| Firefox 1.5 beta 1 speeds navigation, squashes security bug |
Sep. 09, 2005
 Mozilla Corp. Friday released Firefox 1.5 Beta 1 (code-named Deer Park), a preview of the next major release of its popular open-source-based browser. The company said the beta is intended for the early adopter community, Web site and Web application developers, and Firefox extension developers, and does not come with technical support.
The final 1.5 version will be released in November or December, Mozilla products manager Chris Beard told eWEEK.com. Beta 2 is expected in October, he said.
Later in the day, Mozilla also announced it has posted a new workaround for a potentially serious security flaw in which hackers could be allowed to remotely execute arbitrary code on a affected host.
The release, which can be downloaded here, includes faster browser navigation with improvements to back and forward button performance, drag-and-drop reordering for browser tabs, and an upgrade in usability -- including descriptive error pages, redesigned options menu, RSS discovery and "safe mode," Mozilla said.
There is added support for Mac OS X (v10.2 and greater), including profile migration from Safari and Mac Internet Explorer, and improvements to its popup blocking, the company said.
In extensions, Answers.com has replaced Dictionary.com for built-in dictionary lookup. "We received a lot of user requests for this," Beard said.
Why new version is faster
Beard said that the application is faster overall thanks to the next-generation Gecko layout engine the app uses. "There has been a full year's worth of development on it, the code is a lot tighter, and it gets pages from the Web and renders them faster," Beard said.
Mozilla has taken a tip from Microsoft Corp. and other software makers in adding an automated update to streamline product upgrades. Notification of an update is more prominent, and updates to Firefox may now be half a megabyte or smaller.
For more technical users, Firefox 1.5 Beta 1 now provides better accessibility support, which includes DHTML accessibility, security enhancements and new support for Web standards -- including SVG, CSS 2 and CSS 3, and JavaScript 1.6, Mozilla said.
Security researcher Tom Ferris of Security-Protocols.com posted an advisory and a proof of concept about the buffer-overflow security problem to his website Thursday night.
"A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions (including the new beta) which allows for an attacker to remotely execute arbitrary code on a affected host," Ferris said. A bug fix was not issued for the vulnerability with the Friday release.
Beard told eWEEK.com that his security team only learned about the vulnerability "less than 72 hours ago, and we responded to the bug reporter in 20 minutes. Of course this will be a priority for us."
Workaround issued quickly
Firefox's chief of engineering, Mike Schroepfer, told eWEEK.com that the workaround was completed Friday and that "it was a simple procedure. The problem involved using international fonts in the URL; we simply turned off that feature. This buys us more time to go in and do a complete patch (for the final 1.5 version)."
Apparently, if an attacker used a specific 12-character URL in a particular foreign font, he or she could have hacked into an affected computer.
An early Beta 1 adopter emailed eWEEK.com with a complaint, saying that although "there's nothing obviously wrong with the software itself (download was fast, installation was smooth, pages loaded with impressive speed,...) five out of seven Firefox extensions on this system are incompatible with this beta version, including several that are indispensable in my daily use."
Beard addressed this complaint directly, saying that "this is exactly what the beta is for -- to find the flaws now. We want people to kick the tires and tell us what they find out. We want to make sure all the extensions people use are readily portable. We're very good at responding to users."
"Regarding extension compatibility, in the next couple of days the community can look for an extension compatibility posting that will include an up-to-date listing of developer extensions as they become compatible with Firefox 1.5 beta 1. This will be available at addons.mozilla.org," Schroepfer told eWEEK.com.
New dev site launched
Beard also told eWEEK.com that Mozilla has launched a new developers' website to consolidate communication between the company and the web development and extensition-writing communities. The site includes blogs, tools, and a tutorial on developing extensions.
Not everybody was impressed with the new release.
Browser analyst Michael Gartenberg of Jupiter Research told eWEEK.com that this release "carries nothing dramatic enough to change the equation. Firefox is basically the same as ever, although current users will certainly want to upgrade. It's business as usual."
Gartenberg said he doesn't expect the 1.5 release to make much of an immediate difference in boosting Firefox's market share, which has stagnated recently. The company reported that in July alone, Firefox lost about two-thirds of a marketshare point to just over 8 percent, although some analysts claim Firefox may actually own as much as 20 percent of the browser market. Microsoft's Internet Explorer has owned the field with more than 90 percent of the market for nearly eight years.
Microsoft has said it will not upgrade its browser to version 7.0 before the next release of Windows Vista, due out next year.
"Microsoft is going to crank up the IE message soon, in response to Firefox," Gartenberg said. "They're not about to let their marketshare slip away."
Key bug fixes listed
Notable bug fixes since Firefox 1.5 Alpha 2 include the following:- Links didn't become ":visited color" if URL was loaded in another window/tab/frame.
- Submit button often did not work.
- Weird scrolling sometimes occurred when auto-scroll over iframe/frame was used.
- Windows often split into an inner and outer object.
- Bookmarks:
- After searching bookmarks, the results were not editable.
- A menu option was needed for Bookmark All Tabs (Ctrl+Shift+D on Windows, Cmd+Shift+D on Mac) and bookmark options in the right-click menu for tabs.
- Loading live bookmarks bypassed cache.
- Bookmark keyword quicksearch needed a way to specify character encoding for query URLs.
In a specific Windows bug fix, Mozilla remedied the "Set as Wallpaper" command -- which changed the wallpaper for all users at once, rather than only the current user.
In other general fixes, the Firefox clearing cache -- which often failed -- was repaired, and the "sanitize on shutdown" command now works if the last closed window is not a browser window.
A list of fixed bugs can be found here.
If you found this eWEEK.com article by Chris Preimesberger informative, be sure to check out eWEEK.com's Linux & Open Source Center for the latest open-source news, reviews, and analysis.
Related Stories:
(Click here for further information)
|
|
|
|
|
|
|
|
