[Branch] Firefox 2.0.0.1 fixlist (NOW RELEASED)

Discussion about official Mozilla Firefox builds
Locked
User avatar
colfer
Posts: 643
Joined: December 4th, 2002, 9:34 am
Location: Bear

Post by colfer »

osvi wrote:sorry, i think i haven't understood - the bug about password stealing isn't fixed yet?

MySpace fixed it on their end, as I understand it. You can set "signon.prefillForms" in about:config to fix it for other sites. Better fix coming for 2.0.0.2, probably like IE7, more fine-grained check of what form is involved.
nrthomas
Posts: 1988
Joined: February 9th, 2003, 3:25 pm

Post by nrthomas »

Meow wrote:is there a way to modify the update channel of Firefox to advance from RC to RC, using the built-in updater?
No, that isn't set up.
Old HardinComp
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by Old HardinComp »

@Meow:
You can use the <a href="http://users.blueprintit.co.uk/~dave/web/firefox/updatechannel">Update Channel Changer</a> extension to get the nightly builds. As far as I know that's the only way I know to update to the various RCs.
nrthomas
Posts: 1988
Joined: February 9th, 2003, 3:25 pm

Post by nrthomas »

Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).

<b>Edit: this is incorrect, see <a href="http://forums.mozillazine.org/viewtopic.php?p=2648295#2648295">6 posts down</a></b>
Last edited by nrthomas on December 13th, 2006, 12:05 pm, edited 1 time in total.
nrthomas
Posts: 1988
Joined: February 9th, 2003, 3:25 pm

Post by nrthomas »

HardinComp wrote:@Meow:
You can use the <a href="http://users.blueprintit.co.uk/~dave/web/firefox/updatechannel">Update Channel Changer</a> extension to get the nightly builds. As far as I know that's the only way I know to update to the various RCs.
Using UCC to swap to the nightly channel would let you jump from a RC build to the latest nightly, but not to another RC.
Old HardinComp
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by Old HardinComp »

If the nightly has a new RC that would be the way to get it. Otherwise I don't think there's a way to go from RC to RC short of downloading the new one.
The Ex Omega
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by The Ex Omega »

Eggster wrote:Wait, there's a 1.5.0.9 ? What warranted that minor bump ?


Two words...

Stability

Security
User avatar
colfer
Posts: 643
Joined: December 4th, 2002, 9:34 am
Location: Bear

Post by colfer »

CrazyFred wrote:
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).

I was so focused on en-US I did not notice that's the only locale with a Windows build in RC3 !
Morris Stuart
Posts: 124
Joined: December 12th, 2006, 12:53 pm
Location: London

Post by Morris Stuart »

CrazyFred wrote:
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).
I was under the impression that bug was the reason for RC2, not RC3...
nrthomas
Posts: 1988
Joined: February 9th, 2003, 3:25 pm

Post by nrthomas »

Morris Stuart wrote:
CrazyFred wrote:
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).
I was under the impression that bug was the reason for RC2, not RC3...
Yes, you're right. I got confused for a second there.

The build guys say RC3 is only for the win32 localized builds, to cryptographically sign all the dll/exe's for maximum Vista happiness.

All the locales are now present in the rc3 dir.
User avatar
the-edmeister
Posts: 32249
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Post by the-edmeister »

colfer wrote:
osvi wrote:sorry, i think i haven't understood - the bug about password stealing isn't fixed yet?

MySpace fixed it on their end, as I understand it. You can set "signon.prefillForms" in about:config to fix it for other sites. Better fix coming for 2.0.0.2, probably like IE7, more fine-grained check of what form is involved.

Explanation here:
http://forums.mozillazine.org/viewtopic ... 92#2635392


Ed
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
osvi
Posts: 28
Joined: July 22nd, 2005, 1:54 pm

Post by osvi »

colfer wrote:
osvi wrote:sorry, i think i haven't understood - the bug about password stealing isn't fixed yet?

MySpace fixed it on their end, as I understand it. You can set "signon.prefillForms" in about:config to fix it for other sites. Better fix coming for 2.0.0.2, probably like IE7, more fine-grained check of what form is involved.

signon.prefillForms will be false by default?
i can't belive that mozilla will release an insecure build!
User avatar
colfer
Posts: 643
Joined: December 4th, 2002, 9:34 am
Location: Bear

Post by colfer »

That is, true by default, which is the less secure setting.

Yeah, it seems odd, but they reason that the same sites would be vulnerable to XSS, using Javascript. It could harvest exactly the same form info. But that assumes sites which allow posting unrestricted HTML forms also allow posting unrestricted Javascript. Mozilla may have missed that distinction amidst all the meaningless screaming over side issues. Right?

Actually, I'm still confused over whether MySpace is really using a separate login domain and/or filtering the content. I see both user pages and a login form on www.myspace.com.
Nodder
Posts: 18
Joined: February 9th, 2006, 10:42 am
Location: Berlin, Germany

Post by Nodder »

Can anybody confirm this? When clicking this link firefox crashes.
Slochy
Posts: 108
Joined: December 7th, 2004, 11:06 am

Post by Slochy »

Nodder wrote:Can anybody confirm this? When clicking this link firefox crashes.


Same here. Firefox stops responding, I have to close it manually.

Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.1) Gecko/20061215 Firefox/2.0.0.1 ID:2006121503
Locked