1.0.5
-
- Posts: 672
- Joined: March 13th, 2004, 3:15 pm
1.0.5
Since it seems pretty obvious that 1.0.5 will out (due to http://secunia.com/advisories/15601/), will this have any impact on the timeframe in which deer park final is deployed?
<b><a href="http://www.petitiononline.com/f1254114/petition.html">Sign this petition if you want to help spread Firefox</a></b>
- Mini-Geek
- Posts: 1239
- Joined: February 7th, 2005, 8:08 pm
- Location: Bulverde (near San Antonio), Texas, USA
- BenBasson
- Moderator
- Posts: 13671
- Joined: February 13th, 2004, 5:49 am
- Location: London, UK
- Contact:
- dirtyepic
- Posts: 168
- Joined: June 17th, 2004, 8:16 pm
- Location: Canada
- a;skdjfajf;ak
- Posts: 17002
- Joined: July 10th, 2004, 8:44 am
- Rishi M.
- Folder@Home
- Posts: 1294
- Joined: April 29th, 2005, 7:36 pm
- Location: Toronto, Canada
- Contact:
Cusser wrote:The nightlies (trunk at least) already had a patch for this checked in. I don't remember if it's a partial or total fix as of this moment. I still maintain my stance that unless there are other things worth patching, releasing 1.0.5 for this trivial issue is a waste of effort.
I agree. If there a few other security/stability fixes on deck already, then yes, ship 1.0.5. However, another release on the almost-dead aviary-1.0 branch just for this vulnerability will do nothing but take dev time away from 1.1.
Quidquid latine dictum sit, altum sonatur.
Folding for Team MozillaZine (No. 39340) with 32.4GHz of power. Your machine can make a difference! Join now.
Folding for Team MozillaZine (No. 39340) with 32.4GHz of power. Your machine can make a difference! Join now.
- Ordinaryaverageguy04
- Posts: 98
- Joined: September 14th, 2004, 7:37 am
On the other hand, this vulnerability has been reported everywhere. It would be good to show that Mozilla is dedicated to fixing security issues immediately. Personally, i think it would be a big mistake not to release a 1.0.5 with the patch. For those who don't know much about it still just see it as a security risk. They don't know or care about the severity, just that they aren't vulnerable. Just my opinion =).
Firefox + Thunderbird = The Ultimate Desktop Team
-
- Posts: 56
- Joined: April 13th, 2003, 1:18 pm
- Location: Germany
There is some "Windows" bug according to this german heise online article http://www.heise.de/newsticker/meldung/60433 which causes a blue screen, when height and width of images are set to big values in the html code (independant of the browser)
Yet, there seems to be a fix in Deer Park Alpha 1, which prevents this.
This fix would be good to have in 1.0.5 as well, if it isn't already in.
Yet, there seems to be a fix in Deer Park Alpha 1, which prevents this.
This fix would be good to have in 1.0.5 as well, if it isn't already in.
- ColdFusion650
- Posts: 2186
- Joined: December 5th, 2004, 1:12 pm
- Location: Below the Mason-Dixon
-
- Posts: 237
- Joined: August 1st, 2004, 1:24 pm
I would release 1.05 just to be on the safe side until 1.1 offically comes out.
According to Yahoo news if you have the mixed tab extension installed then you should be protected.
http://news.yahoo.com/news?tmpl=story&u ... /164301545
According to Yahoo news if you have the mixed tab extension installed then you should be protected.
http://news.yahoo.com/news?tmpl=story&u ... /164301545
-
- Posts: 2417
- Joined: November 4th, 2002, 4:47 pm
- Location: London, UK
- Contact:
Cusser wrote:I still maintain my stance that unless there are other things worth patching, releasing 1.0.5 for this trivial issue is a waste of effort.
Looking at the <a href="http://www.squarefree.com/burningedge/2005/06/07/2005-06-07-trunk-builds/">most recent burning edge post</a>, it looks like a couple of other security fixes have gone onto the trunk. Assuming those aren't trunk-only regressions (which isn't very likely), they also exist in 1.0.4 and will need a 1.0.5 to fix them.
- BenBasson
- Moderator
- Posts: 13671
- Joined: February 13th, 2004, 5:49 am
- Location: London, UK
- Contact:
-
- Moderator
- Posts: 0
- Joined: December 31st, 1969, 5:00 pm
Deer Park is not an end user product. That's why it isn't called Firefox.ColdFusion650 wrote:my suggestion: for people who are really worried about the security fix, tell them to download deer park.
We who are technically minded and can work around the bugs in DP (and find new ones) will benefit from using it. Others should stick to 1.0.4.