1.0.3 final candidates || MAIN || yahoo toolbar support for mac and linux firefox

April 05, 2005

another shot at 1.0.3

After further consideration (and investigation,) we have decided that it may be necessary to take a rather larger change into 1.0.3 than we had planned. We've run into one of those "fix the root cause or patch around the symptoms" trade-offs and to prevent future security issues, we're leaning towards the "fix the root problem" fix.

The problem with "the right fix" is that it will probably break a number of extensions - we've already determined that features within DOM Inspector will break and need to be patched.

You can get the Windows build that includes this fix here. The Mac build is here. The Linux build is here.

If you're testing these builds, please set the javascript.options.showInConsole pref to true in about:config, run with your JavaScript Console open (Tools -> JavaScript Console,) and note any errors that come up, especially if and when an extension is failing.

I'm happy to see feedback here. If it's about a specific extension that broke between 1.0.2 and this 1.0.3 build, please note that (and the JS errors) at bug 289231. If it's more general in nature, or you don't have specific error reports, then fee free to post here at this blog or in mail to asa@mozilla.org. Also, if you crash, please submit talkback reports and include the crash report ID in your feedback.

Thanks for all your help so far. The sooner we can gather information on this change, the better it will be for our users' security, and our extensions and extension community. It's also worth noting that the extensions that could break from this change were probably a genuine security risk themselves and so this approach should lead to an overall more secure experience for all of our users.

Posted by asa at April 5, 2005 05:40 PM
Comments

Not exactly sure what I did. Was closing a tab and opening a new one to check my gmail (ironicly to get a password for bugzilla) and this error pop'd up.

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMXULElement.boxObject]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://global/content/bindings/browser.xml :: get_docShell :: line 0" data: no]

Hope this helps :-)

Posted by: Jay MacLean on April 5, 2005 06:45 PM

*sees what the first "broken" extension on the bugzilla topic is*

Oooooh crap. If AdBlock's broken, I'll have to stick with 1.0.2, gaping holes or no.

Posted by: Somebody on April 5, 2005 06:49 PM

AdBlock will still block elements, the error occors while trying to add a new one.

Although, looking at it now, when it tries to "remove" the image from the page, it will give an error, yet no errors appear for iframes.

Posted by: Jay MacLean on April 5, 2005 06:52 PM

Numerous errors showing in the JS Console, almost all of them relating to the SpoofStick 1.0.5 extension. However, the extension still functions as per usual. Erros relating to SpoofStick include:

Error: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMLocation.hostname]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://spoofstick/content/spoofstick.js :: getDomainName :: line 132" data: no]
Source File: chrome://spoofstick/content/spoofstick.js
Line: 132

---------------------

Error: p has no properties
Source File: chrome://spoofstick/content/spoofstick.js
Line: 124

---------------------

Error: jslib_turnDumpOn is not defined
Source File: chrome://converter/content/converter.js
Line: 12

---------------------

Error: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMLocation.hostname]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://spoofstick/content/spoofstick.js :: getDomainName :: line 132" data: no]
Source File: chrome://spoofstick/content/spoofstick.js
Line: 132

--------------------

I also got the same error as Jay.

Posted by: Rishi M on April 5, 2005 06:55 PM

Seems to break HTML valadator (error and warning not updating between pages) and Webdeveloper extentions (missing all display changing, but not getting any javascript error messages

+ still crashs at http://bcheck.scanit.be/bcheck/mangle.php

Posted by: Mark M on April 5, 2005 07:29 PM

If this will break extensions, I would prefer a warning of at least a week or two during which extension authors can fix the problem on their end. If everyone used the extension maxversion perfectly (and thus had 1.02 as the max), then this would not be an issue - but I can't think of one good extension that does this, and I wouldn't want them to.

Posted by: Racer on April 5, 2005 07:34 PM

I downloaded the Windows version...installed adblock...It's working, but i received the following error message in javascript console:

Error: window._AdblockObjects has no properties
Source File: chrome://adblock/content/component.js
Line: 494

Posted by: Chris on April 5, 2005 08:20 PM

i'm sorry let me elaborate..i receive that same exact error message...

Error: window._AdblockObjects has no properties
Source File: chrome://adblock/content/component.js
Line: 494

...whenever adblock blocks an ad on any website.

Posted by: Chris on April 5, 2005 08:22 PM

Why dont you patch around the problem for 1.0.3 and incorporate the big structural change in 1.1?

That way everyone is happy and extension developers have time to update their stuff.

Posted by: poynting on April 5, 2005 08:29 PM

also able to reproduce above error(s) when attempting to add new imageblock to adblock:

Error: uncaught exception: [Exception... "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsIXULTreeBuilder.getResourceAtIndex]" nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: chrome://adblock/content/filterall.js :: onSelectionChange :: line 191" data: no]

Posted by: Chris on April 5, 2005 08:33 PM

Ugh. This is a disaster in the making. Looking at the bug and comments here, there are already problems with common extensions.

Remember the fiasco with extensions between 1.0PR and 1.0 final? The extension version was bumped from .9 to 1.0, and it took a *long* time for developers to update their extensions. I know lots of people refused to upgrade from 1.0PR because so many extensions broke. And, IIRC, that was a warning ahead of time to developers that this would need to be done.

And now we're talking about doing this in a "minor" version?!

Posted by: Some Guy on April 5, 2005 08:57 PM

IMHO this is something that developers need the heads up on a little in advance (more like a Developers Preview).

Posted by: Robert Accettura on April 5, 2005 09:00 PM

I've gotten many of these - Error: uncaught exception: Permission denied to get property HTMLDocument.getElementsByTagName

several of these - Error: doc has no properties
Source File: chrome://greasemonkey/content/greasemonkey.js
Line: 34

3 of these - Error: dialog has no properties

Error: e.originalTarget.body has no properties
Source File: chrome://greasemonkey/content/browser.xul
Line: 69

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowInternal.focus]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://browser/content/utilityOverlay.js :: openUILinkIn :: line 186" data: no]

Posted by: ben on April 5, 2005 09:40 PM

Maybe it's just me, but even if I uncheck "Add to Start Menu" during the installation it will still make an empty Mozilla Firefox folder...that drives me crazy.

Posted by: Justin on April 5, 2005 09:48 PM

Is it possible to get a list of exactly what code will no longer work? I looked in the bug, but there was no direct information of what specifically was affected - or at least not at a level I fully understood.

I can do some testing of my extensions, but it would be nice to have a guide to go on.

Posted by: Chris Pederick on April 5, 2005 10:19 PM

Bloody marvelous! Break the extensions with a *MINOR* (bugfix release), why don't you! AND forget to notify extensions devs while at it...

<sigh>

Posted by: a on April 5, 2005 10:30 PM

With the unknown regressions, extension breakage, and doubts as to whether the patch actually works as expected (see the comments in the original bug) perhaps 1.0.4? If it is important enough to add to 1.0.3 after the bug has been around for like ever and with the bug not having any activity for a month it must be important enough to create a 1.0.4 release.

Posted by: Tired on April 5, 2005 11:55 PM

We didn't "forget" to notify extension devs, this is an experiment. This patch was in progress and appeared to address an entire class of issues, which seemed more promising than fixing the broken spots we know today, then having to turn around with a 1.0.4 or even a 1.0.5 because we missed a spot. We'll never get a 1.1 out if we keep getting distracted by security releases.

Asa should have stressed the experimental nature of these builds. The check-in comment reads "Landing patch from bug 281988 to generate builds for testing purposes. Will be backed out shortly." If it had gone better we would still have to finish the patch and provide a replacement/workaround for the functionality that was taken away. Only at that point would it make sense to notify extension authors.

I don't think anyone expected this much to be broken, I know I didn't.

Posted by: Dan Veditz on April 6, 2005 12:19 AM

I am posting on behalf of all the not-so-technical Firefox users. If a upgrade to Firefox may break extensions, please let people know before they are offered a download of it. A simple message that reads something like "The main reason for this upgrade is to patch security holes. Please be aware that 1.0.3 may break some of your extensions, if you have any." I have friends who know less than I do about computers (and I don't even know a whole lot compared to a lot of people who frequent MozillaZine), and since 1.0 came out, I have told them that they can just upgrade Firefox on their own from now on. When 1.0.2 came out, I had to run to the house of seven friends because they couldn't understand me over the phone when I told them they had to disable and then enable back their extensions for them to work. Please be kind to the not-so-technical Firefox users. Thank you.

Posted by: Victor Ly on April 6, 2005 01:23 AM

I have to agree that major structural changes should be left to 1.1 and the developer community be given plenty of warning about major changes a la the 0.9 changes.

1.0.xs should be primarily about quick security fixes. There just isn't the need nor the demand for bigger changes (apart from the Add/Remove entries bug, which would only get worse if not fixed pronto). 1.1 isn't that far away so not having a solid 'fundemental' fix in there for a few months isn't a big deal.

I'd also suggest being cautious with the rate of releases. Give it a few weeks to see if any other security issues come up, then fix more problems in fewer releases.

Otherwise, with 25m+ installs out there, you're going to get a lot of users who just won't be bothered to upgrade and will be left with insecure browsers - and that will then neatly sink one of Firefox's biggest selling points. It's giving us 'family tech guys' a big enough headache already.

Posted by: Dan100 on April 6, 2005 01:27 AM

Well I closed 1.02 with session saver, lot of pages open including this one and installed 1.03. After the launch there were 3/20 sites opened, the others were just blank tabs and the log is full with

Error: document.getElementById("redirrem-button") has no properties
Source File: chrome://redirectremover/content/redirremOverlay.js
Line: 13

Much of these too:
Error: window._content has no properties
Source File: chrome://redirectremover/content/redirremOverlay.js
Line: 93

And there's another different one below:
Error: uncaught exception: [Exception... "Component returned failure code: 0x80520012 (NS_ERROR_FILE_NOT_FOUND) [nsIWebNavigation.gotoIndex]" nsresult: "0x80520012 (NS_ERROR_FILE_NOT_FOUND)" location: "JS frame :: chrome://sessionsaver/content/sessionsaver.js :: anonymous :: line 234" data: no]

Posted by: Flex on April 6, 2005 01:41 AM

If you intend to release another security release which breaks extensions, please bump app.extensions.version this time...

Posted by: Anonymous on April 6, 2005 01:43 AM

I agree with Anonymous on bumping app.extensions.version if this does ship. (At this point, I guess the chance of that is pretty slim)

Please also remember that many extensions do not have update notification mechanisms; partly due to the lack of extension updates to UMO. Hence if this does go into the release branch eventually, the users should still be informed somehow (even if most users are reported to have no extensions).

But I guess you guys would have thought of this anyhow :)

Posted by: Mook on April 6, 2005 02:19 AM

I feel that this is important for all the people that think Firefox has somehow just been broken. I was worrying which of my extensions it would have issues with, so I installed it (not recommended to install testing builds) in a profile I created to test it. I also installed about 55 extensions in that profile, and then I installed this testing build. As has been documented before, ad-block seems to have issues with it, but ad-block also hasn't been updated in ages. I also noticed All-In-One gestures could crash it at times, but other than that, all the other 53 extensions seemed to work just fine. I think this is a case that error reporting has been increased sense it is a testing build, and people are assuming the worst. That's my opinion though, but I still don't want to surf the Internet without ad-block installed.:( Oh, and another note, I like what Firefox does on the Secunia test about reading information from FF from heap memory:)

Posted by: Dan E on April 6, 2005 03:15 AM

> I'd also suggest being cautious with the rate of releases. Give it a few weeks to see if any other security issues come up, then fix more problems in fewer releases. Otherwise, with 25m+ installs out there, you're going to get a lot of users who just won't be bothered to upgrade and will be left with insecure browsers

Even if the "rate of release" is slowed down, I don't think the percentage of unpatched Firefox would be increased a lot.

Posted by: minghong on April 6, 2005 03:26 AM

A weird behavior: try to right-click at a page that doesn't use any frames. You'll get "This frame" and the corresponsing submenus in the context menu.

That's because the DOM is wrong now?

Posted by: minghong on April 6, 2005 03:45 AM

Errors with extensions:

Error: window._AdblockObjects has no properties
Source File: chrome://adblock/content/component.js
Line: 494
Error: e has no properties
Source File: chrome://bugmenot/content/bugmenotOverlay.js
Line: 1146

(BBCode, FLST, Lincification, AutoCopy didn't cause errors for me.)

If I open a page in the sidebar the right-click contextmenu has many extra entries (like "Copy E-mail...", "Copy Image.."). Also I get these errors:

Error: gContextMenu has no properties
Source File: chrome://adblock/content/adblock.js
Line: 835
Error: this.docShell has no properties
Source File: chrome://global/content/bindings/browser.xml
Line: 0

Posted by: JS on April 6, 2005 05:49 AM

Man, I'm glad I'm not an extension dev now ;-)

Posted by: David Naylor on April 6, 2005 05:51 AM

switch proxy extension cause a problem. at first start of 1.03 (and everytime starting after close all windows)it took about 1 minute to defreeze the browser. i deinstal switch proxy and now everything works fine again.

Posted by: Joe on April 6, 2005 07:52 AM

..anticipates backlash for saying this..

No probs here. Only extension I use is BBCode and sometimes IEview. But makes me think seeing everyone talkin bout Adblock, how some people can't live without it. I don't use it and don't really like the idea of it. Sure we all hate ads, but alot of sites really depend on those ads to remain free websites, and I don't mind seeing em and even clicking on one once in a while to help a good website survive, and remain free to its visitors. My thoughts on adblock aside, it hasn't been updated in 7 months, and if is really that important to everyone, tell the person that makes it to update it. Shouldn't really be firefox development teams problem that their fixes and improvements don't work so well anymore with an extension that hasn't been updated in that long.

Posted by: Mike on April 6, 2005 08:13 AM

So much for buggy extensions! Users should move to Opera till everything comes back into line, at least all the functions are regression tested there. Release control is not such a nightmare.

How long before this kind of problem hits Thunderbird?

W.

Posted by: Wally on April 6, 2005 08:54 AM

> We didn't "forget" to notify extension devs, this is an experiment. This patch was in progress and appeared to address an entire class of issues, which seemed more promising than fixing the broken spots we know today, then having to turn around with a 1.0.4 or even a 1.0.5 because we missed a spot. We'll never get a 1.1 out if we keep getting distracted by security releases.

Distracted by security? Respectfully, this sound like something Microsoft would say.

Posted by: Mark on April 6, 2005 09:07 AM

"Users should move to Opera till everything comes back into line"

'Users' should move from whatever version they have up to the release version of 1.0.3, which shouldn't have any serious problems and any problems there are will be documented. The problems discussed here are problems with experimental pre-release builds - you're complaining about a nightmare of release control before there has actually been a release.

Posted by: michaell on April 6, 2005 09:16 AM

Error: aContent has no properties
Source File: chrome://downloadmgr/content/downloadtab.xml
Line: 282

Error: node has no properties
Source File: chrome://adblock/content/component.js
Line: 494

I think this two is not related to this release. It could be a bug in the extension

Posted by: Vladx on April 6, 2005 10:13 AM

Error: [Exception... "'Component does not have requested interface' when calling method: [nsIInterfaceRequestor::getInterface]" nsresult: "0x80004002 (NS_NOINTERFACE)" location: "JS frame :: chrome://browser/content/bookmarks/bookmarks.js :: anonymous :: line 1658" data: no]
Source File: chrome://browser/content/bookmarks/bookmarks.js
Line: 1658

Posted by: pd on April 6, 2005 10:30 AM

My Extensions: Foxy Tunes; Enhanced History Manager; Resize Search Box; Download Manager Tweak worked all well!

But if you want to "fix the root cause" i don't think the fix for bug 288006 (Drag image across browser windows) - as adressed in the first release of pre beta 1.0.3 - is a good fix. FF don't crashes anymore, but now it isn't possible to drag png or jpg images anymore as it was with the last working 1.0.3 beta additional to the not working gifs!

Actually it isn't an important bug, but i think it should be possible to drag a image to another window in FF!

Maybe this bug isn't in the focus anymore, as you moved to the javascript problem....

Posted by: OmaBuck# on April 6, 2005 11:14 AM

I don't get some of the commentary here. FF has a couple of bugs. Secunia has already posted advisories and testcase. The M$ crowd are winding up their "OPENSOURCE VIRAL-GPL EVIL FRENCH ALQAEDA INSURGENT BROWZER HAS ERRORZ!"

MoFo responded to the bugs in the way opensource is supposed to - patches the security bugs FAST and offers an RC (Not a release downloaded via AutoUpdate like M$ would have done with Automatic Updates).

Instead they get dogs abuse because it breaks extensions (not the main product).

This is the kind of thing M$ does - preserve functionality because marketing droids don't want to lose backwards compatibility but therefore preserving insecure parts of the system. XPSP2 was their first update which said - screw it, we're breaking it, "it's security stupid".

There is a case for this to be made 1.0.2a (not released to autoupdate and installer displays big fcuk off "if you have extensions they may break - if you care wait for 1.0.3") but this whining should stop right now. As a home user I can live without the gmail checker. As a corporate user I can tell you we want the bugs patched because we don't use extensions anyway. Neither do 24 out of 25million downloaders I suspect.

Posted by: Mark Dowling on April 6, 2005 12:48 PM

Ok, upon opening the latest 1.0.3 Firefox Win32 build, I'm getting these messages in my JavaScript console:

Error: getBrowser().contentDocument has no properties
Source File: chrome://ahb/content/ahb_overlay.js

Error: document.getElementById("ahb-button") has no properties
Source File: chrome://ahb/content/ahb_overlay.js

Error: document.getElementById("popupMenuExchange") has no properties
Soruce File: chrome://translation/content/popup.js

Error: document.getElementById("ahb-button") has no properties
Source File: chrome://ahb/content/ahb_overlay.js
(*** This message appears frequently ***)

So far my other extentions, like SwitchProxy, seem to be working without problem BUT I haven't done much with this Firefox build yet. I'm running Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050405 Firefox/1.0.3.

Peace...

Posted by: Tom on April 6, 2005 02:45 PM

Sorry about not posting line numbers above BUT when I first saw the errors, the right-click context menu didn't appear. :)

The ahb_overlay.js errors happened on lines 41 and 240. The popup.js error on line 50.

Peace...

Posted by: Tom on April 6, 2005 02:48 PM

When I open the Sage extension in a panel, I get this error message to JavaScript Console:

Error: searchBox has no properties
Source File: chrome://browser/content/browser.js Line: 3337

Fortunately this is the only error. That extension works for me. I use Windows 2000.

Posted by: Volunteer on April 6, 2005 03:40 PM

I tried it, and don't like the fact I cannot add anything to ADBLOCK. I hate ads that are moving, or flashing (gifs and Macromedia Flash ads) because they are distracting.

All of my other extensions seemed to still work.

The problem with ADBLOCK after the update, is the context menu to "adblock image" had no effect.

If I added the image source to the blocklist manually, the image was not blocked.

And Firefox 1.0.3 crashed on me. So I used GoBack DEluxe to revert to a time before I installed 1.0.3.

Adblock is one of the main reasons I use Firefox.

Please fix adblock.

Posted by: markofkane on April 6, 2005 04:44 PM

"Please fix adblock"

Thats what I'm talking about. I get you love adblock and can't live without it. But Mozilla DOESN'T make adblock. Its not their problem, and it shouldn't have to be. If you want it fixed, inform the person that makes it to fix it.

Posted by: Mike on April 6, 2005 05:43 PM

error: postamble is not defined. whatsit mean?

Posted by: teo on April 6, 2005 07:22 PM

Haven't looked at 1.0.3, don't intend to until it's released, but for all of you people using AdBlock, the little known obscure userchrome.css file that was floating about ages ago is a rather effective solution. I've used it for as long as I can recall. Haven't seen too many ads since then either. And the best part is you don't really notice it unless a site you visit was heavily infested with ads and they've been blocked out by the CSS filter. No need to sit around clicking on stuff to block them. They just block themselves.

Posted by: Samson on April 6, 2005 08:16 PM

Maybe I'm just lucky (though that's not likely, given my experience), but I'm using this build with 5 extensions, all of which appear to work properly. The four which seem most likely to have caused problems are:
Tab Mix 0.1.4
Session Saver .2 d1 * nightly 27 (fairly thoroughly tested)
Scrapbook 0.14.1 (only partially tested)
Findbar Basics 1.01
In addition, EM buttons 1.1.3 works properly. None of the extensions seem to have lost functionality, nor do they generate errors in the Javascript console (JS is enabled in the browser, the console is open,and javascript.options.showInConsole is set to "true".)

This latest nightly build of Firefox was installed directly over the old version 1.0.2, without removing either 1.0.2 of the profile which I am using.

Posted by: Crashman on April 6, 2005 08:26 PM

From my post at Mozillazine @ http://www.mozillazine.org/talkback.html?article=6343#8

"I don't know how difficult it would be but...IMHO, the ultimate solution would be (as a part of the pre-install routine) to have the setup routine check all of your installed extensions to get a report on which ones will work, won't work and might (unknown) work and then give the user the choice to upgrade."

After further consideration I propose that that the 1.0.3 release be delayed a little (1-2 weeks) to allow devs to update thier extensions. Perhaps during that time work on the pre-install routine above...if that is enough time to do it???

Just my $0.02 worth.

MorPob

Posted by: TechMason on April 6, 2005 08:46 PM

I don't know much about the code but does this involve essentially an API change? If so the current version number may be deceiving.

My less-than-two-cents,
Tsee

Posted by: Tsee on April 6, 2005 09:14 PM

Error: window._content has no properties
Source File: chrome://pagerankstatus/content/pagerankstatusOverlay.js
Line: 325

Error: isDocumentFrame is not defined
Source File: chrome://browser/content/browser.js
Line: 95

Error: isDocumentFrame is not defined
Source File: chrome://browser/content/browser.js
Line: 95

Mainly its the Line: 95 Error I get. I Disabled the Pagerankstatus extension.

Tried using Adblock Block Image with the right click and it worked for me. No crash. Blocked the image selected. In fact the images selected where added to my list in Preferences.

Even though I'm getting that Line:95 error. I haven't seen anything crash yet. NO real noticable effect. If I didn't have the JavaScript Console open I wouldn't know it was going on.

Also checked Cable Speed at DSL reports and Java worked well there also.

Thats it for now.

Posted by: Michael Paul on April 6, 2005 09:15 PM

I also was messing around with Movable Type. Saved a template and rebuilt it with these errors...

Error: e has no properties
Source File: http://www.jesustribe.org/mt/mt.js
Line: 120

Error: e has no properties
Source File: http://www.jesustribe.org/mt/mt.js
Line: 120

Then tried to click the "Syndicate this site (XML)" link and got this error...

Error: [Exception... "'Error: FlashGot can't handle http://www.jesustribe.org/blog/index.rdf' when calling method: [nsIURIContentListener::doContent]" nsresult: "0x8057001c (NS_ERROR_XPC_JS_THREW_JS_OBJECT)" location: "" data: no]

All these pages load and Firefox doesn't seem to have a problem with it. Its just errors in the console. Adblock seems to be working also. I added a linked image to a page and it was blocked by Adblock. Had to disable Adblock to view the image.

Peace

Posted by: Michael Paul on April 6, 2005 09:29 PM

I use the latest release of FireFtp and everything is OK. I also use the latest JsLIB (parts RDF and i/o File) for my own extension (in dev) and everything is allright too. That's ok for me :-).

Posted by: David on April 7, 2005 12:27 AM

> Thats what I'm talking about. I get you love adblock and can't live without it. But Mozilla DOESN'T make adblock. Its not their problem, and it shouldn't have to be. If you want it fixed, inform the person that makes it to fix it.

The problem is that with this patch in its current state that simply isn't possible...

Posted by: Anonymous on April 7, 2005 12:48 AM

Can someone explain what the security problem is? And how an extension developer could code around this change?

Posted by: Matthew Wilson on April 7, 2005 01:44 AM

It's wrong to say that Extensions aren't Mozilla's problem. Mozilla created (and heavily promoted) the Extensions system, so if they've made changes that break extensions, it IS Mozilla's duty to fix that.

Posted by: Dan100 on April 7, 2005 02:07 AM

Is there a page on mozilla.org that tells extension developers what to avoid?

My company's extension (Pearl Comments) seems to work, although I did not do a full QA cycle.

I also checked SpellBound 0.7.3 a little bit; seems OK. I did see one uncaught exception but I'm not sure it is related to the fixes being discussed here:
Error: uncaught exception: [Exception... "Component returned failure code: 0x80004003 (NS_ERROR_INVALID_POINTER) [nsIEditorSpellCheck.GetNextMisspelledWord]" nsresult: "0x80004003 (NS_ERROR_INVALID_POINTER)" location: "JS frame :: chrome://spellbound/content/EdSpellCheck.js :: NextWord :: line 275" data: no]

Tested with: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050405 Firefox/1.0.3

Posted by: Kathleen Brade on April 7, 2005 06:53 AM

@Mike :

> My thoughts on adblock aside, it hasn't been updated in 7 months
And what's the problem with that?!? Here's how I see things : if the program I'm using is stable, does what I want it to, does it reasonably well and does not expose me to various threats - I'll keep using the version I already have, there's simply no reason for me to upgrade. If the program I'm writing is stable, does what users want it to do, does it reasonably well and does not expose those users to various threats - I won't release a new version, there's simply no reason to do so! So, 7 months without updates seems perfectly normal to me. Moreover - that's the way I like it. I simply don't have time to update software twice a week!

> Shouldn't really be firefox development teams problem that their fixes
> and improvements don't work so well anymore with an extension that hasn't
> been updated in that long.
If a company, whose product is in turn used by 3rd party ISVs as a platform, will keep breaking 3rd party apps on a regular basis, it'll find out before long that it's fresh out of friends. Fx extensions devs don't get paid by the hour to keep patching their extensions every fortnight to maintain Fx compatibility. They have other things to do - like make a living for instance.

Posted by: Anon on April 8, 2005 04:16 AM

I'll try the new FF. I can't get to my extensions anyway thanks to
adblock.

Posted by: Milt on April 11, 2005 07:06 PM


Once a security hole is discovered, it takes less and less time for an "exploit" to appear. And I can't imagine a worse scenario for Mozilla Firefox. Just think: "Firefox has more security flaws than Explorer" (already published!) or, even worse, "thousands of computers down because of freeware 'hobby' browser flaws".

If the developers of (some) extensions have to redo their stuff, so be it. We canīt leave known holes in the system just because an extension breaks. If some extension is VERY important, how about 'ROUND TWO' taking over its maintenance?

Make a list of extensions affected or unaffected by the change, as the case may be. Make it known. Send a form e-mail to the authors in the extension mirrors.

Donīt make extensions 'break' just because the browser gives a different ID number to the extension. Surely if an extension CAN run, a workaround must be devised to allow it to install...'Spoof' the browser ID to the extension.

Posted by: jmillar on April 12, 2005 11:36 AM

Post a comment