0…I would recommend Opera any day.That’s your own opinion, but don’t say that Opera is better because it’s less buggy Does anyone know when Firefox 1.1 is supposed to come out? The Deer Park beta was good stuff… I can’t wait. 2005-07-13 12:54 am Varg Vikernesand has had so many security updates lately Security updates are a bad thing?Yes because it shows the browser wasn’t deisgned properly or that they didn’t catch security bugs or that the software is buggy.Firefox has had a lot of security updates, but none of them were exploitable for very long before they were patched. Number of wide-spread exploited bugs: 0…You sure about that? Because I have this feeling that half of ths sites I visit can easily pop a popup even though I have popups disabled. If you don’t know, this is a Firefox only bug (doesn’t happen in IE or Opera).I would recommend Opera any day.That’s your own opinion, but don’t say that Opera is better because it’s less buggy Why wouldn’t he? Why is then Firefox better? There are benchmarks where Opera blasts Firefox away in every single test and there’s not a single unpatched exploit in Opera. Now, you might bring up that as it would gain popularity people would definently find security holes/bugs in it, but then you also agree that Windows has so many holes due to its popularity not because of bad design?yea ok! how did you conclude it leaks memory like a sieve….. Firefox’s own developers admit that it has memory leaks. Load 50 tabs and look at mem usage. Now close all those tabs and look again. Or try to leave Firefox minimized for an hour or so while doing regular work on your PC. Then try to “unminimize” it.but at least my browser isnt a part of my operating systemWhat is the problem? I utterly fail to see what the problem is to have the browser tight to the OS, sorry.That guy is clueless. IE is not a part of the OS and has never been. I don’t feel like giving you a link to a blog of a Microsoft employee, but surely you can find it.My experience is quite the opposite. The more feature a program tries to add the less useful it becomes.In that case you probably also think Emacs is less useful then say UltraEdit?for Linux/OSS zealots. This thread show the double standards. If it is an IE bug, they will whine at Mircosoft as much as they can. If its OSS software bug, yeah no big deal.One guy says, the more bugs they found, more secure it will be another says they fix it fast and another will say its no big deal to download on slow dialup. Excuses excuses and then they wonder why market share doesn’t increase. LOLHonestly, the hype of firefox seems to have died since the truth has come out. At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). I feel so much better using Windows now. YaY all the OSS zealots can go and eat $#%^Well, you should already know this if you visit OSNews or Slashdot. These people seem to lack common sense. Say I write a worm/virus and I want to distribute it to as many people as possible. Do I a) try to find a hole in a browser that 3% of people use and maybe infect 50% of those 3%s, or b) I try to find a whole in a browser 90% of prople use, particullary non computer savvy users so that means I have a much higher chance of succeeding. Tough one. 2005-07-13 1:08 am orestesIn that case you probably also think Emacs is less useful then say UltraEdit?I can’t speak on UltaEdit, but emacs is a perfectly fine operating system. When I want to edit text I break out sam or one of the vi variants. 2005-07-13 3:17 am popups on firefox and not IE? show me the sites…oh thought i would try a bit of that leakage you talk about——–firefoxupon startup, one blank tab uses 13,584k10 sites in tabs seems to hold steady at 29,520krefreshing all the pages brings the usage to 26,312close all the pages, one blank tab remainingminimize for 30minrestoreusing 11,716ksame 10 tabs10 tabs once again hold steady at 28,384kminimized it goes down to 3540k and holdsrestore brings it to 18,188k and holdingfollow the drip follow the drip…. doesnt seem bad to me… try the same on IE WHEW!!!!sorry but it would take me forever to load 50 tabs so 10 will do…. I leave firefox minimized all the time no biggie, drags for a sec when restored but considering when it is minimized it only uses a few megs I would expect my puter to drag for a sec while it figures out what to do…who would use 50 tabs anyway???ok,let me try 30 local pages…..open firefox uses 13,568kopen 30 local pages uses 30,524kminimized uses 2480kdo some other stuff for about a hourrestore uses about 28540btw-those same 10 sites in IE consume about 60megs of memory, about 14megs minimized, and resotre brings it back to about 30…YEa, go ahead and head back to IE and take your sieve with ya!———-“IE is not a part of the OS and has never been.”strange that i can open the FILEMANAGER and surf to yahoo, or open the browser and manipulate the filesystem…. strange that a malformed web page can freeze my whole computer to the point of needing a reboot…ok i will stop 2005-07-14 2:21 pm Regarding your stats on memory usage.. open firefox uses 13,568k open 30 local pages uses 30,524k minimized uses 2480k do some other stuff for about a hour restore uses about 28540Seeing that your memory usage goes down when you minimize Firefox, you are being shown the *active memory* usage, that is to say memory which is in actually in real RAM at the time.What you want is the *total* memory usage whether it’s in in real RAM or swapped out into virtual memory.I’m not a Windows user and am running OSX at this time so I’m not sure how to get the actual memory usage out of the system (a command line utility like “top” anyone?), but let me assure you that I’ve never seen *any* browser at all that releases memory back to the system when you close windows/tabs.All browsers leak RAM and I’m sure it has to do with the memory allocation model in C rather than actual bad design.However, I just replaced my hard drive in this laptop I’m using and at the time, I got down to about 150 Meg *free* on the hard drive and I couldn’t use Firefox for more than five minutes before having to reboot the OS. I quickly swiched back to iCab and Safari where I could get a few hours out of my browser before disk usage shrank to zero.The reason that your memory statistics seem to be reasonable is that you are not being shown the whole working set of the program. 2005-07-12 11:06 pm Anyone with an ounce of sense will have Firefox’s directory 755 and will only run it using a non-root account – how can autopatching work, then?Will it ask me for my root password? Could a website fake the dialog? 2005-07-12 11:16 pm Joe UserAnyone with an ounce of sense will have Firefox’s directory 755 and will only run it using a non-root account – how can autopatching work, then?It won’t happen. FF can write only to your /home directory. You’ll have to update your ports with CVSup and to issue:cd /usr/ports/www/firefox && make install cleanAs root.PS: As for now, Firefox hasn’t been updated yet on the mirrors. 2005-07-12 11:48 pm Anyone with an ounce of sense will have Firefox’s directory 755 and will only run it using a non-root account – how can autopatching work, then?If you want to upgrade it as a user, then you would have installed it as a user, therefore you would have installed it in your home directory. Otherwise if you wanted it installed and updated systemwide you’d install it as root and update it as root, or just rely on whatever package manager you use to install and update it, though that almost certainly wouldn’t use patches. 2005-07-12 11:15 pm CrazyDude0for Linux/OSS zealots. This thread show the double standards. If it is an IE bug, they will whine at Mircosoft as much as they can. If its OSS software bug, yeah no big deal.One guy says, the more bugs they found, more secure it will be another says they fix it fast and another will say its no big deal to download on slow dialup. Excuses excuses and then they wonder why market share doesn’t increase. LOLHonestly, the hype of firefox seems to have died since the truth has come out. At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). I feel so much better using Windows now. YaY all the OSS zealots can go and eat $#%^ 2005-07-12 11:35 pm so because IE rarely offers patches it is somehow MORE secure?“At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). ”how is that proven?yea it is much better to be clueless and not have updates and so forth so when blaster and sasser and everyone walks in you arent prepared at all….a lot of the browser security issues are present on the majority of browsers…. but at least my browser isnt a part of my operating system… 2005-07-12 11:49 pm Joe Userbut at least my browser isnt a part of my operating systemWhat is the problem? I utterly fail to see what the problem is to have the browser tight to the OS, sorry. 2005-07-12 11:52 pm orestesYou don’t find it just a teensy bit disturbing that a flaw in your browser can bring you entire OS to it’s knees. 2005-07-13 12:00 am Joe UserYou don’t find it just a teensy bit disturbing that a flaw in your browser can bring you entire OS to it’s knees.This is not a problem of concept (shipping a browser with an OS in this case). This is a problem of budget priorities. Microsloth doesn’t want to put money into IE because up to recently there was virtually no competition, and now things are changing. In a nutshell, Microsloth didn’t care that much about IE’s security issues.Doesn’t KDE has Konqueror tight too? Isn’t that good? I think EVERY OS should be shipped with a tight browser. 2005-07-13 12:04 am KDE is not an operating system. 2005-07-13 12:06 am orestesPersonally, I favor ye olde *nix philosophy of do one thing and do it well. The more you make programs dependant on each other, the more you screw yourself over when some critical piece fails. 2005-07-13 12:13 am TBPrincePersonally, I favor ye olde *nix philosophy of do one thing and do it well. The more you make programs dependant on each other, the more you screw yourself over when some critical piece fails.Sure, but the more your software are integrated, the more your productivity (about anything, from office work to MP3 playing) gets enhanced.In the end, it’s a matter of taste (given that all software has bugs…). 2005-07-13 12:16 am orestesSure, but the more your software are integrated, the more your productivity (about anything, from office work to MP3 playing) gets enhanced.My experience is quite the opposite. The more feature a program tries to add the less useful it becomes.In the end, it’s a matter of taste (given that all software has bugs…).True enough. 2005-07-13 12:58 am not really. the bugs found in firefox are far more trivial than the bugs in IE… they’re found by examination of the SOURCE CODE as POTENTIAL problems… most of the expolits never make it into the wild.. and they’re pacthed very quickly.. heck, MS legally bars security experts on IE from TALKING about expolits for longer than it takes FireFox to actually patch them!!! 2005-07-12 11:33 pm deathshadowThe link to “Security issues” doesn’t list what was changed for 1.0.5And it STILL leaks memory like a sieve…Damn, back to IE. 2005-07-12 11:40 pm yea ok! how did you conclude it leaks memory like a sieve…..back to IE…. well if you are so enraptured with IE why do you bother trying anything else… 2005-07-12 11:51 pm TBPrinceNot willing to troll but just sharing some thoughts. I guess some people now realize how difficult is to keep a product safe, expecially when your market share increases.I don’t know exact FF market share (let’s say it’s 10%, as someone here stated…) but FF had:3 (three) security problems rated as critical in 1.0.43 more critical and 2 rated as high in 1.0.31 critical and 3 highs in 1.0.22 criticals and 2 highs in 1.0.1(based on their list)That makes 9 critical bugs (which, if I’m right, represents bug who can lead to unrestricted system access) in timeframe from 1.0.1 to 1.0.5… isn’t that a few months? How many? 2-3-4 months?This should make people who bash for a single IE problem a bit upset and mostly should teach them that the more a product get popular, the more it will need to care about security.Though I’m not using FF now (except for testing purposes) I do really hope that Mozilla can release the auto-patching feature, expecially for people who use slow connections.Constant auto-patching seems to be the only way to reduce surface for attacks as educating people has failed. If we get lucky, 2 or maybe 3 users of 10 will remember to check for updates from time to time. Given that one can have dozens of software installed, this could be very very annoying… 2005-07-13 12:07 am rm6990for Linux/OSS zealots. This thread show the double standards. If it is an IE bug, they will whine at Mircosoft as much as they can. If its OSS software bug, yeah no big deal.One guy says, the more bugs they found, more secure it will be another says they fix it fast and another will say its no big deal to download on slow dialup. Excuses excuses and then they wonder why market share doesn’t increase. LOLHonestly, the hype of firefox seems to have died since the truth has come out. At least one thing is proven, the more popular a software is, the more bugs are found (or exploited). I feel so much better using Windows now. YaY all the OSS zealots can go and eat $#%^I still don’t get how a bunch of people on OSNews having double standards affects the market share for people who will never visit OSNews??? Do you think you can wrap your feeble little mind around the fact that maybe, just maybe, the people at OSNews aren’t a very good representation of the entire OSS community??? Most newbies go to a place like linuxquestions.org or the irc channel for their distro of choice. Go join any real mailing list for a project, they are very responsive and serious about these issues and no, they don’t sit and complain about Microsoft all day. Despite being computer geeks, they do have a life, unlike most of the people here, and do something useful with their time. I wouldn’t be suprised if more than three quarters of the people that make stupid comments like the ones you are referring to (or yours to boot) are 13 years old and just do it because they have nothing better to do.And incase you aren’t actually 13, you should re-read your comment, because it reads like it is written by a 13 year old.(And to the handful (literally) of intelligent people that comment on these forums, I apologize, and I wasn’t talking about you). 2005-07-13 12:08 am i prefer a clean reinstall instead of patching…..and I am on a dialup connection… well almost… cellphone…. takes about 15-20min to download but i can live with that….“This should make people who bash for a single IE problem a bit upset ”if it was a single problem in IE but it isnt, it is numerous flaws and exploits int he browser and the OS… but since they are wrapped up together one affects the other… 2005-07-13 12:20 am TBPrinceif it was a single problem in IE but it isnt, it is numerous flaws and exploits int he browser and the OS… but since they are wrapped up together one affects the other…That’s true. But all in all, MS is another victim of surprisingly fast Internet development. A few of their technologies, which were even good ones, proved to be ineffective and unable to cope with such a large exponential growth or hard to maintain.On the other hand, putting a browser at base of your system made helped to make HTML and Internet so popular.I think MS got perfectly aware that they had a maintenance problem for their technologies at least 2-3 years ago. They’re improving (whether it’s enough, it’s of course questionable).However, auto-patching seemed to help, given that many computers now have access to the Internet. The dark side of auto-patching (as someone noticed) is having your software to stop working all of sudden for unknown reasons. This could be ok for home users, but it’s dramatic for business users… 2005-07-13 12:09 am Is when it breaks extensions. Granted, this hasn’t happened to me since 1.02, but I dread updating the program. Just a couple of months ago, just updating a couple of extensions completely broke the personal toolbar. I have considered for awhle switching to Opera full-time. As soon as they get some kind of integrated adblock functionality (piss on the damn ini files), I’ll prolly be there. 2005-07-13 1:48 am “That makes 9 critical bugs (which, if I’m right, represents bug who can lead to unrestricted system access) in timeframe from 1.0.1 to 1.0.5… isn’t that a few months? How many? 2-3-4 months?This should make people who bash for a single IE problem a bit upset and mostly should teach them that the more a product get popular, the more it will need to care about security.”How about doing a little more research before you post. You imply that Firefox is a security nightmare when, in fact, it still has far less vulnerabilities than IE. And the problem with IE is not a “single problem” as you put it but several of them. Compare the security history of IE (http://secunia.com/product/11/) and Firefox (http://secunia.com/product/4227/). Firefox still comes out ahead.Firefox is not perfect and the update feature that should be available in 1.1 will make patching much easier and less of a pain. It hasn’t been the best year for firefox but its still WAY more secure than any other free browser out there. 2005-07-13 3:32 am Awww you are trying so hard to defend firefox. Remember IE is there for a long time, you should compare vulnerabilities over a time period. Also IE is used by more than 70-80% people so it is attacked way more. 2005-07-13 3:46 am awww and you are trying so hard to attack firefox so i think it only right that someone defend it… I tell you what, if you dont attack it I will guarantee that no one will be defending it…. 2005-07-13 3:38 am Here is my story:I rebooted windows, i clicked on IE, it started in 1-2 seconds. I clicked on Firefox, it took 7-10 seconds. 2005-07-13 3:52 am well IE should be faster considering explorer is already loaded it just has to throw a different window areound it…firefox takes about 2 second maybe 3 on my machine… 2005-07-13 3:42 am What do you mean by part of OS? It is only used by the shell. Shell is necessary for an OS to work. Lets say on Linux, my shell is KDE, then Konqueror == IE.Whats wrong with IE being a part of shell? Please enlighten? 2005-07-13 3:44 am “Here is my story:I rebooted windows, i clicked on IE, it started in 1-2 seconds. I clicked on Firefox, it took 7-10 seconds.”As explained before, IE is tight to Windows (it’s used to render stuff when you click on My Computer, etc) so it gets loaded with Windows.That’s why it starts “faster”. Before posting like that, I would recommend you to learn more about how Windows works. 2005-07-13 3:48 am “What do you mean by part of OS? It is only used by the shell. Shell is necessary for an OS to work. Lets say on Linux, my shell is KDE, then Konqueror == IE.Whats wrong with IE being a part of shell? Please enlighten?”The shell in windows implies the taskbar, start menu. The shell in Linux is just a program that gives you a command line. KDE is a Desktop for Linux (it gives you a window manager and utilities to enance your desktop) and runs on top of X. A few things are based on KHTML the Konqueror rendering engine, so if it has a bug, there shouldn’t be a problem.In Windows the Internet Explorer rendering engine is used to display tons of things, so if there’s a bug on it or it crash.. then, your whole desktop crash. In Linux you just have to kill a app if that happens. 2005-07-13 6:45 am so if there’s a bug on it or it crash.. then, your whole desktop crash.Who told you that? IE can crash as much as it wants, my desktop doesn’t. The rendering engine is in mshtml.dll and it is used by different processes.So now please come up with better reason, why having IE on system (or as a part of the shell) is a bad thing?Instead it makes some display task really rich. .chm files for example. There is no uniform help standard in Linux. None is able to display rich help like .chm files with full index etc. 2005-07-13 4:02 am not only is IE meshed with the filemanager it is so much more from web content in folders to active desktop to…everything, it is woven in and out of the OSyes, you can rip it out but it certainly isnt made to be that way and I am actually not sure you can still rip it out anymore… 2005-07-13 4:11 am Two Questions:1) When the hell will it NOT wreck my extensions, even though they still work if I reinstall them?and2)When can I set Firefox AS MY SHELL!?! Let’s rip windows, right out of Windows. Wouldn’t that be sweet?I’m SURE I read way back ages ago that Netscape was planning to do the shell game, but I guess they gave up on that idea… 2005-07-13 4:16 am rip windows out of windows….well maybe not that completely but you can run blackbox for windows and not have explorer or any of that running….looks really leet as well! got skills! 2005-07-13 4:25 am FF and Opera may have an advantage right now, but don’t rule out IE on the security front just yet. You can bet that if MS goes ahead and buys Claria, the first thing they’ll do is finally lock IE down good and tight. There’s no way they’ll let anybody else’s spyware run on your machine… 2005-07-13 4:27 am now THAT is INTEGRATED!!!!🙂you could create a OS that is one big popup ad…heck linspire almost does that now, maybe M$ is learning from them…toooo funnny 2005-07-13 4:45 am That’s a little dumb. Or very stupid. Hmm…Anyways, the point. I’ll get to the point. Mmmmmm, point, *drools*.Claria / Gator specifically ask users to install them from websites. I know, I’ve seen the ActiveX dialog boxes, and I’ve seen people click yes (ugh). Microsoft already can deal with this, people just have to stop clicking Yes dangit.It’s the other spyware that is more problematic. You know, the ones that don’t pop a thing up. I’ve been infected with this variety myself, which is was drove me to Firefox (and then the tabs, popup blocking, and extensions held me to it).The only way Claria typically goes in with not user approval at all is when it’s bundled with other spyware. This wouldn’t solve that issue. 2005-07-13 6:29 am Thank you works great. 2005-07-13 6:50 am For all the *ignorant* people, the default shell in windows is Explorer, which displays, taskbar etc. You can chose a different processes to be the shell like cmd.exe and all you will see windows start is cmd.exeYou can create a completely new desktop and windows will load that. How exactly is Linux any better? 2005-07-13 7:16 am stupid buggy open source software. 2005-07-13 7:26 am agildehausI am sorry you don’t understand the simple concept that programmers are not flawless and thus their programs are not flawless. The difference here, what we have missed under an IE dominated market, is that this little browser regularly receives updates and people actually care that it continues to receive features.If you don’t want to upgrade, don’t. It took me a whole 5 minutes. Granted they could have a better update system, but that will have to wait for 1.1 (it’s coming). 2005-07-13 9:32 am sappyvcvI wouldn’t call 2 months between 1.0.4 and 1.0.5 with 10 vulnerabilities (2 critical) very timely.When there is a critical vulnerability, you fix it and get a new version out in under a week if you want it to be called “timely”. You think that’s hard? Nope. All they do is use the 1.0.4 codebase and fix only those security issues as not to introduce new bugs (though its still possible). It could be done in a day or two. 2005-07-13 9:35 am remenicMan, it would be so nice if they would finally fix the instability issues with Firefox. Any plugin can bring it down easily, and mplayerplug-in does it all too often.It’s sad that a plugin can bring down the entire application. Why doesn’t it run in a sandbox of some sort? 2005-07-13 10:23 am ankitmalikFrom my blog Morning he last time I had tried out Opera was on Linux. The font styles and sizes were absurd. I had to strain my eyes to surf the web using Opera. And so, I hastily moved back to Firefox.But now that I am on Windows [remember, I messed up my Linux installation with a curious rm -rf * ] ; Firefox bugs me. It starts up after, say, 20 seconds and most of the time, it refuses to start at all. In that case, I have to fire up the Task Manager and forcefully terminate the firefox.exe process and then try to run Firefox again.I am all for open source apps, but Operaa) loads considerably faster than Firefox [FF]!b) is snappier than FFc) is freewared) smooth scrolling really means smooth scrollinge) installs Skins without asking you to restart it to use!!The thing with closed source apps is they try to lock your data and then force you to upgrade. But the good thing about web browsers is you really aren’t storing any data in the web browser. Bookmarks are the only thing that may worry anyone like me, but then I use Furl, so no problem for me in this department.The downnside isa) It has ads but I guess I can live with that.b) It doesn’t support extensions like Adblock and installing the Opera Adblock thingie is a real pain.c) It is an eyesore on Linux.d) The WYSIWYG Editor for WordPress doesn’t work hereBut for me, the snappiness far outweighs the disadvantages. As long as I can work faster, I don’t mind the ads… And yes, I will be back to FF I guess, if it goes back to its lightweight origins.Now what I need to get used to is that Ctrl+T doesn’t mean New Tab.Or wait, can I set it up? Will check it out… And wait, I still have to try the Voice command system or whatever that is called… Evening This morning I blogged about Firefox’s loading time being a real pain… And by the evening I have this problem solved thanks to a comment posted for that post.The trick is toa) Export all your bookmarksb) Delete your profile in C:/Documents and Settings/$User/Application Data/Profiles/c) Start Mozilla Firefox and it will ask you to make a new profiled) Make a new profile and shut down Firefox.Now start Mozilla Firefox and it should load 10 times faster than the normal start up time!!! For instance I have Mozilla Firefox 1.0.5 [ it is not officially released yet] and I have managed to reduce start up times from 20 seconds to an unbelievable 2 seconds!!! 2005-07-14 2:26 am The trick is toa) Export all your bookmarksb) Delete your profile in C:/Documents and Settings/$User/Application Data/Profiles/c) Start Mozilla Firefox and it will ask you to make a new profiled) Make a new profile and shut down Firefox.That works, but once I add in the 12 extensions I consider essential, it goes back to the slow start up. 2005-07-13 10:51 am I wonder why they don’t address fixing other issues with FireFox ?a) Searching don’t work here, I get the search bar at the bottom, enter something to search and nothing happens.b) When loading a page often the ‘Stop’ loading document button is grayed out (ghosted) and you can’t stop the process of loading the page, specially when there are big images that require lot of time loading. You need to press the ‘Reload’ button and until then then ‘Stop’ button shows up (unghosted) and you can stop the pagec) No possibility to compile or use freetype 2.1.9 or even 2.1.10 without having to apply an unverified patch that floats around on many gentoo pages. Unfortunately that patch don’t take DPI into account and thus the fonts don’t look properly specially the dimensions are inaccurate.These are few issues that are floating through my head as I type, there are a few other really annoying issues as well. I wonder why they keep fixing security related issues and not fixing other visible or annoying issues as well. I know they work on FireFox 1.1 already but this don’t justify that other issues shouldn’t be fixed either in the meanwhile. 2005-07-13 12:04 pm For all the *ignorant* people, the default shell in windows is Explorer, which displays, taskbar etc. You can chose a different processes to be the shell like cmd.exe and all you will see windows start is cmd.exeYou can create a completely new desktop and windows will load that. How exactly is Linux any better?X — and we are talking X not Linux when we are talking desktop environments and window managers — seperates the app from the display. As such, if you want to have your File… menus running along the top of the screen like in MacOS/OSX, you can. With Windows, things just aren’t designed to be seperated…so apps tend to make odd decisions based on the default setup. If you want to boot without X, you can. If you want to replace or entirely remove X, you can too…and some PDAs and embedded systems do.You can approximate what X + window managers and virtual terminals provide in Windows, but it’s really not the same. In short, Windows isn’t as flexable as X. 2005-07-13 12:47 pm abdavidsonThis post being scored so low is a good example of the problems of this vote system.More people use Firefox than Opera so a plain simple FACTUAL comment based on Opera gets voted down by the large amount of Firefox users. 2005-07-13 1:33 pm karl1I wouldn’t necessarily call that a problem with the vote system. You can set your threshold lower and still see the comments; however, the reason the comment in question was scored low (no, I haven’t seen it yet), would have been because of the types of people, not the vote system. A system is only as good as its users, and if people desire to vote down valid posts, then it is not the system’s fault, but the fault of the people. 2005-07-13 1:05 pm “Awww you are trying so hard to defend firefox. Remember IE is there for a long time, you should compare vulnerabilities over a time period. Also IE is used by more than 70-80% people so it is attacked way more.”I wouldn’t call that trying hard I would call that minimal effort. If you actually read the secunia links that were provided you would see that they have statistics over a period of time for both firefox and IE6 and that firefox still comes out ahead. 2005-07-14 6:56 am TusharG🙂 its bit funny to see. I’m using Linux for past 5 years and I do promote open source inspite of that I didnot like the headline that google news is flashing “Firefox Gets a New Coat” well its not a coat! these are bug fixes while if it would have been a IE bug fixes then news would have been “IE fixes critical vernabilities!” Well it sounds like google is coming with its browser which is based on firefox and naturally they want to represnt it nicely. and finally i want to say, lets not be biased and be fair when one posts news! bugs are bugs! and irrespectively they should be fixed!