spreadfirefox passes 100,000 users || MAIN || final (hopefully) 1.0.4 candidates

May 10, 2005

more 1.0.4 candidate builds

We've got another round of 1.0.4 candidate builds that could use testing. These builds contain the security fixes and the fix for a DHTML regression we shipped in 1.0.3. Please let me know if you run into any problems with these builds that don't exist in 1.0.3. Thanks.

Windows
Mac
Linux

We've confirmed that this solves the security issue so if you're looking for ways to help out, testing to make sure all your favorite websites still look and function correctly, plus if you've got time running through the Firefox basic functional tests as described here would be a great place to start.

Posted by asa at May 10, 2005 11:45 PM
Comments

Dead link again? ;-)

Posted by: minghong on May 11, 2005 12:11 AM

How about fixing the graphics stuff? Pages with graphics are extremely slow, and some pages with animated gif's take 60% of cpu (2.5Ghz Athlon64)... ;) I'd say the graphics issues should be high priority....

Posted by: Scyphe on May 11, 2005 12:36 AM

I was one of the people who was hit hard by the DHTML regression. Seems to work now. Thanks for the quick fix.

Posted by: chregu on May 11, 2005 01:16 AM

Scyphe, preformance issues are not likely to be fixed in these minor releases.

Posted by: minghong on May 11, 2005 01:19 AM

minghong: Didn't Asa just say they fixed one? (A performance issue?)

Posted by: David Naylor on May 11, 2005 02:26 AM

links not dead, but some mirrors haven't catched up yet. try again.

Posted by: testboy on May 11, 2005 03:24 AM

FWIW, I ran yesterday's candidate build for a few hours yesterday, and have been running this newer build for a couple of hours of normal browsing today, and haven't hit any problems. Don't think I'm going to have time to do the smoketest stuff until it's too late...

Posted by: michaell on May 11, 2005 03:51 AM

The Windows build is vulnerable to one of the variations of the frame XSS hole. https://bugzilla.mozilla.org/show_bug.cgi?id=290982#c20

Posted by: Jesse Ruderman on May 11, 2005 04:08 AM

firefox-1.0.4.en-US.mac.dmg 11-May-2005 00:35 8.7M
-- from your link above
-- no mountable file system

Im doing OK with the in-between Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050510 Firefox/1.0.4

Posted by: Hank Roberts on May 11, 2005 04:39 AM

A second try at firefox-1.0.4.en-US.mac.dmg 11-May-2005 00:35 8.7M
did download a usable app, a few minutes later.

Posted by: Hank Roberts on May 11, 2005 04:42 AM

One of the primary mirrors didn't have the file when I tried to download an hour or two ago. I had to edit the URL and change ftp.mozilla.org to my favorite mirror, mozilla.oregonstate.edu, for the download to work.

Posted by: Jesse Ruderman on May 11, 2005 04:50 AM

ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2005-05-10-22-aviary1.0.1/

link works.

Posted by: Trif on May 11, 2005 05:52 AM

Found a problem, if I have setting "allow WEBSITES to install software" off. Updating extensions fails, the download updates dialog just sits there doing nothing forever.

Posted by: Krane on May 11, 2005 05:56 AM

Dead link....

Posted by: sven m on May 11, 2005 06:15 AM

Krane I get that with this build also, but I think I also had that problem with 1.0.3.

Posted by: Adam on May 11, 2005 06:18 AM

Neither this build or yesterday's will even start up for me on Win98 SE. The process starts but no window appears. I wonder if it's something to do with the build lacking xpcom_core.dll. (The April 21st nightly works fine for me and the presence of that file is the only significant difference I can notice.)

Posted by: Ben Sizer on May 11, 2005 06:30 AM

Possibly... but due to these exploits every website tells everyone to disable the setting, next time they try to update their extensions/themes? they run into this. So I think this is now a lot bigger problem than it is in 1.0.3.
Besides, the setting only speaks of websites..., that doesn't make it any easier to figure out the problem for the layman.

Posted by: Krane on May 11, 2005 06:41 AM

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050510 Firefox/1.0.4
firefox/nightly/2005-05-10-22-aviary1.0.1/firefox-1.0.4.en-US.win32.zip

No problems so far.

XPI installs work for me on this build, same as Firefox 1.0.3

(If Tools > Options > Web Features > "Allow Websites to install software" is UNchecked, you'll get a yellow toolbar with the message that software installation is currently disabled, then you'll need to click the "Edit Options" button to enable (and add the site to the allowed list if necessary) just like in Fx 1.0.3)

Posted by: Alice W. on May 11, 2005 06:59 AM

> Found a problem, if I have setting "allow WEBSITES to install software" off.
> Updating extensions fails, the download updates dialog just sits there doing
> nothing forever.

I also see this behavior on the latest rc: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050510 Firefox/1.0.4

It's not a big deal. When I turned it back on, updating an extension worked correctly. So far, no problems that I can see. Looks great. Keep up the good work!

Posted by: Dave W on May 11, 2005 07:06 AM

i can't download Firefox 1.0.4

Posted by: TuanHoang on May 11, 2005 07:11 AM

Does anybody have some test links where the vulnerablity is?

Also @ ASA, if i install Ff, without any menu links or desktops, it still spawns a firefox group in start.

Nothing big, but it still would be easy to fix it :-)

nothing broken over here (so far)

Posted by: Da Dude on May 11, 2005 07:52 AM

Tested both

http://greyhatsecurity.org/vulntests/ffrc.htm
&
http://illmob.org/files/0day/firefox-download-and-execute.html

don't know what you normaly get, but i did get nothing :-)

Posted by: Da Dude on May 11, 2005 08:01 AM

> Found a problem, if I have setting "allow WEBSITES to install software" off.
> Updating extensions fails, the download updates dialog just sits there doing
> nothing forever.

I don't see this problem. With the "allow WEBSITES to install software" checkbox off, the download manager works perfectly.

Using:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050510 Firefox/1.0.4

Posted by: feranick on May 11, 2005 09:23 AM

Installed lasted 1.04 release over a recent 1.1 beta
Started firefox but could not click on any buttons (Except the update button which worked). All textbox such as search & url bar would not receive focus.

The Right click shows popup menus.

Left click the icon in search bar shows list of search types but the list is shown on the far left of the screen and too low.

I am running Windows XP SP2 with all updates.
After a long delay (30 40 seconds) the title bar showed the text of the website between the HTML title tags, but that was as far as it went.

I uninstalled, reinstalled and rebooted with no luck

Posted by: Brian on May 11, 2005 09:49 AM

Brian, backup your profile, rename it and try again with a clean profile. The nightly probably corrupted your profile.

Posted by: feranick on May 11, 2005 10:02 AM

I've been using the Linux version since last night, and I haven't had any problems with it.

Posted by: Myk Melez on May 11, 2005 10:30 AM

Ben Sizer, try uninstalling and deleting the program (not profile) directory. I had the same problem last month. I think it was cruft from a very old version, back when DOM Inspector appeared in the extension list.

http://forums.mozillazine.org/viewtopic.php?t=246955

Posted by: colfer on May 11, 2005 10:48 AM

Are we turning into a stupid corporation or why is an extremely important security fix bundled with something else? With a remote execution vulnerability on millions of systems, you'd think the MoFo would scramble to get the security bug fixed ASAP without hold-ups by other bugfixes.

Posted by: name on May 11, 2005 10:54 AM

What was the DHTML regression in 1.0.3?

Posted by: David Rothenberger on May 11, 2005 10:56 AM

Installed 1.04 after uninstalling 1.03. No problems. I run the following extensions.

Download Statusbar .92
Translate 0.6.0.4
MAF 0.4.3
downTHEMall 0.9.4
Wayback 0.1.1
Copy Plain Text 0.3.1
Add Bookmark Here 0.5.3
Configuration Mania
fire ftp
xmirror
miniT
Chromedit
ieview
undoclosetabl
about site
sessionsaver .2 di nightly 27 (Pike)


Posted by: BKeisler on May 11, 2005 10:58 AM

> What was the DHTML regression in 1.0.3?

I believe it was this one:

https://bugzilla.mozilla.org/show_bug.cgi?id=290777

290777 - Regression in defining getters on prototypes in content script

Posted by: Dave W on May 11, 2005 11:30 AM

Stil the link is death

Posted by: sven m on May 11, 2005 11:37 AM

Running very smooth on XP SP2
No extentions or themes broke here.
ADBLOCK
TINY URL
SPELLBOUND
FLASHBLOCK
Tab Browser Preferences
Dictionay Search
Forecast Fox
Compact Menu
IE VIEW
DerBrowser Timer
Disable Targets To Download

Posted by: xrayspex on May 11, 2005 11:58 AM

3 dead links to the RC's from this post "more 1.0.4 candidate builds"

Posted by: albyxx on May 11, 2005 12:22 PM

Colfer, I always install into a fresh directory. And, cruft or not, xpcom_core.dll came with the nightly build little more than 3 weeks ago, so it's not that old.

Perhaps it's a profile issue instead, but I'm not going to wipe my profile and start again for a supposed security fix! Has anybody else got this build to run on Win 98 SE?

Posted by: Ben Sizer on May 11, 2005 01:30 PM

Name, I do not see the release held up by other bug fixes. The DHTML fix was checked in April 20, just after 1.0.3, in case of a 1.0.4 release. The check-ins this week are continuing work on security issues. The last one was two hours ago.

Posted by: colfer on May 11, 2005 01:36 PM

Ben Sizer, the xpcom_core.dll issue was really mysterious for me even after a lot of forum searching and Googling. I'm guessing about whether it is cruft, etc. But I did fix it by wiping the program directory, and the DOM Inspector is no longer in the Extension window, where it did not belong. I'll check Win98SE later today. Create a new profile! You've go to try that at least.

Posted by: colfer on May 11, 2005 01:45 PM

bookmarks are lost when I close it, dose not close automaticaly anymore.

Posted by: Robert on May 11, 2005 02:41 PM

I just download a build of 1.0.4 from ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2005-05-10-22-aviary1.0.1/ suggested by Trif above. I am by no means a Guru but the build seems to work fine so far. I even downloaded updates to three extensions I have installed and all my extensions are working for now. I will, of course, replace this build with the "official" version when it is released but am satisfied for now. If problems develop, I'll let you know. Thanks for the quick work. I learned about the problem from a Kim Komando newsletter I take this morning and have a build that fixed the problem by this afternoon. Let Microsoft beat that!!!

Posted by: foxman on May 11, 2005 03:34 PM

Post a comment