osvi wrote:sorry, i think i haven't understood - the bug about password stealing isn't fixed yet?
MySpace fixed it on their end, as I understand it. You can set "signon.prefillForms" in about:config to fix it for other sites. Better fix coming for 2.0.0.2, probably like IE7, more fine-grained check of what form is involved.
@Meow:
You can use the <a href="http://users.blueprintit.co.uk/~dave/web/firefox/updatechannel">Update Channel Changer</a> extension to get the nightly builds. As far as I know that's the only way I know to update to the various RCs.
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).
<b>Edit: this is incorrect, see <a href="http://forums.mozillazine.org/viewtopic.php?p=2648295#2648295">6 posts down</a></b>
Last edited by nrthomas on December 13th, 2006, 12:05 pm, edited 1 time in total.
HardinComp wrote:@Meow: You can use the <a href="http://users.blueprintit.co.uk/~dave/web/firefox/updatechannel">Update Channel Changer</a> extension to get the nightly builds. As far as I know that's the only way I know to update to the various RCs.
Using UCC to swap to the nightly channel would let you jump from a RC build to the latest nightly, but not to another RC.
If the nightly has a new RC that would be the way to get it. Otherwise I don't think there's a way to go from RC to RC short of downloading the new one.
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).
I was so focused on en-US I did not notice that's the only locale with a Windows build in RC3 !
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).
I was under the impression that bug was the reason for RC2, not RC3...
Morris Stuart wrote:Still, a RC3 was created so something must have been changed. Right?
RC3 was only rebuilt for Linux, to fix the Control-Shift keyboard shortcuts (<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=363054">bug 363054</a>). The Mac builds are just copied across from the RC2 dir, and the Windows builds are missing from the RC3 dir (apart from a signed en-US).
I was under the impression that bug was the reason for RC2, not RC3...
Yes, you're right. I got confused for a second there.
The build guys say RC3 is only for the win32 localized builds, to cryptographically sign all the dll/exe's for maximum Vista happiness.
osvi wrote:sorry, i think i haven't understood - the bug about password stealing isn't fixed yet?
MySpace fixed it on their end, as I understand it. You can set "signon.prefillForms" in about:config to fix it for other sites. Better fix coming for 2.0.0.2, probably like IE7, more fine-grained check of what form is involved.
osvi wrote:sorry, i think i haven't understood - the bug about password stealing isn't fixed yet?
MySpace fixed it on their end, as I understand it. You can set "signon.prefillForms" in about:config to fix it for other sites. Better fix coming for 2.0.0.2, probably like IE7, more fine-grained check of what form is involved.
signon.prefillForms will be false by default?
i can't belive that mozilla will release an insecure build!
That is, true by default, which is the less secure setting.
Yeah, it seems odd, but they reason that the same sites would be vulnerable to XSS, using Javascript. It could harvest exactly the same form info. But that assumes sites which allow posting unrestricted HTML forms also allow posting unrestricted Javascript. Mozilla may have missed that distinction amidst all the meaningless screaming over side issues. Right?
Actually, I'm still confused over whether MySpace is really using a separate login domain and/or filtering the content. I see both user pages and a login form on www.myspace.com.
mozillaZine is an independent Mozilla community and advocacy site. We're not affiliated or endorsed by the Mozilla Corporation but we love them just the same.