| Firefox 1.5 beta 1 speeds navigation, squashes security bug |
Sep. 09, 2005
 Mozilla Corp. Friday released Firefox 1.5 Beta 1 (code-named Deer Park), a preview of the next major release of its popular open-source-based browser. The company said the beta is intended for the early adopter community, Web site and Web application developers, and Firefox extension developers, and does not come with technical support.
The final 1.5 version will be released in November or December, Mozilla products manager Chris Beard told eWEEK.com. Beta 2 is expected in October, he said.
Later in the day, Mozilla also announced it has posted a new workaround for a potentially serious security flaw in which hackers could be allowed to remotely execute arbitrary code on a affected host.
The release, which can be downloaded here, includes faster browser navigation with improvements to back and forward button performance, drag-and-drop reordering for browser tabs, and an upgrade in usability -- including descriptive error pages, redesigned options menu, RSS discovery and "safe mode," Mozilla said.
There is added support for Mac OS X (v10.2 and greater), including profile migration from Safari and Mac Internet Explorer, and improvements to its popup blocking, the company said.
In extensions, Answers.com has replaced Dictionary.com for built-in dictionary lookup. "We received a lot of user requests for this," Beard said.
Why new version is faster
Beard said that the application is faster overall thanks to the next-generation Gecko layout engine the app uses. "There has been a full year's worth of development on it, the code is a lot tighter, and it gets pages from the Web and renders them faster," Beard said.
Mozilla has taken a tip from Microsoft Corp. and other software makers in adding an automated update to streamline product upgrades. Notification of an update is more prominent, and updates to Firefox may now be half a megabyte or smaller.
For more technical users, Firefox 1.5 Beta 1 now provides better accessibility support, which includes DHTML accessibility, security enhancements and new support for Web standards -- including SVG, CSS 2 and CSS 3, and JavaScript 1.6, Mozilla said.
Security researcher Tom Ferris of Security-Protocols.com posted an advisory and a proof of concept about the buffer-overflow security problem to his website Thursday night.
"A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions (including the new beta) which allows for an attacker to remotely execute arbitrary code on a affected host," Ferris said. A bug fix was not issued for the vulnerability with the Friday release.
Beard told eWEEK.com that his security team only learned about the vulnerability "less than 72 hours ago, and we responded to the bug reporter in 20 minutes. Of course this will be a priority for us."
Workaround issued quickly
Firefox's chief of engineering, Mike Schroepfer, told eWEEK.com that the workaround was completed Friday and that "it was a simple procedure. The problem involved using international fonts in the URL; we simply turned off that feature. This buys us more time to go in and do a complete patch (for the final 1.5 version)."
Apparently, if an attacker used a specific 12-character URL in a particular foreign font, he or she could have hacked into an affected computer.
An early Beta 1 adopter emailed eWEEK.com with a complaint, saying that although "there's nothing obviously wrong with the software itself (download was fast, installation was smooth, pages loaded with impressive speed,...) five out of seven Firefox extensions on this system are incompatible with this beta version, including several that are indispensable in my daily use."
Beard addressed this complaint directly, saying that "this is exactly what the beta is for -- to find the flaws now. We want people to kick the tires and tell us what they find out. We want to make sure all the extensions people use are readily portable. We're very good at responding to users."
"Regarding extension compatibility, in the next couple of days the community can look for an extension compatibility posting that will include an up-to-date listing of developer extensions as they become compatible with Firefox 1.5 beta 1. This will be available at addons.mozilla.org," Schroepfer told eWEEK.com.
New dev site launched
Beard also told eWEEK.com that Mozilla has launched a new developers' website to consolidate communication between the company and the web development and extensition-writing communities. The site includes blogs, tools, and a tutorial on developing extensions.
Not everybody was impressed with the new release.
Browser analyst Michael Gartenberg of Jupiter Research told eWEEK.com that this release "carries nothing dramatic enough to change the equation. Firefox is basically the same as ever, although current users will certainly want to upgrade. It's business as usual."
Gartenberg said he doesn't expect the 1.5 release to make much of an immediate difference in boosting Firefox's market share, which has stagnated recently. The company reported that in July alone, Firefox lost about two-thirds of a marketshare point to just over 8 percent, although some analysts claim Firefox may actually own as much as 20 percent of the browser market. Microsoft's Internet Explorer has owned the field with more than 90 percent of the market for nearly eight years.
Microsoft has said it will not upgrade its browser to version 7.0 before the next release of Windows Vista, due out next year.
"Microsoft is going to crank up the IE message soon, in response to Firefox," Gartenberg said. "They're not about to let their marketshare slip away."
Key bug fixes listed
Notable bug fixes since Firefox 1.5 Alpha 2 include the following:- Links didn't become ":visited color" if URL was loaded in another window/tab/frame.
- Submit button often did not work.
- Weird scrolling sometimes occurred when auto-scroll over iframe/frame was used.
- Windows often split into an inner and outer object.
- Bookmarks:
- After searching bookmarks, the results were not editable.
- A menu option was needed for Bookmark All Tabs (Ctrl+Shift+D on Windows, Cmd+Shift+D on Mac) and bookmark options in the right-click menu for tabs.
- Loading live bookmarks bypassed cache.
- Bookmark keyword quicksearch needed a way to specify character encoding for query URLs.
In a specific Windows bug fix, Mozilla remedied the "Set as Wallpaper" command -- which changed the wallpaper for all users at once, rather than only the current user.
In other general fixes, the Firefox clearing cache -- which often failed -- was repaired, and the "sanitize on shutdown" command now works if the last closed window is not a browser window.
A list of fixed bugs can be found here.
If you found this eWEEK.com article by Chris Preimesberger informative, be sure to check out eWEEK.com's Linux & Open Source Center for the latest open-source news, reviews, and analysis.
Related Stories:
(Click here for further information)
|
|
|
Approaching the Linux Desktop
The purpose of this paper is to help organizations evaluate the Linux desktop against their own enterprise needs and discover what benefits the Linux desktop might bring to their organizations.
Migrating To Linux: Application Challenges and Solutions
Several solutions exist to help organizations migrate in an orderly fashion from Windows to Linux desktops. This paper establishes the characteristics of an ideal cross-platform solution and reviews these alternatives in light of this ideal standard. The paper takes a closer look at the pros and cons of various solutions and outlines the business benefits that can be achieved.
Linux Advantages: Publicly Available Information on Linux Software
This paper offers a brief summary of readily-available Linux information to help businesses sort out this widely misunderstood operating system.
Top 5 Strategies for Managing Linux
Despite continuous evolution in the manageability of Linux, a 2006 survey cited manageability concerns as a top reason why organizations are hesitating to adopt Linux. Levanta believes Linux can be as manageable, if not more so, than other operating systems by following key strategies. These strategic recommendations were developed from experiences in numerous customer environments, both large and small.
Why Choose Novell for Linux?
This paper outlines the benefits of switching to the Linux platform and choosing Novell as a high-performance, enterprise solution.
Enterprise Linux Selection Guide
Considering moving your enterprise to the Linux operating system? Since there are so many similar versions, choosing the right one can be tough. This paper offers a clear process to help you make an informed decision and get the features, support, and cost that are right for your business and technical needs.
Overcoming Challenges in Managing Linux
Levanta has created a new administration model with innovative technology that breaks down the barriers to making the most of Linux systems. This paper will provide an in-depth look at the workings of Levanta’s product, the first Linux appliance of its kind.
SUSE Linux Enterprise 10 for Retail Businesses
Discover why major retailers have switched to SUSE Linux Enterprise Desktop in the back office. SUSE Linux Enterprise Desktop 10 is a low-cost desktop that offers a complete set of productivity applications and interoperates seamlessly with the other Windows, Macintosh and UNIX desktops in your store.
Moving to a Linux Desktop
Migrating from Windows to Linux on the desktop can be a substantial undertaking because it has the potential for touching -- and perhaps disrupting -- every user in your organization. Unlike a data center (server and infrastructure) migration that is largely transparent to users, the cultural and administrative transitions and environment readiness required to support a Linux desktop migration are extensive.
Seven Good Reasons to Exchange Exchange
This paper describes seven compelling reasons why you should switch from Exchange to Scalix.
|
|
|
|
|
news feed